800-53|AC-18(1)

Title

AUTHENTICATION AND ENCRYPTION

Description

The information system protects wireless access to the system using authentication of [Selection (one or more): users; devices] and encryption.

Reference Item Details

Related: SC-13,SC-8

Category: ACCESS CONTROL

Parent Title: WIRELESS ACCESS

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2 Ensure intra-zone traffic is not always allowedFortiGateCIS Fortigate 7.0.x v1.4.0 L1
1.2.1 Ensure 'Domain Name' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Host Name' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.3 Ensure 'Failover' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interfacePalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Ensure 'Unused Interfaces' is disableCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTPPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - TelnetPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - CertificatesPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L2
1.3 Disable all management related services on WAN portFortiGateCIS Fortigate 7.0.x v1.4.0 L1
1.3.1 Pre-authentication BannerCiscoCIS Cisco NX-OS v1.2.0 L1
1.3.2 Ensure 'Image Authenticity' is correctCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.3.2 Post-authentication BannerCiscoCIS Cisco NX-OS v1.2.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Failed AttemptsPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Lockout TimePalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L2 v1.1.0
1.4.3.1 Ensure 'aaa authentication enable console' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.3.2 Ensure 'aaa authentication http console' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.3.3 Ensure 'aaa authentication secure-http-client' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.3.4 Ensure 'aaa authentication ssh console' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.4.1 Ensure 'aaa command authorization' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.4.2 Ensure 'aaa authorization exec' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.5.1 Ensure 'aaa accounting command' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.5.3 Ensure 'aaa accounting for EXEC mode' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.7.1 Pre-authentication BannerCiscoCIS Cisco IOS XR 7.x v1.0.1 L1
1.7.2 Disable iPXE (Pre-boot eXecution Environment)CiscoCIS Cisco NX-OS v1.2.0 L2
1.19 OL09-00-000046UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.47 SLES-15-010380UnixCIS SUSE Linux Enterprise Server 15 STIG v1.0.0 CAT II
1.65 APPL-14-002009UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT II
1.65 APPL-26-002009UnixCIS Apple macOS 26 Tahoe STIG v1.0.0 CAT II
1.115 APPL-26-002271UnixCIS Apple macOS 26 Tahoe STIG v1.0.0 CAT II
1.138 SOL-11.1-050480UnixCIS Solaris 11 X86 STIG v1.0.0 CAT II
1.140 SOL-11.1-050480UnixCIS Solaris 11 SPARC STIG v1.0.0 CAT II
1.145 APPL-26-005058UnixCIS Apple macOS 26 Tahoe STIG v1.0.0 CAT II
1.146 APPL-14-005058UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT II
1.264 RHEL-09-291035UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.265 RHEL-09-291040UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.305 OL08-00-040110UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.306 OL08-00-040111UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.333 ALMA-09-043250UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
1.358 RHEL-10-700860UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT II
1.359 RHEL-10-700870UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT II
1.420 OL09-00-006001UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II