800-53|AU-9(3)

Title

CRYPTOGRAPHIC PROTECTION

Description

The information system implements cryptographic mechanisms to protect the integrity of audit information and audit tools.

Supplemental

Cryptographic mechanisms used for protecting the integrity of audit information include, for example, signed hash functions using asymmetric cryptography enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the secret key used to generate the hash.

Reference Item Details

Related: AU-10,SC-12,SC-13

Category: AUDIT AND ACCOUNTABILITY

Parent Title: PROTECTION OF AUDIT INFORMATION

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 UBTU-24-90890UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.9 IBMW-LS-000320UnixCIS IBM WebSphere Liberty Server STIG v1.0.0 CAT II
1.33 AZLX-23-001070UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.38 SOL-11.1-020080UnixCIS Solaris 11 X86 STIG v1.0.0 CAT II
1.39 PHTN-40-000092UnixCIS VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1.0.0 CAT I
1.39 SOL-11.1-020080UnixCIS Solaris 11 SPARC STIG v1.0.0 CAT II
1.50 RHEL-10-200631UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT I
1.115 UBTU-22-651030UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.134 OL09-00-000710UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.138 APPL-26-005001UnixCIS Apple macOS 26 Tahoe STIG v1.0.0 CAT I
1.139 APPL-14-005001UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT I
1.150 SLES-15-030630UnixCIS SUSE Linux Enterprise Server 15 STIG v1.0.0 CAT II
1.152 SOL-11.1-060180UnixCIS Solaris 11 X86 STIG v1.0.0 CAT III
1.154 SOL-11.1-060180UnixCIS Solaris 11 SPARC STIG v1.0.0 CAT III
1.274 OL08-00-030650UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.354 RHEL-09-651025UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.438 ALMA-09-056890UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
5.1 - Storage Administrative System Auditing - Log Forwarding protocol tcp-encryptedNetapp_APINetApp Security Hardening Guide for ONTAP 9 v1.7.0
6.1.4 Ensure AIDE is configured to use cryptographic mechanisms to protect the integrity of audit toolsUnixCIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG
6.1.15 Ensure the file permissions ownership and group membership of system files and commands match the vendor valuesUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
6.1.15 Ensure the file permissions ownership and group membership of system files and commands match the vendor valuesUnixCIS Amazon Linux 2 STIG v2.0.1 STIG
18.9.17.1 Ensure 'Enable / disable CLFS logfile authentication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 v5.0.0 L1 MS
18.9.17.1 Ensure 'Enable / disable CLFS logfile authentication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2025 v2.0.0 L1 DC
18.9.17.1 Ensure 'Enable / disable CLFS logfile authentication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2025 v2.0.0 L1 MS
18.9.17.1 Ensure 'Enable / disable CLFS logfile authentication' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL
18.9.17.1 Ensure 'Enable / disable CLFS logfile authentication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 v5.0.0 L1 DC
18.9.17.1 Ensure 'Enable / disable CLFS logfile authentication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 v5.0.0 L1 MS
18.9.17.1 Ensure 'Enable / disable CLFS logfile authentication' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v5.0.1 L1
18.9.17.1 Ensure 'Enable / disable CLFS logfile authentication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 v5.0.0 L1 DC
18.9.17.1 Ensure 'Enable / disable CLFS logfile authentication' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL
18.9.17.1 Ensure 'Enable / disable CLFS logfile authentication' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v5.0.0 L1
18.9.17.1 Ensure 'Enable / disable CLFS logfile authentication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 Stand-alone v2.0.0 L1 MS
AIX7-00-002028 - AIX must verify the hash of audit tools.UnixDISA IBM AIX 7.x STIG v3r2
ALMA-09-056890 - AlmaLinux OS 9 must use cryptographic mechanisms to protect the integrity of audit tools.UnixDISA Cloud Linux AlmaLinux OS 9 STIG v1r6
APPL-14-005001 - The macOS system must ensure System Integrity Protection is enabled.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-15-005001 - The macOS system must ensure System Integrity Protection is enabled.UnixDISA Apple macOS 15 Sequoia STIG v1r7
APPL-26-005001 - The macOS system must ensure System Integrity Protection (SIP) is enabled.UnixDISA Apple macOS 26 Tahoe STIG v1r2
AZLX-23-001070 - Amazon Linux 2023 must use cryptographic mechanisms to protect the integrity of audit tools.UnixDISA Amazon Linux 2023 STIG v1r3
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Protect Audit Integrity with Cryptographic MechanismsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Protect Audit Integrity with Cryptographic MechanismsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Protect Audit Integrity with Cryptographic MechanismsUnixNIST macOS Big Sur v1.4.0 - All Profiles