800-53|IA-3(1)

Title

CRYPTOGRAPHIC BIDIRECTIONAL AUTHENTICATION

Description

The information system authenticates [Assignment: organization-defined specific devices and/or types of devices] before establishing [Selection (one or more): local; remote; network] connection using bidirectional authentication that is cryptographically based.

Supplemental

A local connection is any connection with a device communicating without the use of a network. A network connection is any connection with a device that communicates through a network (e.g., local area or wide area network, Internet). A remote connection is any connection with a device communicating through an external network (e.g., the Internet). Bidirectional authentication provides stronger safeguards to validate the identity of other devices for connections that are of greater risk (e.g., remote connections).

Reference Item Details

Related: SC-12,SC-13,SC-8

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: DEVICE IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.9.1.1 Ensure 'NTP authentication' is enabledCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.11 Ensure Web Tier ELB is using HTTPS listeneramazon_awsCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0
1.14 Ensure App Tier ELB is using HTTPS listeneramazon_awsCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0
1.14 VCSA-80-000077VMwareCIS VMware vSphere 8.0 vCenter STIG v1.0.0 CAT I
1.17 CISC-ND-001130CiscoCIS Cisco IOS XR Router NDM STIG v1.0.0 CAT II
1.19 CISC-ND-001150CiscoCIS Cisco IOS XR Router NDM STIG v1.0.0 CAT II
1.26 CISC-ND-001130CiscoCIS Cisco NX OS Switch NDM STIG v1.1.0 CAT II
1.28 CISC-ND-001150CiscoCIS Cisco NX OS Switch NDM STIG v1.1.0 CAT II
1.28 VCSA-80-000253VMwareCIS VMware vSphere 8.0 vCenter STIG v1.0.0 CAT II
1.29 VCSA-80-000265VMwareCIS VMware vSphere 8.0 vCenter STIG v1.0.0 CAT II
1.30 CISC-ND-001130CiscoCIS Cisco IOS Switch NDM STIG v1.1.0 CAT II
1.30 CISC-ND-001130CiscoCIS Cisco IOS XE Switch NDM STIG v1.1.0 CAT II
1.32 CISC-ND-001150CiscoCIS Cisco IOS Switch NDM STIG v1.1.0 CAT II
1.32 CISC-ND-001150CiscoCIS Cisco IOS XE Switch NDM STIG v1.1.0 CAT II
1.132 WN10-CC-000165WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.192 WN16-MS-000040WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.194 WN19-MS-000040WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.194 WN22-MS-000040WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.214 WN16-SO-000110WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.214 WN16-SO-000110WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.216 WN19-SO-000090WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.216 WN19-SO-000090WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.216 WN22-SO-000090WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.216 WN22-SO-000090WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.277 ALMA-09-035550UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGONWindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGONWindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOLWindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOLWindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'WindowsCIS Windows Server 2012 DC L1 v3.0.0
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'WindowsCIS Windows Server 2012 MS L1 v3.0.0
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'WindowsCIS Microsoft Windows Server 2016 v4.0.0 L1 MS
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'WindowsCIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'WindowsCIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'WindowsCIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'WindowsCIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L1 MS
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1