800-53|MA-4(6)

Title

CRYPTOGRAPHIC PROTECTION

Description

The information system implements cryptographic mechanisms to protect the integrity and confidentiality of nonlocal maintenance and diagnostic communications.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SC-13,SC-8

Category: MAINTENANCE

Parent Title: NONLOCAL MAINTENANCE

Family: MAINTENANCE

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
5.043 - Terminal Services is not configured with the client connection encryption set to the required level.	Windows	DISA Windows Vista STIG v6r41
AMLS-NM-000340 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications - api http	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r4
AMLS-NM-000340 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications - api https	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r4
AMLS-NM-000340 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications - telnet	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r4
AMLS-NM-000350 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications - api http	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r4
AMLS-NM-000350 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications - api https	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r4
AMLS-NM-000350 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications - telnet	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r4
AOSX-13-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000605 - The macOS system must not use telnet.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections..	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-000011 - The macOS system must disable the SSHD service.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000011 - The macOS system must disable the SSHD service.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000054 - The macOS system must implement approved ciphers to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000054 - The macOS system must implement approved ciphers to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-12-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-13-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-13-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-13-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-13-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-13-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-13-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-14-000054 - The macOS system must limit SSHD to FIPS-compliant connections.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-15-000054 - The macOS system must limit SSHD to FIPS-compliant connections.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
ARST-ND-000690 - The Arista network devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions.	Arista	DISA STIG Arista MLS EOS 4.2x NDM v2r1
ARST-ND-000700 - The Arista network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.	Arista	DISA STIG Arista MLS EOS 4.2x NDM v2r1
Big Sur - Configure SSHD to Use Secure Key Exchange Algorithms	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms	Unix	NIST macOS Big Sur v1.4.0 - All Profiles

Detections

Analytics

800-53|MA-4(6)

Title

Description

Reference Item Details

Audit Items