Detections
Analytics

800-53|SC-13

Title

CRYPTOGRAPHIC PROTECTION

Description

The information system implements [Assignment: organization-defined cryptographic uses and type of cryptography required for each use] in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Supplemental

Cryptography can be employed to support a variety of security solutions including, for example, the protection of classified and Controlled Unclassified Information, the provision of digital signatures, and the enforcement of information separation when authorized individuals have the necessary clearances for such information but lack the necessary formal access approvals. Cryptography can also be used to support random number generation and hash generation. Generally applicable cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography. This control does not impose any requirements on organizations to use cryptography. However, if cryptography is required based on the selection of other security controls, organizations define each type of cryptographic use and the type of cryptography required (e.g., protection of classified information: NSA-approved cryptography; provision of digital signatures: FIPS-validated cryptography).

Reference Item Details

Related: AC-17,AC-18,AC-2,AC-3,AC-7,AU-10,AU-9,CM-11,CP-9,IA-3,IA-7,MA-4,MP-2,MP-4,MP-5,SA-4,SC-12,SC-28,SC-8,SI-7

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.5.2 Set 'Domain member: Digitally sign secure channel data (when possible)' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.5.3 Set 'Domain member: Digitally encrypt secure channel data (when possible)' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.5.5 Set 'Domain member: Digitally encrypt or sign secure channel data (always)' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.7.2 Set 'Microsoft network client: Digitally sign communications (always)' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.7.3 Set 'Microsoft network client: Digitally sign communications (if server agrees)' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.8.3 Set 'Microsoft network server: Digitally sign communications (if client agrees)' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.8.5 Set 'Microsoft network server: Digitally sign communications (always)' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.14.2 Set 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.30 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.39 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.2 Enable SSH (sshd_enable)UnixCIS FreeBSD v1.0.5
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPSWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443WindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Auth ProviderWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Authentication ProviderWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
1.5.9 Ensure NIST FIPS-validated cryptography is configuredUnixCIS Amazon Linux 2 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - etcUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - grubUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - procUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - rpmUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.12 Ensure App Tier ELB have SSL\TLS Certificate attachedamazon_awsCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0
1.12 Set 'External send connector authentication: Domain Security' to 'True'WindowsCIS Microsoft Exchange Server 2013 Edge v1.1.0
1.12 Set 'External send connector authentication: Domain Security' to 'True'WindowsCIS Microsoft Exchange Server 2016 Edge v1.0.0
1.13.2.4 Ensure 'Message Formats' is set to Enabled:S/MIME and FortezzaWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.4 Ensure 'Message Formats' is set to Enabled:S/MIME and FortezzaWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.16 Ensure all S3 buckets have policy to require server-side and in transit encryption for all objects stored in bucket.amazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
1.19 APPL-14-000054UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT I
1.20 APPL-14-000057UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT I
1.57 (L2) Ensure 'Allow users to proceed from the HTTPS warning page' is set to 'Disabled'WindowsCIS Microsoft Edge v4.0.0 L2
1.101 UBTU-24-600030UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT I
1.159 WN16-DC-000140WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.160 WN19-DC-000140WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.160 WN22-DC-000140WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.179 UBTU-22-671010UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT I
1.215 WN10-SO-000190WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.221 WN10-SO-000230WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.234 WN16-SO-000350WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.234 WN16-SO-000350WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.236 WN19-SO-000290WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.236 WN19-SO-000290WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.236 WN22-SO-000290WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.236 WN22-SO-000290WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.241 WN16-SO-000430WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.241 WN16-SO-000430WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.243 WN19-SO-000360WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.243 WN19-SO-000360WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.243 WN22-SO-000360WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.243 WN22-SO-000360WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.446 RHEL-09-671010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I
1.450 RHEL-09-672020UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I