800-53|SC-8(1)

Title

CRYPTOGRAPHIC OR ALTERNATE PHYSICAL PROTECTION

Description

The information system implements cryptographic mechanisms to [Selection (one or more): prevent unauthorized disclosure of information; detect changes to information] during transmission unless otherwise protected by [Assignment: organization-defined alternative physical safeguards].

Supplemental

Encrypting information for transmission protects information from unauthorized disclosure and modification. Cryptographic mechanisms implemented to protect information integrity include, for example, cryptographic hash functions which have common application in digital signatures, checksums, and message authentication codes. Alternative physical security safeguards include, for example, protected distribution systems.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SC-13

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: TRANSMISSION CONFIDENTIALITY AND INTEGRITY

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.2.6 Ensure 'Enable RPC encryption' is set to Enabled	Windows	CIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.1.2.6 Ensure 'Enable RPC encryption' is set to Enabled	Windows	CIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.1.4 Ensure that the --kubelet-https argument is set to true	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.5 Ensure that the --kubelet-https argument is set to true	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.6 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.7 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.8 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.20 Ensure that the --kubelet-https argument is set to true	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.2.2 Set 'transport input ssh' for 'line vty' connections	Cisco	CIS Cisco IOS 12 L1 v4.0.0
1.2.3 Ensure that the --kubelet-https argument is set to true	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.4 Use https for kubelet connections	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.5 Ensure valid certificate is set for browser-based administrator interface	Palo_Alto	CIS Palo Alto Firewall 11 v1.1.0 L2
1.2.16 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.16 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.18 Ensure that the --secure-port argument is not set to 0	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.19 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.24 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate	Unix	CIS Kubernetes v1.10.0 L1 Master
1.2.25 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes v1.10.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.27 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.29 Ensure that the --client-ca-file argument is set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.30 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.30 Ensure that the --etcd-cafile argument is set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS CentOS Linux 8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Fedora 28 Family Linux Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS CentOS Linux 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Fedora 28 Family Linux Workstation L1 v2.0.0
1.10.1 (L1) Ensure 'Allow Basic authentication for HTTP' is set to 'Disabled'	Windows	CIS Microsoft Edge v3.0.0 L1
1.10.3 (L2) Ensure 'Supported authentication schemes' is set to 'Enabled: ntlm, negotiate'	Windows	CIS Microsoft Edge v3.0.0 L2
1.12 Ensure 'Internet-facing receive connectors' is set to 'Tls, BasicAuth, BasicAuthRequireTLS'	Windows	CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0
1.13.2.3 Ensure 'Do not provide Continue option on Encryption warning dialog boxes' is set to Enabled	Windows	CIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.3 Ensure 'Do not provide Continue option on Encryption warning dialog boxes' is set to Enabled	Windows	CIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.6 Ensure 'S/MIME interoperability with external clients' is set to Enabled:Handle internally	Windows	CIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.6 Ensure 'S/MIME interoperability with external clients' is set to Enabled:Handle internally	Windows	CIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.7 Ensure 'S/MIME receipt requests behavior' is set to Enabled:Never send S/MIME receipts	Windows	CIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.7 Ensure 'S/MIME receipt requests behavior' is set to Enabled:Never send S/MIME receipts	Windows	CIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.8 Ensure 'Send all signed messages as clear signed messages' is set to Enabled	Windows	CIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.8 Ensure 'Send all signed messages as clear signed messages' is set to Enabled	Windows	CIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.9 Ensure 'Signature Warning' is set to Enabled:Always warn about invalid signatures	Windows	CIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.9 Ensure 'Signature Warning' is set to Enabled:Always warn about invalid signatures	Windows	CIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.8 Ensure 'Do not automatically sign replies' is set to Enabled	Windows	CIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.8 Ensure 'Do not automatically sign replies' is set to Enabled	Windows	CIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.17 Ensure CloudFront to Origin connection is configured using TLS1.1+ as the SSL\TLS protocol	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0

Detections

Analytics