800-53|SC-8(2)

Title

PRE / POST TRANSMISSION HANDLING

Description

The information system maintains the [Selection (one or more): confidentiality; integrity] of information during preparation for transmission and during reception.

Supplemental

Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission or during reception including, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AU-10

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: TRANSMISSION CONFIDENTIALITY AND INTEGRITY

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
5.3.1 Ensure SSH is installed	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.2 Ensure SSH is running	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
20.54 Ensure 'Protection methods such as TLS, encrypted VPN's, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS
20.54 Ensure 'Protection methods such as TLS, encrypted VPN's, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
AOSX-13-000035 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - OpenSSH version	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD currently running	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD service disabled	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
APPL-11-000011 - The macOS system must disable the SSHD service.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000011 - The macOS system must disable the SSHD service.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-14-000080 - The macOS system must enable SSH server for remote access sessions.	Unix	DISA Apple macOS 14 (Sonoma) STIG v1r2
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Server v2r7 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Server v2r3
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Server v2r3 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Server v2r3
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Server v2r3 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Server v2r7 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions.	Unix	DISA STIG Apache Server 2.4 Unix Server v2r7
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Site v2r1 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Site v2r1
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Site v2r2
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Site v2r1 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Site v2r1
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Site v2r2
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol	Windows	DISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol	Windows	DISA STIG Apache Server 2.4 Windows Server v2r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngine	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocol	Windows	DISA STIG Apache Server 2.4 Windows Site v1r3
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocol	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
Catalina - Enable SSH for Remote Access Sessions	Unix	NIST macOS Catalina v1.5.0 - All Profiles
DB2X-00-009100 - DB2 must maintain the confidentiality and integrity of information during preparation for transmission.	Unix	DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-009100 - DB2 must maintain the confidentiality and integrity of information during preparation for transmission.	Windows	DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-009200 - DB2 must maintain the confidentiality and integrity of information during reception.	Windows	DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-009200 - DB2 must maintain the confidentiality and integrity of information during reception.	Unix	DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DKER-EE-001050 - TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v1r1
DKER-EE-001050 - TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
EP11-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission.	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r3
EP11-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission.	PostgreSQLDB	EDB PostgreSQL Advanced Server v11 DB Audit v2r3
EP11-00-009600 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during reception.	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r3
EP11-00-009600 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during reception.	PostgreSQLDB	EDB PostgreSQL Advanced Server v11 DB Audit v2r3
EPAS-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission.	Unix	EnterpriseDB PostgreSQL Advanced Server OS Linux v1r1
EPAS-00-009600 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during reception.	PostgreSQLDB	EnterpriseDB PostgreSQL Advanced Server DB v1r1

Detections

Analytics