CCI|CCI-000068

Title

Implement cryptographic mechanisms to protect the confidentiality of remote access sessions.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.5.9 Ensure NIST FIPS-validated cryptography is configured - etcUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - grubUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - procUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - rpmUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.061 - Unencrypted remote access is permitted to system services.WindowsDISA Windows Vista STIG v6r41
5.3.16 Ensure only FIPS 140-2 ciphers are used for SSHUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.043 - Terminal Services is not configured with the client connection encryption set to the required level.WindowsDISA Windows Vista STIG v6r41
AIOS-12-001000 - Apple iOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store].MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-001000 - Apple iOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store].MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-12-001300 - Apple iOS must not include applications with the following characteristics: Siri when the device is locked.MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-001300 - Apple iOS must not include applications with the following characteristics: Siri when the device is locked.MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-13-001000 - Apple iOS/iPadOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store].MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-001000 - Apple iOS/iPadOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store].MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-001300 - Apple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-001300 - Apple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-14-001000 - Apple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r3
AIOS-14-001000 - Apple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r3
AIX7-00-002104 - The AIX SSH server must use SSH Protocol 2.UnixDISA STIG AIX 7.x v3r1
AIX7-00-003100 - The AIX SSH daemon must be configured to only use FIPS 140-2 approved ciphers.UnixDISA STIG AIX 7.x v3r1
AOSX-13-000035 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000056 - The macOS system must implement an approved Key Exchange Algorithm.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - OpenSSH versionUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD currently runningUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD service disabledUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000056 - The macOS system must implement an approved Key Exchange Algorithm.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections..UnixDISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.UnixDISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000056 - The macOS system must implement an approved Key Exchange Algorithm.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000054 - The macOS system must implement approved ciphers to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000054 - The macOS system must implement approved ciphers to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000056 - The macOS system must implement an approved Key Exchange Algorithm.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000056 - The macOS system must implement an approved Key Exchange Algorithm.UnixDISA STIG Apple macOS 11 v1r8
APPL-12-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 13 v1r4