CCI|CCI-000803

Title

Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
5.3.16 Ensure only FIPS 140-2 ciphers are used for SSH	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIOS-17-007200 - Apple iOS/iPadOS 17 must not include applications with the following characteristics: access to Siri when the device is locked.	MDM	AirWatch - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-007200 - Apple iOS/iPadOS 17 must not include applications with the following characteristics: access to Siri when the device is locked.	MDM	MobileIron - DISA Apple iOS/iPadOS 17 v2r1
AIOS-18-007200 - Apple iOS/iPadOS 18 must not include applications with the following characteristics: access to Siri when the device is locked.	MDM	AirWatch - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-007200 - Apple iOS/iPadOS 18 must not include applications with the following characteristics: access to Siri when the device is locked.	MDM	MobileIron - DISA Apple iOS/iPadOS 18 v1r1
ALMA-09-039290 - AlmaLinux OS 9 must use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-039400 - AlmaLinux OS 9 must prevent system daemons from using Kerberos for authentication.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-039510 - The libreswan package must be installed.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-039620 - AlmaLinux OS 9 must have the packages required for encrypting offloaded audit logs installed.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
AMLS-L3-000250 - The Arista Multilayer Switch must encrypt all methods of configured authentication for the OSPF routing protocol - ipv6 OSPF checks	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000250 - The Arista Multilayer Switch must encrypt all methods of configured authentication for the OSPF routing protocol - ospf message-digest	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000250 - The Arista Multilayer Switch must encrypt all methods of configured authentication for the OSPF routing protocol - ospf message-digest-key	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000320 - The Arista Multilayer Switch must not enable the RIP routing protocol.	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-NM-200825 - The Arista Multilayer Switch must use FIPS-compliant mechanisms for authentication to a cryptographic module - entropy source	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r4
AMLS-NM-200825 - The Arista Multilayer Switch must use FIPS-compliant mechanisms for authentication to a cryptographic module - SSH FIPS	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r4
AOSX-13-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections..	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-000054 - The macOS system must implement approved ciphers to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000054 - The macOS system must implement approved ciphers to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-12-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-13-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 13 v1r5
APPL-13-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.	Unix	DISA STIG Apple macOS 13 v1r5
APPL-13-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.	Unix	DISA STIG Apple macOS 13 v1r5
APPL-13-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 13 v1r5
APPL-13-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.	Unix	DISA STIG Apple macOS 13 v1r5
APPL-13-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.	Unix	DISA STIG Apple macOS 13 v1r5
APPL-14-000054 The macOS system must limit SSHD to FIPS-compliant connections.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-000057 The macOS system must limit SSH to FIPS-compliant connections.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-15-000054 - The macOS system must limit SSHD to FIPS-compliant connections.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-000057 - The macOS system must limit SSH to FIPS-compliant connections.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
ARST-ND-000470 - The Arista network device must use FIPS 140-2 approved algorithms for authentication to a cryptographic module.	Arista	DISA STIG Arista MLS EOS 4.2x NDM v2r1
ARST-RT-000280 - The Arista router must be configured to authenticate all routing protocol messages using NIST-validated FIPS 198-1 message authentication code algorithm.	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware

Detections

Analytics

CCI|CCI-000803

Title

Reference Item Details

Audit Items