Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Release Notes
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Release Notes
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-001184
CCI
CCI|CCI-001184
Title
Protect the authenticity of communications sessions.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
APPNET0060 - Remoting Services HTTP channels must utilize authentication and encryption.
Windows
DISA Microsoft DotNet Framework 4.0 STIG v2r7
APPNET0071 - Remoting Services TCP channels must utilize authentication and encryption.
Windows
DISA Microsoft DotNet Framework 4.0 STIG v2r7
CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2.
Cisco
DISA STIG Cisco ASA VPN v2r2
CNTR-K8-001400 - The Kubernetes API server must use approved cipher suites.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001410 - Kubernetes API Server must have the SSL Certificate Authority set.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001420 - Kubernetes Kubelet must have the SSL Certificate Authority set.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001430 - Kubernetes Controller Manager must have the SSL Certificate Authority set.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001440 - Kubernetes API Server must have a certificate for communication.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001450 - Kubernetes etcd must enable client authentication to secure service.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001460 - Kubernetes Kubelet must enable tlsPrivateKeyFile for client authentication to secure service.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001470 - Kubernetes Kubelet must enable tlsCertFile for client authentication to secure service.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001480 - Kubernetes etcd must enable client authentication to secure service.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001490 - Kubernetes etcd must have a key file for secure communication.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001500 - Kubernetes etcd must have a certificate for communication.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001510 - Kubernetes etcd must have the SSL Certificate Authority set.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001520 - Kubernetes etcd must have a certificate for communication.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001530 - Kubernetes etcd must have a key file for secure communication.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001540 - Kubernetes etcd must have peer-cert-file set for secure communication.
Unix
DISA STIG Kubernetes v2r4
CNTR-K8-001550 - Kubernetes etcd must have a peer-key-file set for secure communication.
Unix
DISA STIG Kubernetes v2r4
CNTR-R2-000010 - Rancher RKE2 must protect authenticity of communications sessions with the use of FIPS-validated 140-2 or 140-3 security requirements for cryptographic modules.
Unix
DISA Rancher Government Solutions RKE2 STIG v2r4
DKER-EE-001050 - TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix v2r2
DTBI046-IE11 - Logon options must be configured to prompt (Internet zone).
Windows
DISA STIG IE 11 v2r5
DTBI136-IE11 - Logon options must be configured and enforced (Restricted Sites zone).
Windows
DISA STIG IE 11 v2r5
DTOO421 - Session Initiation Protocol (SIP) security mode must be configured.
Windows
DISA STIG Microsoft Lync 2013 v1r5
DTOO421 - Session Initiation Protocol (SIP) security mode must be configured.
Windows
DISA STIG Microsoft Skype for Business 2016 v1r1
DTOO422 - In the event a secure Session Initiation Protocol (SIP) connection fails, the connection must be restricted from resorting to the unencrypted HTTP.
Windows
DISA STIG Microsoft Lync 2013 v1r5
DTOO422 - In the event a secure SIP connection fails, the connection must be restricted from resorting to the unencrypted HTTP.
Windows
DISA STIG Microsoft Skype for Business 2016 v1r1
EX13-EG-000090 - Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication.
Windows
DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6
EX13-MB-000110 - Exchange internal Receive connectors must require encryption.
Windows
DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX13-MB-000115 - Exchange internal Receive connectors must use Domain Security (mutual authentication Transport Layer Security) - mutual authentication Transport Layer Security.
Windows
DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX13-MB-000120 - Exchange internal Send connectors must require encryption.
Windows
DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX16-ED-000170 - Exchange internal Send connectors must use domain security (mutual authentication Transport Layer Security)
Windows
DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5
EX16-ED-000170 - Exchange internal Send connectors must use domain security (mutual authentication Transport Layer Security) - mutual authentication Transport Layer Security
Windows
DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6
EX16-ED-000180 - Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication.
Windows
DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6
EX16-ED-000180 - Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication.
Windows
DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5
EX16-MB-000220 - Exchange internal Receive connectors must require encryption.
Windows
DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6
EX19-ED-000098 - Exchange internal send connectors must use domain security (mutual authentication Transport Layer Security).
Windows
DISA Microsoft Exchange 2019 Edge Server STIG v2r2
EX19-ED-000099 - Exchange internet-facing receive connectors must offer Transport Layer Security (TLS) before using basic authentication.
Windows
DISA Microsoft Exchange 2019 Edge Server STIG v2r2
EX19-MB-000236 - The application must protect the confidentiality and integrity of transmitted information.
Windows
DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2
F5BI-AP-000234 - The F5 BIG-IP appliance must not use the On-Demand Cert Auth VPE agent as part of the APM Policy Profiles.
F5
DISA F5 BIG-IP Access Policy Manager STIG v2r4
F5BI-AP-000236 - The F5 BIG-IP appliance must be configured to limit authenticated client sessions to initial session source IP.
F5
DISA F5 BIG-IP Access Policy Manager STIG v2r4
F5BI-AP-300003 - The F5 BIG-IP appliance providing intermediary services for remote access must use FIPS-validated cryptographic algorithms, including TLS 1.2 at a minimum.
F5
DISA F5 BIG-IP TMOS ALG STIG v1r2
F5BI-AP-300155 - The F5 BIG-IP appliance must not use the On-demand Cert Auth VPE agent as part of the APM Policy Profiles.
F5
DISA F5 BIG-IP TMOS ALG STIG v1r2
F5BI-AP-300156 - The F5 BIG-IP appliance must be configured to restrict a consistent inbound IP for the entire management session.
F5
DISA F5 BIG-IP TMOS ALG STIG v1r2
F5BI-AP-300157 - The F5 BIG-IP appliance must be configured to limit authenticated client sessions to initial session source IP.
F5
DISA F5 BIG-IP TMOS ALG STIG v1r2
F5BI-AP-300163 - The VPN Gateway must use Always On VPN connections for remote computing.
F5
DISA F5 BIG-IP TMOS ALG STIG v1r2
F5BI-DN-300013 - An authoritative name server must be configured to enable DNSSEC Resource Records.
F5
DISA F5 BIG-IP TMOS DNS STIG v1r1
F5BI-DN-300036 - The F5 BIG-IP DNS implementation must protect the authenticity of communications sessions for zone transfers.
F5
DISA F5 BIG-IP TMOS DNS STIG v1r1
F5BI-LT-000097 - The BIG-IP Core implementation must be configured to protect the authenticity of communications sessions.
F5
DISA F5 BIG-IP Local Traffic Manager STIG v2r4
F5BI-VN-300041 - The F5 BIG-IP appliance IPsec VPN must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE).
F5
DISA F5 BIG-IP TMOS VPN STIG v1r1
