CCI|CCI-001184

Title

Protect the authenticity of communications sessions.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
APPNET0060 - Remoting Services HTTP channels must utilize authentication and encryption.WindowsDISA STIG for Microsoft Dot Net Framework 4.0 v2r4
APPNET0071 - Remoting Services TCP channels must utilize authentication and encryption.WindowsDISA STIG for Microsoft Dot Net Framework 4.0 v2r4
CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2.CiscoDISA STIG Cisco ASA VPN v2r2
CNTR-K8-001400 - The Kubernetes API server must use approved cipher suites.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001410 - Kubernetes API Server must have the SSL Certificate Authority set.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001420 - Kubernetes Kubelet must have the SSL Certificate Authority set.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001430 - Kubernetes Controller Manager must have the SSL Certificate Authority set.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001440 - Kubernetes API Server must have a certificate for communication.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001450 - Kubernetes etcd must enable client authentication to secure service.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001460 - Kubernetes Kubelet must enable tlsPrivateKeyFile for client authentication to secure service.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001470 - Kubernetes Kubelet must enable tlsCertFile for client authentication to secure service.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001480 - Kubernetes etcd must enable client authentication to secure service.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001490 - Kubernetes etcd must have a key file for secure communication.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001500 - Kubernetes etcd must have a certificate for communication.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001510 - Kubernetes etcd must have the SSL Certificate Authority set.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001520 - Kubernetes etcd must have a certificate for communication.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001530 - Kubernetes etcd must have a key file for secure communication.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001540 - Kubernetes etcd must have peer-cert-file set for secure communication.UnixDISA STIG Kubernetes v2r2
CNTR-K8-001550 - Kubernetes etcd must have a peer-key-file set for secure communication.UnixDISA STIG Kubernetes v2r2
CNTR-R2-000010 Rancher RKE2 must protect authenticity of communications sessions with the use of FIPS-validated 140-2 or 140-3 security requirements for cryptographic modules.UnixDISA Rancher Government Solutions RKE2 STIG v2r2
DKER-EE-001050 - TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r2
DTBI046-IE11 - Logon options must be configured to prompt (Internet zone).WindowsDISA STIG IE 11 v2r5
DTBI136-IE11 - Logon options must be configured and enforced (Restricted Sites zone).WindowsDISA STIG IE 11 v2r5
DTOO421 - Session Initiation Protocol (SIP) security mode must be configured.WindowsDISA STIG Microsoft Lync 2013 v1r5
DTOO421 - Session Initiation Protocol (SIP) security mode must be configured.WindowsDISA STIG Microsoft Skype for Business 2016 v1r1
DTOO422 - In the event a secure Session Initiation Protocol (SIP) connection fails, the connection must be restricted from resorting to the unencrypted HTTP.WindowsDISA STIG Microsoft Lync 2013 v1r5
DTOO422 - In the event a secure SIP connection fails, the connection must be restricted from resorting to the unencrypted HTTP.WindowsDISA STIG Microsoft Skype for Business 2016 v1r1
EX13-EG-000090 - Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication.WindowsDISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6
EX13-MB-000110 - Exchange internal Receive connectors must require encryption.WindowsDISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX13-MB-000115 - Exchange internal Receive connectors must use Domain Security (mutual authentication Transport Layer Security) - mutual authentication Transport Layer Security.WindowsDISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX13-MB-000120 - Exchange internal Send connectors must require encryption.WindowsDISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX16-ED-000170 - Exchange internal Send connectors must use domain security (mutual authentication Transport Layer Security)WindowsDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5
EX16-ED-000180 - Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication.WindowsDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5
EX16-MB-000220 - Exchange internal Receive connectors must require encryption.WindowsDISA Microsoft Exchange 2016 Mailbox Server STIG v2r6
EX19-ED-000098 - Exchange internal send connectors must use domain security (mutual authentication Transport Layer Security).WindowsDISA Microsoft Exchange 2019 Edge Server STIG v2r1
EX19-ED-000099 - Exchange internet-facing receive connectors must offer Transport Layer Security (TLS) before using basic authentication.WindowsDISA Microsoft Exchange 2019 Edge Server STIG v2r1
EX19-MB-000236 - The application must protect the confidentiality and integrity of transmitted information.WindowsDISA Microsoft Exchange 2019 Mailbox Server STIG v2r2
F5BI-AP-000234 - The F5 BIG-IP appliance must not use the On-Demand Cert Auth VPE agent as part of the APM Policy Profiles.F5DISA F5 BIG-IP Access Policy Manager STIG v2r3
F5BI-AP-000236 - The F5 BIG-IP appliance must be configured to limit authenticated client sessions to initial session source IP.F5DISA F5 BIG-IP Access Policy Manager STIG v2r3
F5BI-LT-000097 - The BIG-IP Core implementation must be configured to protect the authenticity of communications sessions.F5DISA F5 BIG-IP Local Traffic Manager STIG v2r3
JUSX-VN-000025 - The Juniper SRX Services Gateway VPN must configure Internet Key Exchange (IKE) with SHA1 or greater to protect the authenticity of communications sessions.JuniperDISA Juniper SRX Services Gateway VPN v3r1
O365-LY-000001 - The SIP security mode in Lync must be enabled.WindowsDISA STIG Microsoft Office 365 ProPlus v3r1
O365-LY-000002 - The HTTP fallback for SIP connection in Lync must be disabled.WindowsDISA STIG Microsoft Office 365 ProPlus v3r1
SP13-00-000110 - SharePoint must ensure authentication of both client and server during the entire session. An example of this is SSL Mutual Authentication.WindowsDISA STIG SharePoint 2013 v2r3
SP13-00-000125 - SharePoint must implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions.WindowsDISA STIG SharePoint 2013 v2r3
SYMP-AG-000490 - Symantec ProxySG must use Transport Layer Security (TLS) to protect the authenticity of communications sessions.BlueCoatDISA Symantec ProxySG Benchmark ALG v1r3
TCAT-AS-000800 - Tomcat servers must mutually authenticate proxy or load balancer connections.UnixDISA STIG Apache Tomcat Application Server 9 v3r1 Middleware
VCSA-70-000009 - The vCenter Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.VMwareDISA STIG VMware vSphere 7.0 vCenter v1r3
VCSA-80-000009 The vCenter Server must use DOD-approved encryption to protect the confidentiality of network sessions.VMwareDISA VMware vSphere 8.0 vCenter STIG v2r1
WBLC-08-000223 - Oracle WebLogic must ensure authentication of both client and server during the entire session.WindowsOracle WebLogic Server 12c Windows v2r1