Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-001184
CCI
CCI|CCI-001184
Title
Protect the authenticity of communications sessions.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
APPNET0060 - Remoting Services HTTP channels must utilize authentication and encryption.
Windows
DISA STIG for Microsoft Dot Net Framework 4.0 v2r4
APPNET0071 - Remoting Services TCP channels must utilize authentication and encryption.
Windows
DISA STIG for Microsoft Dot Net Framework 4.0 v2r4
CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2 - IKE Phase 2
Cisco
DISA STIG Cisco ASA VPN v2r1
CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2 - proposal
Cisco
DISA STIG Cisco ASA VPN v2r1
CNTR-K8-001400 - The Kubernetes API server must use approved cipher suites.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001410 - Kubernetes API Server must have the SSL Certificate Authority set.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001420 - Kubernetes Kubelet must have the SSL Certificate Authority set.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001430 - Kubernetes Controller Manager must have the SSL Certificate Authority set.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001440 - Kubernetes API Server must have a certificate for communication.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001450 - Kubernetes etcd must enable client authentication to secure service.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001460 - Kubernetes Kubelet must enable tlsPrivateKeyFile for client authentication to secure service.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001470 - Kubernetes Kubelet must enable tlsCertFile for client authentication to secure service.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001480 - Kubernetes etcd must enable client authentication to secure service.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001490 - Kubernetes etcd must have a key file for secure communication.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001500 - Kubernetes etcd must have a certificate for communication.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001510 - Kubernetes etcd must have the SSL Certificate Authority set.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001520 - Kubernetes etcd must have a certificate for communication.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001530 - Kubernetes etcd must have a key file for secure communication.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001540 - Kubernetes etcd must have peer-cert-file set for secure communication.
Unix
DISA STIG Kubernetes v2r1
CNTR-K8-001550 - Kubernetes etcd must have a peer-key-file set for secure communication.
Unix
DISA STIG Kubernetes v2r1
DKER-EE-001050 - TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix v2r2
DTBI046-IE11 - Logon options must be configured to prompt (Internet zone).
Windows
DISA STIG IE 11 v2r5
DTBI136-IE11 - Logon options must be configured and enforced (Restricted Sites zone).
Windows
DISA STIG IE 11 v2r5
DTOO421 - Session Initiation Protocol (SIP) security mode must be configured.
Windows
DISA STIG Microsoft Lync 2013 v1r5
DTOO421 - Session Initiation Protocol (SIP) security mode must be configured.
Windows
DISA STIG Microsoft Skype for Business 2016 v1r1
DTOO422 - In the event a secure Session Initiation Protocol (SIP) connection fails, the connection must be restricted from resorting to the unencrypted HTTP.
Windows
DISA STIG Microsoft Lync 2013 v1r5
DTOO422 - In the event a secure SIP connection fails, the connection must be restricted from resorting to the unencrypted HTTP.
Windows
DISA STIG Microsoft Skype for Business 2016 v1r1
EX13-EG-000090 - Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication.
Windows
DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6
EX13-MB-000110 - Exchange internal Receive connectors must require encryption.
Windows
DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX13-MB-000115 - Exchange internal Receive connectors must use Domain Security (mutual authentication Transport Layer Security) - mutual authentication Transport Layer Security.
Windows
DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX13-MB-000120 - Exchange internal Send connectors must require encryption.
Windows
DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX16-ED-000170 - Exchange internal Send connectors must use domain security (mutual authentication Transport Layer Security)
Windows
DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5
EX16-ED-000180 - Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication.
Windows
DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5
EX16-MB-000220 - Exchange internal Receive connectors must require encryption.
Windows
DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6
EX19-ED-000098 Exchange internal send connectors must use domain security (mutual authentication Transport Layer Security).
Windows
DISA Microsoft Exchange 2019 Edge Server STIG v2r1
EX19-ED-000099 Exchange internet-facing receive connectors must offer Transport Layer Security (TLS) before using basic authentication.
Windows
DISA Microsoft Exchange 2019 Edge Server STIG v2r1
EX19-MB-000236 The application must protect the confidentiality and integrity of transmitted information.
Windows
DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1
F5BI-AP-000234 - The F5 BIG-IP appliance must not use the On-Demand Cert Auth VPE agent as part of the APM Policy Profiles.
F5
DISA F5 BIG-IP Access Policy Manager STIG v2r3
F5BI-AP-000236 - The F5 BIG-IP appliance must be configured to limit authenticated client sessions to initial session source IP.
F5
DISA F5 BIG-IP Access Policy Manager STIG v2r3
F5BI-LT-000097 - The BIG-IP Core implementation must be configured to protect the authenticity of communications sessions.
F5
DISA F5 BIG-IP Local Traffic Manager STIG v2r3
JUSX-VN-000025 - The Juniper SRX Services Gateway VPN must configure Internet Key Exchange (IKE) with SHA1 or greater to protect the authenticity of communications sessions.
Juniper
DISA Juniper SRX Services Gateway VPN v3r1
O365-LY-000001 - The SIP security mode in Lync must be enabled.
Windows
DISA STIG Microsoft Office 365 ProPlus v3r1
O365-LY-000002 - The HTTP fallback for SIP connection in Lync must be disabled.
Windows
DISA STIG Microsoft Office 365 ProPlus v3r1
SP13-00-000110 - SharePoint must ensure authentication of both client and server during the entire session. An example of this is SSL Mutual Authentication.
Windows
DISA STIG SharePoint 2013 v2r3
SP13-00-000125 - SharePoint must implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions.
Windows
DISA STIG SharePoint 2013 v2r3
SYMP-AG-000490 - Symantec ProxySG must use Transport Layer Security (TLS) to protect the authenticity of communications sessions.
BlueCoat
DISA Symantec ProxySG Benchmark ALG v1r3
TCAT-AS-000800 - Tomcat servers must mutually authenticate proxy or load balancer connections.
Unix
DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware
VCSA-70-000009 - The vCenter Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.
VMware
DISA STIG VMware vSphere 7.0 vCenter v1r3
VCSA-80-000009 The vCenter Server must use DOD-approved encryption to protect the confidentiality of network sessions.
VMware
DISA VMware vSphere 8.0 vCenter STIG v2r1
WBLC-08-000223 - Oracle WebLogic must ensure authentication of both client and server during the entire session.
Windows
Oracle WebLogic Server 12c Windows v2r1
