CCI|CCI-001453

Title

Implement cryptographic mechanisms to protect the integrity of remote access sessions.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.2.26 Ensure ldap_tls_cacert is set for LDAP - configUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.26 Ensure ldap_tls_cacert is set for LDAP - fileUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.27 Ensure ldap_id_use_start_tls is set for LDAP - LDAP authentication communications.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.28 Ensure ldap_tls_reqcert is set for LDAP - LDAP communications.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.17 Ensure only strong MAC algorithms are used - MACs employing FIPS 140-2 approved cryptographic hash algorithms.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-001104 - If LDAP authentication is required on AIX, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.UnixDISA STIG AIX 7.x v3r1
AOSX-13-000605 - The macOS system must not use telnet.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - OpenSSH versionUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD currently runningUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD service disabledUnixDISA STIG Apple Mac OSX 10.14 v2r6
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r5
APPL-12-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.UnixDISA STIG Apple macOS 13 v1r4
APPL-14-000054 - The macOS system must limit SSHD to FIPS-compliant connections.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000057 - The macOS system must limit SSH to FIPS-compliant connections.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-000054 - The macOS system must limit SSHD to FIPS-compliant connections.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000057 - The macOS system must limit SSH to FIPS-compliant connections.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleWindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleWindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngineWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
CASA-VN-000560 - The Cisco ASA remote access VPN server must be configured to use a FIPS-validated algorithm and hash function to protect the integrity of TLS remote access sessions.CiscoDISA STIG Cisco ASA VPN v2r2
CASA-VN-000630 - The Cisco ASA remote access VPN server must be configured to use SHA-2 at 384 bits or greater for hashing to protect the integrity of IPsec remote access sessions.CiscoDISA STIG Cisco ASA VPN v2r2
Catalina - Enable SSH for Remote Access SessionsUnixNIST macOS Catalina v1.5.0 - All Profiles
CNTR-R2-000010 Rancher RKE2 must protect authenticity of communications sessions with the use of FIPS-validated 140-2 or 140-3 security requirements for cryptographic modules.UnixDISA Rancher Government Solutions RKE2 STIG v2r2
DKER-EE-001070 - FIPS mode must be enabled on all Docker Engine - Enterprise nodes - docker info .SecurityOptionsUnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r2
DKER-EE-006280 - Docker Enterprise Universal Control Plane (UCP) must be configured to use TLS 1.2.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
F5BI-LT-000037 - The BIG-IP Core implementation must be configured to use NIST SP 800-52 Revision 1 compliant cryptography to protect the integrity of remote access sessions to virtual servers.F5DISA F5 BIG-IP Local Traffic Manager STIG v2r3
FFOX-00-000002 - Firefox must be configured to allow only TLS 1.2 or above.WindowsDISA STIG Mozilla Firefox Windows v6r5
FFOX-00-000002 - Firefox must be configured to allow only TLS 1.2 or above.UnixDISA STIG Mozilla Firefox MacOS v6r5
FFOX-00-000002 - Firefox must be configured to allow only TLS 1.2 or above.UnixDISA STIG Mozilla Firefox Linux v6r5
GEN005306 - SNMP must require the use of a FIPS 140-2 cryptographic hash algorithm as part of its authentication and integrity methods.UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN005306 - SNMP service must require a FIPS 140-2 approved hash algorithm as part of its authentication and integrity methodsUnixDISA STIG AIX 5.3 v1r2
GEN005306 - SNMP service must require a FIPS 140-2 approved hash algorithm as part of its authentication and integrity methodsUnixDISA STIG AIX 6.1 v1r14
GEN005306 - The SNMP service must require the use of a FIPS 140-2 approved cryptographic hash algorithm as part of its authentication and integrity methods.UnixDISA STIG for Oracle Linux 5 v2r1