Detections
Analytics

CCI|CCI-001967

Title

Authenticate organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
5.123 - Restrict unauthenticated RPC clients.WindowsDISA Windows Vista STIG v6r41
5.124 - Client computers required to authenticate for RPC communication.WindowsDISA Windows Vista STIG v6r41
AMLS-L2-000130 - The Arista Multilayer Switch must authenticate all endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based - aaa authentication dot1x default groupAristaDISA STIG Arista MLS DCS-7000 Series L2S v1r3
AMLS-L2-000130 - The Arista Multilayer Switch must authenticate all endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based - dot1x system-auth-controlAristaDISA STIG Arista MLS DCS-7000 Series L2S v1r3
AMLS-L2-000140 - The Arista Multilayer Switch must re-authenticate all endpoint devices every 60 minutes or less - dot1x reauthenticationAristaDISA STIG Arista MLS DCS-7000 Series L2S v1r3
AMLS-L2-000140 - The Arista Multilayer Switch must re-authenticate all endpoint devices every 60 minutes or less - dot1x timeout reauth-period 3600AristaDISA STIG Arista MLS DCS-7000 Series L2S v1r3
AOSX-14-004020 - The macOS system must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000008 - The macOS system must be configured with Wi-Fi support software disabled.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-000008 - The macOS system must be configured with Wi-Fi support software disabled.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000008 - The macOS system must be configured with Wi-Fi support software disabled.UnixDISA STIG Apple macOS 11 v1r8
APPL-12-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-005051 - The macOS system must restrict the ability to utilize external writeable media devices.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization.UnixDISA STIG Apple macOS 13 v1r4
ARST-ND-000600 - The Arista network device must be configured to synchronize internal system clocks using redundant authenticated time sources.AristaDISA STIG Arista MLS EOS 4.2x NDM v2r1
ARST-ND-000660 - The Arista network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).AristaDISA STIG Arista MLS EOS 4.2x NDM v2r1
CASA-ND-001050 - The Cisco ASA must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).CiscoDISA STIG Cisco ASA NDM v2r2
CASA-ND-001070 - The Cisco ASA must be configured to encrypt Simple Network Management Protocol (SNMP) messages using a FIPS 140-2 approved algorithm.CiscoDISA STIG Cisco ASA NDM v2r2
CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based.CiscoDISA STIG Cisco ASA NDM v2r2
Catalina - Disable Wi-Fi InterfaceUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Disable Wi-Fi InterfaceUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Disable Wi-Fi InterfaceUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Disable Wi-Fi InterfaceUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Disable Wi-Fi InterfaceUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Disable Wi-Fi InterfaceUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Disable Wi-Fi InterfaceUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Disable Wi-Fi InterfaceUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
CISC-ND-001130 - The Cisco router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).CiscoDISA STIG Cisco IOS XE Router NDM v3r2
CISC-ND-001130 - The Cisco router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).CiscoDISA STIG Cisco IOS Router NDM v3r2
CISC-ND-001130 - The Cisco router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).CiscoDISA STIG Cisco IOS-XR Router NDM v3r2
CISC-ND-001130 - The Cisco switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).CiscoDISA STIG Cisco NX-OS Switch NDM v3r2
CISC-ND-001130 - The Cisco switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).CiscoDISA STIG Cisco IOS XE Switch NDM v3r2
CISC-ND-001130 - The Cisco switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).CiscoDISA STIG Cisco IOS Switch NDM v3r2
CISC-ND-001150 - The Cisco router must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.CiscoDISA STIG Cisco IOS XE Router NDM v3r2
CISC-ND-001150 - The Cisco router must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.CiscoDISA STIG Cisco IOS Router NDM v3r2
CISC-ND-001150 - The Cisco router must be configured to authenticate NTP sources using authentication that is cryptographically based.CiscoDISA STIG Cisco IOS-XR Router NDM v3r2
CISC-ND-001150 - The Cisco switch must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.CiscoDISA STIG Cisco NX-OS Switch NDM v3r2
CISC-ND-001150 - The Cisco switch must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.CiscoDISA STIG Cisco IOS Switch NDM v3r2
CISC-ND-001150 - The Cisco switch must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.CiscoDISA STIG Cisco IOS XE Switch NDM v3r2
DKER-EE-001070 - FIPS mode must be enabled on all Docker Engine - Enterprise nodes - docker info .SecurityOptionsUnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r2
DTOO279 - Outlook - RPC encryption between Outlook and Exchange server must be enforced.WindowsDISA STIG Office 2010 Outlook v1r13
DTOO279 - RPC encryption between Outlook and Exchange server must be enforced.WindowsDISA STIG Microsoft Outlook 2016 v2r3
DTOO279 - RPC encryption between Outlook and Exchange server must be enforced.WindowsDISA STIG Microsoft Outlook 2013 v1r13
DTOO280 - Outlook - Authentication with Exchange Server must be required.WindowsDISA STIG Office 2010 Outlook v1r13
DTOO280 - Outlook must be configured to force authentication when connecting to an Exchange server.WindowsDISA STIG Microsoft Outlook 2016 v2r3
DTOO280 - Outlook must be configured to force authentication when connecting to an Exchange server.WindowsDISA STIG Microsoft Outlook 2013 v1r13
ESXI-80-000145 The ESXi host must enable bidirectional Challenge-Handshake Authentication Protocol (CHAP) authentication for Internet Small Computer Systems Interface (iSCSI) traffic.VMwareDISA VMware vSphere 8.0 ESXi STIG v2r1
FGFW-ND-000210 - The FortiGate device must authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC)FortiGateDISA Fortigate Firewall NDM STIG v1r4
FGFW-ND-000215 - The FortiGate device must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.FortiGateDISA Fortigate Firewall NDM STIG v1r4
JUEX-NM-000480 - The Juniper EX switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).JuniperDISA Juniper EX Series Network Device Management v2r2
JUEX-NM-000490 - The Juniper EX switch must use an an NTP service that is hosted by a trusted source or a DOD-compliant enterprise or local NTP server.JuniperDISA Juniper EX Series Network Device Management v2r2