Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-002314
CCI
CCI|CCI-002314
Title
Employ automated mechanisms to control remote access methods.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
3.5.3.2.3 Ensure iptables rules exist for all open ports - PPSM CLSA and vulnerability assessments.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.117 - Users must be prevented from connecting using Terminal Services.
Windows
DISA Windows Vista STIG v6r41
AIOS-12-011200 - Apple iOS must implement the management setting: Disable Allow MailDrop.
MDM
MobileIron - DISA Apple iOS 12 v2r1
AIOS-12-011200 - Apple iOS must implement the management setting: Disable Allow MailDrop.
MDM
AirWatch - DISA Apple iOS 12 v2r1
AIOS-13-011200 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop.
MDM
AirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-011200 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop.
MDM
MobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-14-009400 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop.
MDM
MobileIron - DISA Apple iOS/iPadOS 14 v1r3
AIOS-14-009400 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop.
MDM
AirWatch - DISA Apple iOS/iPadOS 14 v1r3
AIOS-16-011000 - Apple iOS/iPadOS 16 must implement the management setting: Disable Allow MailDrop.
MDM
AirWatch - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-011000 - Apple iOS/iPadOS 16 must implement the management setting: Disable Allow MailDrop.
MDM
MobileIron - DISA Apple iOS/iPadOS 16 v2r1
AIOS-17-011000 - Apple iOS/iPadOS 17 must implement the management setting: Disable Allow MailDrop.
MDM
AirWatch - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-011000 - Apple iOS/iPadOS 17 must implement the management setting: Disable Allow MailDrop.
MDM
MobileIron - DISA Apple iOS/iPadOS 17 v2r1
AIX7-00-001137 - AIX must be able to control the ability of remote login for users.
Unix
DISA STIG AIX 7.x v2r9
AS24-U1-000670 - The Apache web server must restrict inbound connections from nonsecure zones.
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000670 - The Apache web server must restrict inbound connections from nonsecure zones.
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-W1-000670 - The Apache web server must restrict inbound connections from nonsecure zones.
Windows
DISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000670 - The Apache web server must restrict inbound connections from nonsecure zones.
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000670 - The Apache web server must restrict inbound connections from nonsecure zones.
Windows
DISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Control remote access methods
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Control remote access methods
Unix
NIST macOS Catalina v1.5.0 - All Profiles
ESXI-06-200035 - The VMM must provide the capability to immediately disconnect or disable remote access to the information system by disabling SSH.
VMware
DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000035 - The ESXi host must be configured to disable nonessential capabilities by disabling SSH.
VMware
DISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-70-000035 - The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH).
VMware
DISA STIG VMware vSphere 7.0 ESXi v1r2
ESXI-80-000193 The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH).
VMware
DISA VMware vSphere 8.0 ESXi STIG v2r1
F5BI-AP-000153 - The BIG-IP APM module access policy profile must control remote access methods to virtual servers.
F5
DISA F5 BIG-IP Access Policy Manager STIG v2r3
F5BI-LT-000153 - The BIG-IP Core implementation providing intermediary services for remote access communications traffic must control remote access methods to virtual servers.
F5
DISA F5 BIG-IP Local Traffic Manager STIG v2r3
GEN001000 - Remote consoles must be disabled or protected from unauthorized access.
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001000 - Remote consoles must be disabled or protected from unauthorized access.
Unix
DISA STIG Solaris 10 X86 v2r4
GEN008520 - The system must employ a local firewall.
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN008540 - The system's local firewall must implement a deny-all, allow-by-exception policy.
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN008540 - The system's local firewall must implement a deny-all, allow-by-exception policy.
Unix
DISA STIG Solaris 10 X86 v2r4
GEN008540 - The systems local firewall must implement a deny-all, allow-by-exception policy.
Unix
DISA STIG for Oracle Linux 5 v2r1
IIST-SV-000142 - The IIS 10.0 web server must restrict inbound connections from non-secure zones.
Windows
DISA IIS 10.0 Server v3r1
IIST-SV-000142 - The IIS 10.0 web server must restrict inbound connections from non-secure zones.
Windows
DISA IIS 10.0 Server v2r10
IISW-SV-000142 - The IIS 8.5 web server must restrict inbound connections from nonsecure zones.
Windows
DISA IIS 8.5 Server v2r7
KNOX-07-005100 - The Samsung must be configured to enable authentication of hotspot connections to the device using a preshared key.
MDM
AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-005100 - The Samsung must be configured to enable authentication of hotspot connections to the device using a preshared key.
MDM
MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
Monterey - Control remote access methods
Unix
NIST macOS Monterey v1.0.0 - All Profiles
OH12-1X-000030 - Remote access to OHS must follow access policy or work in conjunction with enterprise tools designed to enforce policy requirements.
Unix
DISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000031 - OHS must have the Order, Allow, and Deny directives set within the Directory directives set to restrict inbound connections from nonsecure zones.
Unix
DISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000032 - OHS must have the Order, Allow, and Deny directives set within the Files directives set to restrict inbound connections from nonsecure zones.
Unix
DISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000033 - OHS must have the Order, Allow, and Deny directives set within the Location directives set to restrict inbound connections from nonsecure zones.
Unix
DISA STIG Oracle HTTP Server 12.1.3 v2r2
OL08-00-040090 - An OL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems.
Unix
DISA Oracle Linux 8 STIG v2r1
OL08-00-040100 - A firewall must be installed on OL 8.
Unix
DISA Oracle Linux 8 STIG v2r1
OL08-00-040101 - A firewall must be active on OL 8.
Unix
DISA Oracle Linux 8 STIG v2r1
PANW-AG-000078 - The Palo Alto Networks security platform, if used as a TLS gateway/decryption point or VPN concentrator, must control remote access methods (inspect and filter traffic).
Palo_Alto
DISA STIG Palo Alto ALG v3r1
PHTN-67-000055 - The Photon operating system must configure sshd with a specific ListenAddress.
Unix
DISA STIG VMware vSphere 6.7 Photon OS v1r6
RHEL-08-040090 - A RHEL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems.
Unix
DISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-08-040100 - A firewall must be installed on RHEL 8.
Unix
DISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-08-040101 - A firewall must be active on RHEL 8.
Unix
DISA Red Hat Enterprise Linux 8 STIG v2r1
