CCI|CCI-002314

Title

Employ automated mechanisms to control remote access methods.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.5.3.2.3 Ensure iptables rules exist for all open ports - PPSM CLSA and vulnerability assessments.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.117 - Users must be prevented from connecting using Terminal Services.WindowsDISA Windows Vista STIG v6r41
AIOS-12-011200 - Apple iOS must implement the management setting: Disable Allow MailDrop.MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-12-011200 - Apple iOS must implement the management setting: Disable Allow MailDrop.MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-13-011200 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-011200 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-14-009400 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r3
AIOS-14-009400 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r3
AIOS-16-011000 - Apple iOS/iPadOS 16 must implement the management setting: Disable Allow MailDrop.MDMAirWatch - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-011000 - Apple iOS/iPadOS 16 must implement the management setting: Disable Allow MailDrop.MDMMobileIron - DISA Apple iOS/iPadOS 16 v2r1
AIOS-17-011000 - Apple iOS/iPadOS 17 must implement the management setting: Disable Allow MailDrop.MDMAirWatch - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-011000 - Apple iOS/iPadOS 17 must implement the management setting: Disable Allow MailDrop.MDMMobileIron - DISA Apple iOS/iPadOS 17 v2r1
AIOS-18-011000 - Apple iOS/iPadOS 18 must implement the management setting: disable Allow MailDrop.MDMAirWatch - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-011000 - Apple iOS/iPadOS 18 must implement the management setting: disable Allow MailDrop.MDMMobileIron - DISA Apple iOS/iPadOS 18 v1r1
AIX7-00-001137 - AIX must be able to control the ability of remote login for users.UnixDISA STIG AIX 7.x v3r1
AS24-U1-000670 - The Apache web server must restrict inbound connections from nonsecure zones.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000670 - The Apache web server must restrict inbound connections from nonsecure zones.UnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-W1-000670 - The Apache web server must restrict inbound connections from nonsecure zones.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000670 - The Apache web server must restrict inbound connections from nonsecure zones.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000670 - The Apache web server must restrict inbound connections from nonsecure zones.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Control remote access methodsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Control remote access methodsUnixNIST macOS Catalina v1.5.0 - All Profiles
ESXI-06-200035 - The VMM must provide the capability to immediately disconnect or disable remote access to the information system by disabling SSH.VMwareDISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000035 - The ESXi host must be configured to disable nonessential capabilities by disabling SSH.VMwareDISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-70-000035 - The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH).VMwareDISA STIG VMware vSphere 7.0 ESXi v1r2
ESXI-80-000193 The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH).VMwareDISA VMware vSphere 8.0 ESXi STIG v2r1
F5BI-AP-000153 - The BIG-IP APM module access policy profile must control remote access methods to virtual servers.F5DISA F5 BIG-IP Access Policy Manager STIG v2r3
F5BI-LT-000153 - The BIG-IP Core implementation providing intermediary services for remote access communications traffic must control remote access methods to virtual servers.F5DISA F5 BIG-IP Local Traffic Manager STIG v2r3
GEN001000 - Remote consoles must be disabled or protected from unauthorized access.UnixDISA STIG Solaris 10 SPARC v2r4
GEN001000 - Remote consoles must be disabled or protected from unauthorized access.UnixDISA STIG Solaris 10 X86 v2r4
GEN008520 - The system must employ a local firewall.UnixDISA STIG for Oracle Linux 5 v2r1
GEN008540 - The system's local firewall must implement a deny-all, allow-by-exception policy.UnixDISA STIG Solaris 10 SPARC v2r4
GEN008540 - The system's local firewall must implement a deny-all, allow-by-exception policy.UnixDISA STIG Solaris 10 X86 v2r4
GEN008540 - The systems local firewall must implement a deny-all, allow-by-exception policy.UnixDISA STIG for Oracle Linux 5 v2r1
IIST-SV-000142 - The IIS 10.0 web server must restrict inbound connections from non-secure zones.WindowsDISA IIS 10.0 Server v3r2
IIST-SV-000142 - The IIS 10.0 web server must restrict inbound connections from non-secure zones.WindowsDISA IIS 10.0 Server v2r10
IISW-SV-000142 - The IIS 8.5 web server must restrict inbound connections from nonsecure zones.WindowsDISA IIS 8.5 Server v2r7
KNOX-07-005100 - The Samsung must be configured to enable authentication of hotspot connections to the device using a preshared key.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-005100 - The Samsung must be configured to enable authentication of hotspot connections to the device using a preshared key.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
Monterey - Control remote access methodsUnixNIST macOS Monterey v1.0.0 - All Profiles
OH12-1X-000030 - Remote access to OHS must follow access policy or work in conjunction with enterprise tools designed to enforce policy requirements.UnixDISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000031 - OHS must have the Order, Allow, and Deny directives set within the Directory directives set to restrict inbound connections from nonsecure zones.UnixDISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000032 - OHS must have the Order, Allow, and Deny directives set within the Files directives set to restrict inbound connections from nonsecure zones.UnixDISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000033 - OHS must have the Order, Allow, and Deny directives set within the Location directives set to restrict inbound connections from nonsecure zones.UnixDISA STIG Oracle HTTP Server 12.1.3 v2r2
OL08-00-040090 - An OL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems.UnixDISA Oracle Linux 8 STIG v2r2
OL08-00-040100 - A firewall must be installed on OL 8.UnixDISA Oracle Linux 8 STIG v2r2
OL08-00-040101 - A firewall must be active on OL 8.UnixDISA Oracle Linux 8 STIG v2r2
PANW-AG-000078 - The Palo Alto Networks security platform, if used as a TLS gateway/decryption point or VPN concentrator, must control remote access methods (inspect and filter traffic).Palo_AltoDISA STIG Palo Alto ALG v3r2
PHTN-67-000055 - The Photon operating system must configure sshd with a specific ListenAddress.UnixDISA STIG VMware vSphere 6.7 Photon OS v1r6
RHEL-08-040090 - A RHEL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems.UnixDISA Red Hat Enterprise Linux 8 STIG v2r1