CCI|CCI-002420

Title

Maintain the confidentiality and/or integrity of information during preparation for transmission.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

Name	Plugin	Audit Name
5.3.1 Ensure SSH is installed	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.2 Ensure SSH is running	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AOSX-13-000035 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - OpenSSH version	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD currently running	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD service disabled	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
APPL-11-000011 - The macOS system must disable the SSHD service.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000011 - The macOS system must disable the SSHD service.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-14-000080 - The macOS system must enable SSH server for remote access sessions.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngine	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocol	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
Catalina - Enable SSH for Remote Access Sessions	Unix	NIST macOS Catalina v1.5.0 - All Profiles
CD12-00-007200 - PostgreSQL must maintain the confidentiality and integrity of information during preparation for transmission.	Unix	DISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-007200 - PostgreSQL must maintain the confidentiality and integrity of information during preparation for transmission.	PostgreSQLDB	DISA STIG Crunchy Data PostgreSQL DB v3r1
DB2X-00-009100 - DB2 must maintain the confidentiality and integrity of information during preparation for transmission.	Unix	DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-009100 - DB2 must maintain the confidentiality and integrity of information during preparation for transmission.	Windows	DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DKER-EE-001050 - TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r2
EP11-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission.	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4
EP11-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission.	PostgreSQLDB	EDB PostgreSQL Advanced Server v11 DB Audit v2r4
EPAS-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission.	Unix	EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1
ESXI-70-000074 - The ESXi host must exclusively enable Transport Layer Security (TLS) 1.2 for all endpoints.	VMware	DISA STIG VMware vSphere 7.0 ESXi v1r2
ESXI-80-000161 The ESXi host must maintain the confidentiality and integrity of information during transmission by exclusively enabling Transport Layer Security (TLS) 1.2.	VMware	DISA VMware vSphere 8.0 ESXi STIG v2r1
ESXI-80-000247 The ESXi host must use DOD-approved encryption to protect the confidentiality of network sessions.	Unix	DISA VMware vSphere 8.0 ESXi STIG OS v2r1
EX19-ED-000238 Exchange must render hyperlinks from email sources from non-.mil domains as unclickable.	Windows	DISA Microsoft Exchange 2019 Edge Server STIG v2r1
IISW-SI-000249 - The IIS 8.5 website must maintain the confidentiality and integrity of information during preparation for transmission and during reception.	Windows	DISA IIS 8.5 Site v2r9
MADB-10-008900 - MariaDB must maintain the confidentiality and integrity of information during preparation for transmission.	MySQLDB	DISA MariaDB Enterprise 10.x v2r1 DB
MD3X-00-000760 - MongoDB must maintain the confidentiality and integrity of information during preparation for transmission.	Unix	DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS
MD4X-00-006000 - MongoDB must maintain the confidentiality and integrity of information during preparation for transmission.	Unix	DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS
MYS8-00-011300 - The MySQL Database Server 8.0 must maintain the confidentiality and integrity of information during preparation for transmission.	MySQLDB	DISA Oracle MySQL 8.0 v2r1 DB
O112-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures.	Windows	DISA STIG Oracle 11.2g v2r5 Windows
O112-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures.	Unix	DISA STIG Oracle 11.2g v2r5 Linux
OH12-1X-000324 - OHS must have the LoadModule ossl_module directive enabled to maintain the confidentiality and integrity of information during preparation for transmission.	Unix	DISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000325 - OHS must have the SSLFIPS directive enabled to maintain the confidentiality and integrity of information during preparation for transmission.	Unix	DISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000326 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to maintain the confidentiality and integrity of information during preparation for transmission - SSLEngine	Unix	DISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000326 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to maintain the confidentiality and integrity of information during preparation for transmission - SSLProtocol	Unix	DISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000326 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to maintain the confidentiality and integrity of information during preparation for transmission - SSLWallet	Unix	DISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000327 - OHS must have the SSLCipherSuite directive enabled to maintain the confidentiality and integrity of information during preparation for transmission.	Unix	DISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000328 - If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL, OHS must have the SecureProxy directive enabled to maintain the confidentiality and integrity of information during preparation for transmission.	Unix	DISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000329 - If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL, OHS must have the WLSSLWallet directive enabled to maintain the confidentiality and integrity of information during preparation for transmission.	Unix	DISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000330 - If using the WebLogic Web Server Proxy Plugin and configuring SSL termination at OHS, OHS must have the WLSProxySSL directive enabled to maintain the confidentiality and integrity of information during preparation for transmission.	Unix	DISA STIG Oracle HTTP Server 12.1.3 v2r2
OL07-00-040300 - The Oracle Linux operating system must be configured so that all networked systems have SSH installed.	Unix	DISA Oracle Linux 7 STIG v2r14
OL08-00-040159 - All OL 8 networked systems must have SSH installed.	Unix	DISA Oracle Linux 8 STIG v2r1
OL08-00-040160 - All OL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.	Unix	DISA Oracle Linux 8 STIG v2r1
PGS9-00-007200 - PostgreSQL must maintain the confidentiality and integrity of information during preparation for transmission.	Unix	DISA STIG PostgreSQL 9.x on RHEL OS v2r5
PGS9-00-007200 - PostgreSQL must maintain the confidentiality and integrity of information during preparation for transmission.	PostgreSQLDB	DISA STIG PostgreSQL 9.x on RHEL DB v2r5
PHTN-30-000026 - The Photon operating system must use an OpenSSH server version that does not support protocol 1.	Unix	DISA STIG VMware vSphere 7.0 Photon OS v1r3
PHTN-40-000013 The Photon operating system must have the OpenSSL FIPS provider installed to protect the confidentiality of remote access sessions.	Unix	DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1
PHTN-67-000068 - The Photon operating system must use OpenSSH for remote maintenance sessions.	Unix	DISA STIG VMware vSphere 6.7 Photon OS v1r6
PPS9-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission.	Unix	EDB PostgreSQL Advanced Server OS Linux Audit v2r3
RHEL-07-040300 - The Red Hat Enterprise Linux operating system must be configured so that all networked systems have SSH installed.	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r15

Detections

Analytics

CCI|CCI-002420

Title

Reference Item Details

Audit Items