CCI|CCI-002450

Title

Implement organization-defined types of cryptography for each specified cryptography use.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.5.9 Ensure NIST FIPS-validated cryptography is configured - etcUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - grubUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - procUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - rpmUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.077 - The system is not configured to use FIPS compliant Algorithms for Encryption, Hashing, and Signing.WindowsDISA Windows Vista STIG v6r41
AADC-CL-000955 - Adobe Acrobat Pro DC Classic FIPS mode must be enabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-000955 - Adobe Acrobat Pro DC Continuous FIPS mode must be enabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-000955 - Adobe Acrobat Pro XI FIPS mode must be enabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000750 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple macOS 11 v1r8
APPL-12-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple macOS 13 v1r4
APPL-14-000054 - The macOS system must limit SSHD to FIPS-compliant connections.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000057 - The macOS system must limit SSH to FIPS-compliant connections.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-000054 - The macOS system must limit SSHD to FIPS-compliant connections.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000057 - The macOS system must limit SSH to FIPS-compliant connections.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPNET0062 - The .NET CLR must be configured to use FIPS approved encryption modules.WindowsDISA STIG for Microsoft Dot Net Framework 4.0 v2r4
ARDC-CL-000345 - Adobe Reader DC must enable FIPS mode.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000345 - Adobe Reader DC must enable FIPS mode.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - All Profiles
BIND-9X-001120 - A BIND 9.x server must implement NIST FIPS-validated cryptography for provisioning digital signatures and generating cryptographic hashes.UnixDISA BIND 9.x STIG v2r3
CASA-VN-000170 - The Cisco ASA must be configured to use NIST FIPS-validated cryptography for Internet Key Exchange (IKE) Phase 1.CiscoDISA STIG Cisco ASA VPN v2r2
CASA-VN-000190 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to generate cryptographic hashes.CiscoDISA STIG Cisco ASA VPN v2r2
CASA-VN-000200 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to implement IPsec encryption services.CiscoDISA STIG Cisco ASA VPN v2r2
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network.CiscoDISA STIG Cisco ASA VPN v2r2
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network.CiscoDISA STIG Cisco ASA VPN v2r2
CD12-00-008000 - PostgreSQL must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-008100 - PostgreSQL must use NSA-approved cryptography to protect classified information in accordance with the data owner's requirements.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
CD12-00-008200 - PostgreSQL must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owner's requirements.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CNTR-R2-000010 Rancher RKE2 must protect authenticity of communications sessions with the use of FIPS-validated 140-2 or 140-3 security requirements for cryptographic modules.UnixDISA Rancher Government Solutions RKE2 STIG v2r2