CCI|CCI-002476

Title

Implement cryptographic mechanisms to prevent unauthorized disclosure of organization-defined information at rest on organization-defined system components.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.5.9 Ensure NIST FIPS-validated cryptography is configured - etc	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - grub	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - proc	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - rpm	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIOS-01-080006 - Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted.	MDM	MobileIron - DISA Apple iOS 10 v1r3
AIOS-01-080006 - Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted.	MDM	AirWatch - DISA Apple iOS 10 v1r3
AIX7-00-002096 - AIX must encrypt user data at rest using AIX Encrypted File System (EFS) if it is required - EFS if it is required	Unix	DISA STIG AIX 7.x v2r9
AOSX-13-000780 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-12-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-13-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-14-005020 - The macOS system must enforce FileVault.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-15-005020 - The macOS system must enforce FileVault.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngine	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocol	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Enforce FileVault	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce FileVault	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce FileVault	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce FileVault	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce FileVault	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce FileVault	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce FileVault	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Enforce FileVault	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enforce FileVault	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enforce FileVault	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enforce FileVault	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enforce FileVault	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enforce FileVault	Unix	NIST macOS Catalina v1.5.0 - 800-171
Catalina - Enforce FileVault	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
CD12-00-010500 - PostgreSQL must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.	PostgreSQLDB	DISA STIG Crunchy Data PostgreSQL DB v3r1
DB2X-00-008900 - DB2 must implement and/or support cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DTOO187 - Office System - Rights managed Office Open XML files must be protected.	Windows	DISA STIG Office System 2010 v1r13
DTOO187 - Rights managed Office Open XML files must be protected.	Windows	DISA STIG Microsoft Office System 2016 v2r3
DTOO187 - Rights managed Office Open XML files must be protected.	Windows	DISA STIG Microsoft Office System 2013 v2r2
DTOO321 - Encrypt document properties must be configured for OLE documents.	Windows	DISA STIG Microsoft Office System 2013 v2r2
DTOO321 - Encrypt document properties must be configured for OLE documents.	Windows	DISA STIG Microsoft Office System 2016 v2r3
DTOO321 - Office System - Encrypt document properties must be configured for OLE documents.	Windows	DISA STIG Office System 2010 v1r13
EP11-00-009300 - The EDB Postgres Advanced Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4
EPAS-00-009300 - The EDB Postgres Advanced Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.	Unix	EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1
IIST-SI-000242 - The IIS 10.0 private website must employ cryptographic mechanisms (TLS) and require client certificates.	Windows	DISA IIS 10.0 Site v2r9
IISW-SI-000242 - The IIS 8.5 private website must employ cryptographic mechanisms (TLS) and require client certificates.	Windows	DISA IIS 8.5 Site v2r9
MADB-10-008700 - MariaDB must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.	MySQLDB	DISA MariaDB Enterprise 10.x v2r1 DB
Monterey - Enforce FileVault	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Enforce FileVault	Unix	NIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Enforce FileVault	Unix	NIST macOS Monterey v1.0.0 - 800-171
Monterey - Enforce FileVault	Unix	NIST macOS Monterey v1.0.0 - All Profiles
MYS8-00-012100 - The MySQL Database Server 8.0 must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.	MySQLDB	DISA Oracle MySQL 8.0 v2r1 DB

Detections

Analytics

CCI|CCI-002476

Title

Reference Item Details

Audit Items