Detections
Analytics

CCI|CCI-003123

Title

Implement organization-defined cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIX7-00-002097 - AIX must protect the confidentiality and integrity of transmitted information during preparation for transmission and maintain the confidentiality and integrity of information during reception and disable all non-encryption network access methods.UnixDISA STIG AIX 7.x v3r1
AMLS-NM-000350 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications - api httpAristaDISA STIG Arista MLS DCS-7000 Series NDM v1r4
AMLS-NM-000350 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications - api httpsAristaDISA STIG Arista MLS DCS-7000 Series NDM v1r4
AMLS-NM-000350 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications - telnetAristaDISA STIG Arista MLS DCS-7000 Series NDM v1r4
AOSX-13-000056 - The macOS system must implement an approved Key Exchange Algorithm.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000605 - The macOS system must not use telnet.UnixDISA STIG Apple Mac OSX 10.13 v2r5
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r5
APPL-12-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 13 v1r4
APPL-13-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.UnixDISA STIG Apple macOS 13 v1r4
APPL-15-000054 - The macOS system must limit SSHD to FIPS-compliant connections.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
ARST-ND-000700 - The Arista network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.AristaDISA STIG Arista MLS EOS 4.2x NDM v2r1
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
CASA-ND-001150 - The Cisco ASA must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.CiscoDISA STIG Cisco ASA NDM v2r2
Catalina - Enable SSH for Remote Access SessionsUnixNIST macOS Catalina v1.5.0 - All Profiles
CISC-ND-001210 - The Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.CiscoDISA STIG Cisco IOS-XR Router NDM v3r2
CISC-ND-001210 - The Cisco switch must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.CiscoDISA STIG Cisco NX-OS Switch NDM v3r2
JUNI-ND-001200 - The Juniper router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.JuniperDISA STIG Juniper Router NDM v3r1
JUSX-DM-000152 - For nonlocal maintenance sessions, the Juniper SRX Services Gateway must ensure only zones where management functionality is desired have host-inbound-traffic system-services configured.JuniperDISA Juniper SRX Services Gateway NDM v3r2
PHTN-40-000013 The Photon operating system must have the OpenSSL FIPS provider installed to protect the confidentiality of remote access sessions.UnixDISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1
RHEL-09-672010 - RHEL 9 must have the crypto-policies package installed.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-672045 - RHEL 9 must implement a systemwide encryption policy.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
WN10-CC-000335 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic.WindowsDISA Windows 10 STIG v3r2
WN10-CC-000350 - The Windows Remote Management (WinRM) service must not allow unencrypted traffic.WindowsDISA Windows 10 STIG v3r2
WN11-CC-000350 - The Windows Remote Management (WinRM) service must not allow unencrypted traffic.WindowsDISA Windows 11 STIG v2r2
WN12-CC-000124 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic.WindowsDISA Windows Server 2012 and 2012 R2 MS STIG v3r7
WN12-CC-000124 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic.WindowsDISA Windows Server 2012 and 2012 R2 DC STIG v3r7
WN12-CC-000127 - The Windows Remote Management (WinRM) service must not allow unencrypted traffic.WindowsDISA Windows Server 2012 and 2012 R2 MS STIG v3r7
WN12-CC-000127 - The Windows Remote Management (WinRM) service must not allow unencrypted traffic.WindowsDISA Windows Server 2012 and 2012 R2 DC STIG v3r7
WN16-CC-000510 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic.WindowsDISA Windows Server 2016 STIG v2r9
WN16-CC-000540 - The Windows Remote Management (WinRM) service must not allow unencrypted traffic.WindowsDISA Windows Server 2016 STIG v2r9
WN19-CC-000480 - Windows Server 2019 Windows Remote Management (WinRM) client must not allow unencrypted traffic.WindowsDISA Windows Server 2019 STIG v3r2
WN19-CC-000510 - Windows Server 2019 Windows Remote Management (WinRM) service must not allow unencrypted traffic.WindowsDISA Windows Server 2019 STIG v3r2
WN22-CC-000480 - Windows Server 2022 Windows Remote Management (WinRM) client must not allow unencrypted traffic.WindowsDISA Windows Server 2022 STIG v2r2
WN22-CC-000510 - Windows Server 2022 Windows Remote Management (WinRM) service must not allow unencrypted traffic.WindowsDISA Windows Server 2022 STIG v2r2