Capacity
CCI-000067
Employ automated mechanisms to monitor remote access methods.
30
Rule
Severity: Medium
Set SSH Daemon LogLevel to VERBOSE
10
Rule
Severity: Medium
Ensure remote access methods are monitored in Rsyslog
2
Rule
Severity: Medium
If a VPN is used in the AD implementation, the traffic must be inspected by the network Intrusion detection system (IDS).
2
Rule
Severity: Medium
The ALG providing intermediary services for remote access communications traffic must ensure inbound and outbound traffic is monitored for compliance with remote access security policies.
2
Rule
Severity: Medium
The application server must ensure remote sessions for accessing security functions and security-relevant information are logged.
2
Rule
Severity: Medium
If the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to enable audit logs.
1
Rule
Severity: Medium
The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.
1
Rule
Severity: Medium
The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.
2
Rule
Severity: Medium
The firewall that filters traffic from the VPN access points must be configured with organization-defined filtering rules that apply to the monitoring of remote access traffic.
1
Rule
Severity: Medium
The FortiGate firewall must use organization-defined filtering rules that apply to the monitoring of remote access traffic for the traffic from the VPN access points.
1
Rule
Severity: Medium
The MQ Appliance messaging server must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.
2
Rule
Severity: Medium
The WebSphere Liberty Server must log remote session and security activity.
1
Rule
Severity: Medium
The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes.
1
Rule
Severity: Medium
The WebSphere Application Server security auditing must be enabled.
1
Rule
Severity: Medium
The WebSphere Application Server groups in the user registry mapped to WebSphere auditor roles must be configured in accordance with the security plan.
1
Rule
Severity: Medium
The WebSphere Application Server users in the WebSphere auditor role must be configured in accordance with the System Security Plan.
1
Rule
Severity: Medium
The WebSphere Application Server audit event type filters must be configured.
1
Rule
Severity: Medium
The WebSphere Application Server audit service provider must be enabled.
1
Rule
Severity: Medium
CA VM:Secure product must be installed and operating.
1
Rule
Severity: Medium
For FTP processing Z/VM TCP/IP FTP server Exit must be enabled.
2
Rule
Severity: Medium
The Juniper SRX Services Gateway VPN device also fulfills the role of IDPS in the architecture, the device must inspect the VPN traffic in compliance with DoD IDPS requirements.
1
Rule
Severity: Medium
SharePoint must ensure remote sessions for accessing security functions and security-relevant information are audited.
1
Rule
Severity: Medium
Nutanix AOS must monitor remote access methods.
1
Rule
Severity: Medium
OHS must have the LoadModule log_config_module directive enabled to generate information to be used by external applications or entities to monitor and control remote access.
1
Rule
Severity: Medium
OHS must have the OraLogMode set to Oracle Diagnostic Logging text mode to generate information to be used by external applications or entities to monitor and control remote access.
1
Rule
Severity: Medium
OHS must have a log directory location defined to generate information for use by external applications or entities to monitor and control remote access.
1
Rule
Severity: Medium
OHS must have the OraLogSeverity directive defined to generate adequate information to be used by external applications or entities to monitor and control remote access.
1
Rule
Severity: Medium
OHS must have the log rotation parameter set to allow generated information to be used by external applications or entities to monitor and control remote access.
1
Rule
Severity: Medium
OHS must have a log format defined to generate adequate information to be used by external applications or entities to monitor and control remote access.
1
Rule
Severity: Medium
OHS must have a SSL log format defined to allow generated information to be used by external applications or entities to monitor and control remote access in accordance with the categorization of data hosted by the web server.
1
Rule
Severity: Medium
OHS must have a log file defined for each site/virtual host to capture information to be used by external applications or entities to monitor and control remote access.
1
Rule
Severity: Medium
Oracle WebLogic must employ automated mechanisms to facilitate the monitoring and control of remote access methods.
1
Rule
Severity: Medium
Oracle WebLogic must ensure remote sessions for accessing security functions and security-relevant information are audited.
1
Rule
Severity: Medium
The Riverbed Optimization System (RiOS) must be configured to ensure inbound and outbound traffic is forwarded to be inspected by the firewall and IDPS in compliance with remote access security policies.
1
Rule
Severity: Medium
If Symantec ProxySG filters externally initiated traffic, reverse proxy services must be configured.
1
Rule
Severity: Medium
Symantec ProxySG providing intermediary services for remote access communications traffic must ensure outbound traffic is monitored for compliance with remote access security policies.
1
Rule
Severity: Medium
The Horizon Connection Server must be configured to debug level logging.
2
Rule
Severity: Medium
AccessLogValve must be configured for each application context.
4
Rule
Severity: Medium
The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur.
2
Rule
Severity: Medium
The macOS system must be configured to audit all log on and log out events.
3
Rule
Severity: Medium
The Ubuntu operating system must monitor remote access methods.
2
Rule
Severity: Medium
The Cisco ASA must be configured to restrict VPN traffic according to organization-defined filtering rules.
2
Rule
Severity: Medium
The operating system must monitor remote access methods.
6
Rule
Severity: Medium
SSMC web server must generate information to be used by external applications or entities to monitor and control remote access.
2
Rule
Severity: Medium
AIX must monitor and record successful remote logins.
2
Rule
Severity: Medium
AIX must monitor and record unsuccessful remote logins.
4
Rule
Severity: Medium
IBM z/OS SMF recording options for the FTP Server must be configured to write SMF records for all eligible events.
6
Rule
Severity: Medium
The IBM z/OS BPX.SMF resource must be properly configured.
6
Rule
Severity: Medium
IBM z/OS SMF recording options for the SSH daemon must be configured to write SMF records for all eligible events.
4
Rule
Severity: Medium
IBM z/OS PROFILE.TCPIP configuration statements for the TCP/IP stack must be coded properly.
4
Rule
Severity: Medium
IBM z/OS SMF recording options for the TN3270 Telnet Server must be properly specified.
6
Rule
Severity: Medium
IBM z/OS TCP/IP AT-TLS policy must be properly configured in Policy Agent.
2
Rule
Severity: Medium
IBM z/OS SMF recording options for the FTP server must be configured to write SMF records for all eligible events.
2
Rule
Severity: Medium
IBM z/OS PROFILE.TCPIP configuration statements for the TCP/IP stack must be properly coded.
2
Rule
Severity: Medium
IBM z/OS SMF recording options for the TN3270 Telnet server must be properly specified.
4
Rule
Severity: Medium
The system must be configured to audit Logon/Logoff - Logoff successes.
2
Rule
Severity: Medium
The system must be configured to audit Logon/Logoff - Logon failures.
2
Rule
Severity: Medium
The system must be configured to audit Logon/Logoff - Logon successes.
1
Rule
Severity: Medium
Inbound exceptions to the firewall on domain workstations must only allow authorized remote management hosts.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Logon/Logoff - Logoff successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Logon/Logoff - Logon successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Logon/Logoff - Logon failures.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit logon successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit logon failures.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit logon successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit logon failures.
2
Rule
Severity: Medium
All OL 8 remote access methods must be monitored.
2
Rule
Severity: Medium
The Palo Alto Networks security platform, if used to provide intermediary services for remote access communications traffic (TLS or SSL decryption), must ensure inbound and outbound traffic is monitored for compliance with remote access security policies.
2
Rule
Severity: Medium
The Automation Controller must generate the appropriate log records.
2
Rule
Severity: Medium
All RHEL 8 remote access methods must be monitored.
2
Rule
Severity: Medium
RHEL 9 must log SSH connection attempts and failures to the server.
4
Rule
Severity: Medium
The SUSE operating system must log SSH connection attempts and failures to the server.
2
Rule
Severity: Medium
All RHEL 9 remote access methods must be monitored.
4
Rule
Severity: Low
The audit system must be configured to audit login, logout, and session initiation.
2
Rule
Severity: Medium
The VMM must monitor remote access methods automatically.
1
Rule
Severity: Medium
Remote logging for ESXi hosts must be configured.
1
Rule
Severity: Medium
VAMI must be configured to monitor remote access.
1
Rule
Severity: Medium
Performance Charts must record user access in a format that enables monitoring of remote access.
1
Rule
Severity: Medium
ESX Agent Manager must record user access in a format that enables monitoring of remote access.
1
Rule
Severity: Medium
Lookup Service must record user access in a format that enables monitoring of remote access.
1
Rule
Severity: Medium
The Photon operating system must have the sshd SyslogFacility set to "authpriv".
1
Rule
Severity: Medium
The Photon operating system must have sshd authentication logging enabled.
1
Rule
Severity: Medium
The Photon operating system must have the sshd LogLevel set to "INFO".
3
Rule
Severity: Medium
The vCenter ESX Agent Manager service must produce log records containing sufficient information regarding event details.
1
Rule
Severity: Medium
The Security Token Service must record user access in a format that enables monitoring of remote access.
3
Rule
Severity: Medium
The vCenter Lookup service must produce log records containing sufficient information regarding event details.
1
Rule
Severity: Medium
vSphere UI must record user access in a format that enables monitoring of remote access.
3
Rule
Severity: Medium
The vCenter Perfcharts service must produce log records containing sufficient information regarding event details.
3
Rule
Severity: Medium
The Photon operating system must monitor remote access logins.
3
Rule
Severity: Medium
The Photon operating system must configure the Secure Shell (SSH) SyslogFacility.
3
Rule
Severity: Medium
The Photon operating system must enable Secure Shell (SSH) authentication logging.
3
Rule
Severity: Medium
The vCenter STS service must produce log records containing sufficient information regarding event details.
3
Rule
Severity: Medium
The vCenter UI service must produce log records containing sufficient information regarding event details.
3
Rule
Severity: Medium
The vCenter VAMI service must generate information to monitor remote access.
2
Rule
Severity: Medium
The web server must generate information to be used by external applications or entities to monitor and control remote access.
1
Rule
Severity: Medium
The BIG-IP Core implementation must be configured to monitor inbound traffic for remote access policy compliance when accepting connections to virtual servers.
1
Rule
Severity: Medium
The macOS system must be configured to audit all login and logout events.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must monitor remote access methods.
1
Rule
Severity: Medium
The F5 BIG-IP appliance providing intermediary services for remote access communications traffic must ensure inbound and outbound traffic is monitored for compliance with remote access security policies.
1
Rule
Severity: Medium
The F5 BIG-IP appliance that filters traffic from the VPN access points must be configured with organization-defined filtering rules that apply to the monitoring of remote access traffic.
1
Rule
Severity: Medium
SLEM 5 must log SSH connection attempts and failures to the server.
1
Rule
Severity: Medium
TOSS must monitor remote access methods.
1
Rule
Severity: Medium
The NSX Tier-0 Gateway Firewall must generate traffic log entries.
1
Rule
Severity: Low
Apple iOS/iPadOS 18 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device.
1
Rule
Severity: Low
Apple iOS/iPadOS 18 must implement the management setting: require passcode for incoming Airplay connection requests.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules