Skip to content
Log In

CCI-000067

Employ automated mechanisms to monitor remote access methods.

Set SSH Daemon LogLevel to VERBOSE

35 rules found Severity: Medium

Logo

Ensure remote access methods are monitored in Rsyslog

12 rules found Severity: Medium

Logo

If the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to enable audit logs.

2 rules found Severity: Medium

Logo

The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.

1 rule found Severity: Medium

Logo

The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.

1 rule found Severity: Medium

Logo

The FortiGate firewall must use organization-defined filtering rules that apply to the monitoring of remote access traffic for the traffic from the VPN access points.

1 rule found Severity: Medium

Logo

The MQ Appliance messaging server must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.

1 rule found Severity: Medium

Logo

The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes.

1 rule found Severity: Medium

Logo

The WebSphere Application Server security auditing must be enabled.

1 rule found Severity: Medium

Logo

The WebSphere Application Server groups in the user registry mapped to WebSphere auditor roles must be configured in accordance with the security plan.

1 rule found Severity: Medium

Logo

The WebSphere Application Server users in the WebSphere auditor role must be configured in accordance with the System Security Plan.

1 rule found Severity: Medium

Logo

The WebSphere Application Server audit event type filters must be configured.

1 rule found Severity: Medium

Logo

The WebSphere Application Server audit service provider must be enabled.

1 rule found Severity: Medium

Logo

CA VM:Secure product must be installed and operating.

1 rule found Severity: Medium

Logo

For FTP processing Z/VM TCP/IP FTP server Exit must be enabled.

1 rule found Severity: Medium

Logo

Nutanix AOS must monitor remote access methods.

1 rule found Severity: Medium

Logo

OHS must have the LoadModule log_config_module directive enabled to generate information to be used by external applications or entities to monitor and control remote access.

1 rule found Severity: Medium

Logo

OHS must have the OraLogMode set to Oracle Diagnostic Logging text mode to generate information to be used by external applications or entities to monitor and control remote access.

1 rule found Severity: Medium

Logo

OHS must have a log directory location defined to generate information for use by external applications or entities to monitor and control remote access.

1 rule found Severity: Medium

Logo

OHS must have the OraLogSeverity directive defined to generate adequate information to be used by external applications or entities to monitor and control remote access.

1 rule found Severity: Medium

Logo

OHS must have the log rotation parameter set to allow generated information to be used by external applications or entities to monitor and control remote access.

1 rule found Severity: Medium

Logo

OHS must have a log format defined to generate adequate information to be used by external applications or entities to monitor and control remote access.

1 rule found Severity: Medium

Logo

OHS must have a SSL log format defined to allow generated information to be used by external applications or entities to monitor and control remote access in accordance with the categorization of data hosted by the web server.

1 rule found Severity: Medium

Logo

OHS must have a log file defined for each site/virtual host to capture information to be used by external applications or entities to monitor and control remote access.

1 rule found Severity: Medium

Logo

Oracle WebLogic must employ automated mechanisms to facilitate the monitoring and control of remote access methods.

1 rule found Severity: Medium

Logo

Oracle WebLogic must ensure remote sessions for accessing security functions and security-relevant information are audited.

1 rule found Severity: Medium

Logo

The Riverbed Optimization System (RiOS) must be configured to ensure inbound and outbound traffic is forwarded to be inspected by the firewall and IDPS in compliance with remote access security policies.

1 rule found Severity: Medium

Logo

If Symantec ProxySG filters externally initiated traffic, reverse proxy services must be configured.

1 rule found Severity: Medium

Logo

Symantec ProxySG providing intermediary services for remote access communications traffic must ensure outbound traffic is monitored for compliance with remote access security policies.

1 rule found Severity: Medium

Logo

The Horizon Connection Server must be configured to debug level logging.

1 rule found Severity: Medium

Logo

The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must monitor remote access methods.

2 rules found Severity: Medium

Logo

Inbound exceptions to the firewall on domain workstations must only allow authorized remote management hosts.

1 rule found Severity: Medium

Logo

The BIG-IP Core implementation must be configured to monitor inbound traffic for remote access policy compliance when accepting connections to virtual servers.

1 rule found Severity: Medium

Logo

AccessLogValve must be configured for each application context.

1 rule found Severity: Medium

Logo

The Cisco ASA must be configured to restrict VPN traffic according to organization-defined filtering rules.

1 rule found Severity: Medium

Logo

The F5 BIG-IP appliance providing intermediary services for remote access communications traffic must ensure inbound and outbound traffic is monitored for compliance with remote access security policies.

1 rule found Severity: Medium

Logo

The F5 BIG-IP appliance that filters traffic from the VPN access points must be configured with organization-defined filtering rules that apply to the monitoring of remote access traffic.

1 rule found Severity: Medium

Logo

SSMC web server must generate information to be used by external applications or entities to monitor and control remote access.

3 rules found Severity: Medium

Logo

The WebSphere Liberty Server must log remote session and security activity.

1 rule found Severity: Medium

Logo

AIX must monitor and record successful remote logins.

1 rule found Severity: Medium

Logo

AIX must monitor and record unsuccessful remote logins.

1 rule found Severity: Medium

Logo

The system must be configured to audit Logon/Logoff - Logoff successes.

2 rules found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Logon/Logoff - Logoff successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Logon/Logoff - Logon successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Logon/Logoff - Logon failures.

1 rule found Severity: Medium

Logo

The Automation Controller must generate the appropriate log records.

1 rule found Severity: Medium

Logo

SLEM 5 must log SSH connection attempts and failures to the server.

1 rule found Severity: Medium

Logo

TOSS must monitor remote access methods.

1 rule found Severity: Medium

Logo

The web server must generate information to be used by external applications or entities to monitor and control remote access.

1 rule found Severity: Medium

Logo

If a VPN is used in the AD implementation, the traffic must be inspected by the network Intrusion detection system (IDS).

1 rule found Severity: Medium

Logo

NixOS must monitor remote access methods.

1 rule found Severity: Medium

Logo

Apple iOS/iPadOS 18 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device.

1 rule found Severity: Low

Logo

Apple iOS/iPadOS 18 must implement the management setting: require passcode for incoming Airplay connection requests.

1 rule found Severity: Low

Logo

The macOS system must be configured to audit all log on and log out events.

1 rule found Severity: Medium

Logo

The macOS system must be configured to audit all login and logout events.

1 rule found Severity: Medium

Logo

The ALG providing intermediary services for remote access communications traffic must ensure inbound and outbound traffic is monitored for compliance with remote access security policies.

1 rule found Severity: Medium

Logo

The application server must ensure remote sessions for accessing security functions and security-relevant information are logged.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must monitor remote access methods.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must log SSH connection attempts and failures to the server.

1 rule found Severity: Medium

Logo

All AlmaLinux OS 9 remote access methods must be monitored.

1 rule found Severity: Medium

Logo

The firewall that filters traffic from the VPN access points must be configured with organization-defined filtering rules that apply to the monitoring of remote access traffic.

1 rule found Severity: Medium

Logo

The operating system must monitor remote access methods.

1 rule found Severity: Medium

Logo

IBM z/OS SMF recording options for the FTP Server must be configured to write SMF records for all eligible events.

2 rules found Severity: Medium

Logo

The IBM z/OS BPX.SMF resource must be properly configured.

3 rules found Severity: Medium

Logo

IBM z/OS SMF recording options for the SSH daemon must be configured to write SMF records for all eligible events.

3 rules found Severity: Medium

Logo

IBM z/OS PROFILE.TCPIP configuration statements for the TCP/IP stack must be coded properly.

2 rules found Severity: Medium

Logo

IBM z/OS SMF recording options for the TN3270 Telnet Server must be properly specified.

2 rules found Severity: Medium

Logo

IBM z/OS TCP/IP AT-TLS policy must be properly configured in Policy Agent.

3 rules found Severity: Medium

Logo

IBM z/OS SMF recording options for the FTP server must be configured to write SMF records for all eligible events.

1 rule found Severity: Medium

Logo

IBM z/OS PROFILE.TCPIP configuration statements for the TCP/IP stack must be properly coded.

1 rule found Severity: Medium

Logo

IBM z/OS SMF recording options for the TN3270 Telnet server must be properly specified.

1 rule found Severity: Medium

Logo

The Juniper SRX Services Gateway VPN device also fulfills the role of IDPS in the architecture, the device must inspect the VPN traffic in compliance with DoD IDPS requirements.

1 rule found Severity: Medium

Logo

SharePoint must ensure remote sessions for accessing security functions and security-relevant information are audited.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit logon successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit logon failures.

1 rule found Severity: Medium

Logo

The system must be configured to audit Logon/Logoff - Logon failures.

1 rule found Severity: Medium

Logo

The system must be configured to audit Logon/Logoff - Logon successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit logon successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit logon failures.

1 rule found Severity: Medium

Logo

All OL 8 remote access methods must be monitored.

1 rule found Severity: Medium

Logo

The Palo Alto Networks security platform, if used to provide intermediary services for remote access communications traffic (TLS or SSL decryption), must ensure inbound and outbound traffic is monitored for compliance with remote access security policies.

1 rule found Severity: Medium

Logo

All RHEL 8 remote access methods must be monitored.

1 rule found Severity: Medium

Logo

RHEL 9 must log SSH connection attempts and failures to the server.

1 rule found Severity: Medium

Logo

All RHEL 9 remote access methods must be monitored.

1 rule found Severity: Medium

Logo

The SUSE operating system must log SSH connection attempts and failures to the server.

2 rules found Severity: Medium

Logo

The audit system must be configured to audit login, logout, and session initiation.

2 rules found Severity: Low

Logo

The VMM must monitor remote access methods automatically.

1 rule found Severity: Medium

Logo

The NSX Tier-0 Gateway Firewall must generate traffic log entries.

1 rule found Severity: Medium

Logo

Remote logging for ESXi hosts must be configured.

1 rule found Severity: Medium

Logo

The NSX Tier-1 Gateway firewall must generate traffic log entries.

1 rule found Severity: Medium

Logo

ESX Agent Manager must record user access in a format that enables monitoring of remote access.

1 rule found Severity: Medium

Logo

VAMI must be configured to monitor remote access.

1 rule found Severity: Medium

Logo

Lookup Service must record user access in a format that enables monitoring of remote access.

1 rule found Severity: Medium

Logo

Performance Charts must record user access in a format that enables monitoring of remote access.

1 rule found Severity: Medium

Logo

The Photon operating system must have the sshd SyslogFacility set to "authpriv".

1 rule found Severity: Medium

Logo

The Photon operating system must have sshd authentication logging enabled.

1 rule found Severity: Medium

Logo

The Photon operating system must have the sshd LogLevel set to "INFO".

1 rule found Severity: Medium

Logo

The vCenter ESX Agent Manager service must produce log records containing sufficient information regarding event details.

2 rules found Severity: Medium

Logo

vSphere UI must record user access in a format that enables monitoring of remote access.

1 rule found Severity: Medium

Logo

The Security Token Service must record user access in a format that enables monitoring of remote access.

1 rule found Severity: Medium

Logo

The vCenter Lookup service must produce log records containing sufficient information regarding event details.

2 rules found Severity: Medium

Logo

The vCenter Perfcharts service must produce log records containing sufficient information regarding event details.

2 rules found Severity: Medium

Logo

The Photon operating system must monitor remote access logins.

2 rules found Severity: Medium

Logo

The Photon operating system must configure the Secure Shell (SSH) SyslogFacility.

2 rules found Severity: Medium

Logo

The Photon operating system must enable Secure Shell (SSH) authentication logging.

2 rules found Severity: Medium

Logo

The vCenter STS service must produce log records containing sufficient information regarding event details.

2 rules found Severity: Medium

Logo

The vCenter UI service must produce log records containing sufficient information regarding event details.

2 rules found Severity: Medium

Logo

The vCenter VAMI service must generate information to monitor remote access.

2 rules found Severity: Medium

Logo

The BIG-IP ASM module supporting intermediary services for remote access communications traffic must ensure inbound traffic is monitored for compliance with remote access security policies.

1 rule found Severity: Medium

Logo