CCI-000778

Uniquely identify organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection.

14 rules found Severity: Medium

14 rules found Severity: Low

27 rules found Severity: Medium

23 rules found Severity: Medium

6 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Medium

3 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Medium

2 rules found Severity: High

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: High

CCI-000778

Disable GNOME3 Automounting

Disable GNOME3 Automount Opening

Disable GNOME3 Automount running

Disable the Automounter

Disable Modprobe Loading of USB Storage Driver

Configure Certificate Directives for LDAP Use of TLS

The Arista Multilayer Switch must uniquely identify all network-connected endpoint devices before establishing any connection.

When using non-Grid DNS servers for zone transfers, each name server must use TSIG to uniquely identify the other server.

The MQ Appliance messaging server must uniquely identify all network-connected endpoint devices before establishing any connection.

The WebSphere Application Server Single Sign On (SSO) must have SSL enabled for Web and SIP Security.

Infoblox systems which are configured to perform zone transfers to non-Grid name servers must utilize transaction signatures (TSIG).

The Windows 2012 DNS Server must uniquely identify the other DNS server before responding to a server-to-server transaction.

Nutanix AOS must be configured to disable USB mass storage devices.

The Tanium endpoint must have the Tanium Servers public key in its installation, which will allow it to authenticate and uniquely identify all network-connected endpoint devices before establishing any connection.

The Tanium endpoint must have the Tanium Servers public key in its installation.

The Red Hat Enterprise Linux operating system must be configured to disable USB mass storage.

The Red Hat Enterprise Linux operating system must disable the file system automounter unless required.

The Red Hat Enterprise Linux operating system must disable the graphical user interface automounter unless required.

The BIND 9.x server implementation must utilize separate TSIG key-pairs when securing server-to-server transactions.

The Cisco ASA VPN gateway must be configured to identify all peers before establishing a connection.

The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection.

The Cisco ISE must deny network connection for endpoints that cannot be authenticated using an approved method. This is required for compliance with C2C Step 4.

The DNS server implementation must uniquely identify the other DNS server before responding to a server-to-server transaction.

The F5 BIG-IP must be configured to identify and authenticate all endpoint devices or peers before establishing a connection.

An authoritative name server must be configured to enable DNSSEC Resource Records.

The Enterprise Voice, Video, and Messaging Session Manager must be configured to uniquely identify each Voice Video Endpoint device before registration.

AIX must configure the ttys value for all interactive users.

The Juniper EX switch must be configured to uniquely identify all network-connected endpoint devices before establishing any connection.

The JBoss server must be configured to bind the management interfaces to only management networks.

The layer 2 switch must uniquely identify all network-connected endpoint devices before establishing any connection.

IPSec network encryption must be configured.

The Windows DNS Server must uniquely identify the other DNS server before responding to a server-to-server transaction.

The Oracle Linux operating system must be configured to disable USB mass storage.

The Oracle Linux operating system must disable the file system automounter unless required.

The Oracle Linux operating system must disable the graphical user interface automounter unless required.

SLEM 5 must disable the file system automounter unless required.

The Tanium endpoint must have the Tanium Server's pki.db in its installation.

The TOSS file system automounter must be disabled unless required.

TOSS must be configured to disable USB mass storage.

NixOS must enable USBguard.

AAA Services used for 802.1x must be configured to uniquely identify network endpoints (supplicants) before the authenticator establishes any connection.

The application must utilize mutual authentication when endpoint device non-repudiation protections are required by DoD policy or by the data owner.

The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection.

The container platform must uniquely identify all network-connected nodes before establishing any connection.

AlmaLinux OS 9 must be configured to disable USB mass storage.

AlmaLinux OS 9 must disable the graphical user interface automount function unless required.

AlmaLinux OS 9 must prevent a user from overriding the disabling of the graphical user interface automount function.

AlmaLinux OS 9 must prevent a user from overriding the disabling of the graphical user interface autorun function.

AlmaLinux OS 9 must not have the autofs package installed.

The Dell OS10 Switch must uniquely identify all network-connected endpoint devices before establishing any connection.

Forescout must deny network connection for endpoints that cannot be authenticated using an approved method. This is required for compliance with C2C Step 4.

The operating system must uniquely identify peripherals before establishing a connection.

AOS, when used as a VPN Gateway, must uniquely identify all network-connected endpoint devices before establishing a connection.

The OL 8 file system automounter must be disabled unless required.

OL 8 must be configured to disable the ability to use USB mass storage devices.

RHEL 9 file system automount function must be disabled unless required.

The RHEL 8 file system automounter must be disabled unless required.

RHEL 8 must be configured to disable USB mass storage.

RHEL 9 must disable the graphical user interface automount function unless required.

RHEL 9 must prevent a user from overriding the disabling of the graphical user interface automount function.

RHEL 9 must prevent a user from overriding the disabling of the graphical user interface autorun function.

RHEL 9 must be configured to disable USB mass storage.

The SUSE operating system must disable the file system automounter unless required.

The VMM must uniquely identify peripherals before establishing a connection.

The Photon operating system must disable the loading of unnecessary kernel modules.

The Photon operating system must disable unnecessary kernel modules.

The VPN Gateway must uniquely identify all network-connected endpoint devices before establishing a connection.

The SEL-2740S must uniquely identify all network-connected endpoint devices before establishing any connection.

The Arista MLS layer 2 switch must uniquely identify all network-connected endpoint devices before establishing any connection.