CCI-000877
Employ strong authentication in the establishment of nonlocal maintenance and diagnostic sessions.
7 rules found Severity: Medium

6 rules found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Medium

User credentials which would allow remote access to the system by the Service Processor must be removed from the storage system.
1 rule found Severity: High

The Infoblox system must employ strong authenticators in the establishment of non-local maintenance and diagnostic sessions.
1 rule found Severity: Medium

The Infoblox system must be configured to employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
1 rule found Severity: Medium

Nutanix AOS must implement DoD-approved encryption to protect the confidentiality of remote access sessions.
1 rule found Severity: High

Oracle WebLogic must employ strong identification and authentication techniques when establishing nonlocal maintenance and diagnostic sessions.
1 rule found Severity: Medium

Common Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
2 rules found Severity: Medium

The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.
2 rules found Severity: High

The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.
2 rules found Severity: High

The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.
2 rules found Severity: High

The Ubuntu operating system must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions.
2 rules found Severity: Medium

The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.
1 rule found Severity: High

The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.
1 rule found Severity: High

The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.
1 rule found Severity: High

The DNS server implementation must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
2 rules found Severity: Medium

SSMC must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
1 rule found Severity: Medium

AIX must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
1 rule found Severity: High

3 rules found Severity: High

3 rules found Severity: High

3 rules found Severity: Medium

The Oracle Linux 7 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections.
1 rule found Severity: Medium

SLEM 5 must implement DOD-approved encryption to protect the confidentiality of SSH remote connections.
1 rule found Severity: High

SLEM 5 SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2/140-3 approved cryptographic hash algorithms.
1 rule found Severity: High

1 rule found Severity: Medium

NixOS must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
1 rule found Severity: High

The application must employ strong authenticators in the establishment of non-local maintenance and diagnostic sessions.
1 rule found Severity: Medium

Ubuntu 22.04 LTS must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions.
1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: High

The container platform must employ strong authenticators in the establishment of non-local maintenance and diagnostic sessions.
1 rule found Severity: Medium

The operating system must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
1 rule found Severity: High

1 rule found Severity: High

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: High

1 rule found Severity: Medium

1 rule found Severity: High

Prisma Cloud Compute Console must use TLS 1.2 for user interface and API access. Communication TCP ports must adhere to the Ports, Protocols, and Services Management Category Assurance Levels (PSSM CAL).
1 rule found Severity: High

OL 8 must implement NIST FIPS-validated cryptography for the following: To provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
1 rule found Severity: High

The OL 8 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.
1 rule found Severity: Medium

The OL 8 SSH server must be configured to use only ciphers employing FIPS 140-2 validated cryptographic algorithms.
1 rule found Severity: Medium

1 rule found Severity: High

The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.
2 rules found Severity: Medium

The boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception).
2 rules found Severity: Medium

The VMM must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
1 rule found Severity: Medium
