Skip to content
Log In

CCI-001188

Generate a unique session identifier for each session with organization-defined randomness requirements.

The CA API Gateway must generate unique session identifiers using a FIPS 140-2 approved random number generator.

1 rule found Severity: Medium

Logo

FIPS mode must be enabled on all Docker Engine - Enterprise nodes.

1 rule found Severity: High

Logo

The FortiGate device must generate unique session identifiers using a FIPS 140-2-approved random number generator.

1 rule found Severity: Medium

Logo

The network device must generate unique session identifiers using a FIPS 140-2 approved random number generator.

2 rules found Severity: Medium

Logo

The DataPower Gateway must generate unique session identifiers using a FIPS 140-2 approved random number generator.

1 rule found Severity: Medium

Logo

DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

1 rule found Severity: Medium

Logo

The MQ Appliance messaging server must generate a unique session identifier using a FIPS 140-2 approved random number generator.

1 rule found Severity: Medium

Logo

The WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes.

1 rule found Severity: Medium

Logo

The MQ Appliance network device must generate unique session identifiers using a FIPS 140-2 approved random number generator.

1 rule found Severity: Medium

Logo

MobileIron Sentry must generate unique session identifiers using a FIPS 140-2 approved random number generator.

1 rule found Severity: Medium

Logo

All SCOM servers must be configured for FIPS 140-2 compliance.

1 rule found Severity: High

Logo

Riverbed Optimization System (RiOS) must generate unique session identifiers using a FIPS 140-2 approved random number generator.

1 rule found Severity: Medium

Logo

MongoDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

3 rules found Severity: Medium

Logo

PostgreSQL must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

3 rules found Severity: Medium

Logo

Tomcat must use FIPS-validated ciphers on secured connectors.

1 rule found Severity: High

Logo

The Cisco ASA remote access VPN server must be configured to generate unique session identifiers using a FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.

1 rule found Severity: Medium

Logo

The Cisco ISE must generate unique session identifiers using a FIPS 140-2 approved Random Number Generator (RNG) using DRGB.

1 rule found Severity: Medium

Logo

The WebSphere Liberty Server must use FIPS 140-2 approved encryption modules when authenticating users and processes.

1 rule found Severity: High

Logo

The ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.

1 rule found Severity: Medium

Logo

Sentry must generate unique session identifiers using a FIPS 140-2 approved random number generator.

1 rule found Severity: Medium

Logo

MarkLogic Server must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

1 rule found Severity: Medium

Logo

A private IIS 10.0 website authentication mechanism must use client certificates to transmit session identifier to assure integrity.

1 rule found Severity: Medium

Logo

The IIS 10.0 website must generate unique session identifiers that cannot be reliably reproduced.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

1 rule found Severity: Medium

Logo

The Riverbed NetProfiler must be configured to implement cryptographic mechanisms using a FIPS 140-2/140-3 validated algorithm to protect the confidentiality and integrity of all cryptographic functions.

1 rule found Severity: High

Logo

Automation Controller must implement cryptography mechanisms to protect the integrity of information.

1 rule found Severity: High

Logo

Redis Enterprise DBMS must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

1 rule found Severity: Medium

Logo

The web server must generate a unique session identifier for each session using a FIPS 140-2 approved random number generator.

1 rule found Severity: High

Logo

The web server must generate unique session identifiers that cannot be reliably reproduced.

1 rule found Severity: Medium

Logo

The web server must generate a session ID long enough that it cannot be guessed through brute force.

1 rule found Severity: Medium

Logo

The web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force.

1 rule found Severity: Medium

Logo

The web server must generate unique session identifiers with definable entropy.

1 rule found Severity: Medium

Logo

The Apache web server must use cryptography to protect the integrity of remote sessions.

1 rule found Severity: Medium

Logo

The Apache web server must generate a session ID long enough that it cannot be guessed through brute force.

1 rule found Severity: Medium

Logo

The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force.

1 rule found Severity: High

Logo

The Apache web server must accept only system-generated session identifiers.

1 rule found Severity: Medium

Logo

The Apache web server must generate unique session identifiers that cannot be reliably reproduced.

2 rules found Severity: Medium

Logo

The Apache web server must generate unique session identifiers with definable entropy.

1 rule found Severity: Medium

Logo

The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force.

1 rule found Severity: Medium

Logo

The ALG must generate unique session identifiers using a FIPS 140-2 approved random number generator.

1 rule found Severity: Medium

Logo

The application server must generate a unique session identifier using a FIPS 140-2 approved random number generator.

1 rule found Severity: High

Logo

The application must generate a unique session identifier using a FIPS 140-2/140-3 approved random number generator.

1 rule found Severity: Medium

Logo

The DBMS must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

1 rule found Severity: Medium

Logo

AOS must use FIPS 140-2/140-3 approved algorithms for authentication to a cryptographic module.

1 rule found Severity: High

Logo

The HYCU virtual appliance must generate unique session identifiers using a FIPS 140-2 approved random number generator.

1 rule found Severity: Medium

Logo

MariaDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

1 rule found Severity: Medium

Logo

SQL Server must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

1 rule found Severity: Medium

Logo

The UEM server must generate unique session identifiers using a FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.

1 rule found Severity: High

Logo

The vCenter Server must enable FIPS-validated cryptography.

3 rules found Severity: High

Logo

The VPN Gateway must generate unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.

1 rule found Severity: Medium

Logo

The vCenter PostgreSQL service must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

1 rule found Severity: Medium

Logo

Citrix Delivery Controller must implement DoD-approved encryption.

1 rule found Severity: High

Logo

The SSMC web server must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

1 rule found Severity: High

Logo