Capacity
CCI-001453
Implement cryptographic mechanisms to protect the integrity of remote access sessions.
1
Rule
Severity: Medium
Firefox must be configured to allow only TLS 1.2 or above.
16
Rule
Severity: Medium
Configure OpenSSL library to use System Crypto Policy
16
Rule
Severity: Medium
Configure SSH to use System Crypto Policy
8
Rule
Severity: Medium
Enable the LDAP Client For Use in Authconfig
8
Rule
Severity: Medium
Configure LDAP Client to Use TLS For All Transactions
5
Rule
Severity: Medium
Configure Certificate Directives for LDAP Use of TLS
10
Rule
Severity: Medium
Use Only FIPS 140-2 Validated Key Exchange Algorithms
17
Rule
Severity: Medium
Use Only FIPS 140-2 Validated MACs
7
Rule
Severity: Medium
Configure SSSD LDAP Backend Client CA Certificate
7
Rule
Severity: Medium
Configure SSSD LDAP Backend Client CA Certificate Location
7
Rule
Severity: Medium
Configure SSSD LDAP Backend Client to Demand a Valid Certificate from the Server
7
Rule
Severity: High
Configure SSSD LDAP Backend to Use TLS For All Transactions
9
Rule
Severity: High
Set kernel parameter 'crypto.fips_enabled' to 1
6
Rule
Severity: Medium
Configure GnuTLS library to use DoD-approved TLS Encryption
6
Rule
Severity: Medium
Configure OpenSSL library to use TLS Encryption
7
Rule
Severity: High
Configure SSH Client to Use FIPS 140-2 Validated Ciphers: openssh.config
6
Rule
Severity: Medium
Configure SSH Server to Use FIPS 140-2 Validated Ciphers: opensshserver.config
7
Rule
Severity: Medium
Configure SSH Client to Use FIPS 140-2 Validated MACs: openssh.config
6
Rule
Severity: Medium
Configure SSH Server to Use FIPS 140-2 Validated MACs: opensshserver.config
1
Rule
Severity: High
Compliance Guardian must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.
4
Rule
Severity: Medium
The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.
2
Rule
Severity: High
An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
2
Rule
Severity: Medium
The ALG providing intermediary services for remote access communications traffic must use NIST FIPS-validated cryptography to protect the integrity of remote access sessions.
2
Rule
Severity: Medium
The application server must implement cryptography mechanisms to protect the integrity of the remote access session.
2
Rule
Severity: Medium
The application must implement cryptographic mechanisms to protect the integrity of remote access sessions.
2
Rule
Severity: Medium
Applications with SOAP messages requiring integrity must include the following message elements:-Message ID-Service Request-Timestamp-SAML Assertion (optionally included in messages) and all elements of the message must be digitally signed.
1
Rule
Severity: Medium
The CA API Gateway providing intermediary services for remote access communications traffic must use NIST FIPS-validated cryptography to protect the integrity of remote access sessions.
1
Rule
Severity: Medium
If the BlackBerry Connect service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to enable SSL support for BlackBerry Proxy and use only DoD approved certificates.
2
Rule
Severity: High
If the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to use SSL for LDAP lookup to connect to the Office Web App Server (e.g., SharePoint).
1
Rule
Severity: Medium
If the BlackBerry Connect service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to enable SSL support for BlackBerry Proxy and use only DOD approved certificates.
1
Rule
Severity: High
Citrix Linux Virtual Delivery Agent must implement DoD-approved encryption.
1
Rule
Severity: High
Citrix Receiver must implement DoD-approved encryption.
2
Rule
Severity: High
Citrix Windows Virtual Delivery Agent must implement DoD-approved encryption.
1
Rule
Severity: High
FIPS mode must be enabled on all Docker Engine - Enterprise nodes.
1
Rule
Severity: Medium
Docker Enterprise Universal Control Plane (UCP) must be configured to use TLS 1.2.
1
Rule
Severity: High
DoD-approved encryption must be implemented to protect the confidentiality and integrity of remote access sessions, information during preparation for transmission, information during reception, and information during transmission in addition to enforcing replay-resistant authentication mechanisms for network access to privileged accounts.
1
Rule
Severity: High
The IBM Aspera Console must be configured to use NIST FIPS-validated cryptography to protect the integrity of file transfers.
1
Rule
Severity: High
IBM Aspera Faspex must be configured to use NIST FIPS-validated cryptography to protect the integrity of file transfers.
1
Rule
Severity: High
IBM Aspera Shares feature must be configured to use NIST FIPS-validated cryptography to protect the integrity of file transfers.
1
Rule
Severity: High
The IBM Aspera High-Speed Transfer Endpoint must be configured to use NIST FIPS-validated cryptography to protect the integrity of remote access sessions.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Endpoint must have a master-key set to encrypt the dynamic token encryption key.
1
Rule
Severity: High
The IBM Aspera High-Speed Transfer Server must be configured to use NIST FIPS-validated cryptography to protect the integrity of remote access sessions.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Server must have a master-key set to encrypt the dynamic token encryption key.
1
Rule
Severity: Medium
The DataPower Gateway providing intermediary services for remote access communications traffic must use NIST FIPS-validated cryptography to protect the integrity of remote access sessions.
1
Rule
Severity: Medium
The MQ Appliance messaging server must implement cryptography mechanisms to protect the integrity of the remote access session.
2
Rule
Severity: Medium
Security cookies must be set to HTTPOnly.
1
Rule
Severity: Medium
The WebSphere Application Server security cookies must be set to HTTPOnly.
1
Rule
Severity: Medium
The IBM z/VM TCP/IP configuration must include an SSLSERVERID statement.
2
Rule
Severity: Medium
HTTPS must be enabled for JBoss web interfaces.
2
Rule
Severity: Medium
If cipher suites using pre-shared keys are used for device authentication, the ISEC7 EMM Suite must have a minimum security strength of 112 bits or higher, must only be used in networks where both the client and server are Government systems, must prohibit client negotiation to TLS 1.1, TLS 1.0, SSL 2.0, or SSL 3.0 and must prohibit or restrict the use of protocols that transmit unencrypted authentication information or use flawed cryptographic algorithm for transmission.
2
Rule
Severity: Medium
The Sentry providing intermediary services for remote access communications traffic must use NIST FIPS-validated cryptography to protect the integrity of remote access sessions.
2
Rule
Severity: Medium
The Juniper SRX Services Gateway VPN must be configured to use IPsec with SHA1 or greater to negotiate hashing to protect the integrity of remote access sessions.
1
Rule
Severity: High
Firefox must be configured to allow only TLS 1.2 or above.
1
Rule
Severity: High
Edge must be configured to allow only TLS.
1
Rule
Severity: High
SharePoint must use cryptography to protect the integrity of the remote access session.
1
Rule
Severity: High
Nutanix AOS must implement DoD-approved encryption to protect the confidentiality of remote access sessions.
1
Rule
Severity: High
Nutanix AOS must implement cryptography mechanisms to protect the confidentiality and integrity of the remote access session.
1
Rule
Severity: High
OHS must have the LoadModule ossl_module directive enabled to protect the integrity of remote sessions in accordance with the categorization of data hosted by the web server.
1
Rule
Severity: High
OHS must have the SSLFIPS directive enabled to protect the integrity of remote sessions in accordance with the categorization of data hosted by the web server.
1
Rule
Severity: High
OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to protect the integrity of remote sessions in accordance with the categorization of data hosted by the web server.
1
Rule
Severity: High
OHS must have the SSLCipherSuite directive enabled to protect the integrity of remote sessions in accordance with the categorization of data hosted by the web server.
1
Rule
Severity: Medium
OHS must have the SecureProxy directive enabled to protect the integrity of remote sessions when integrated with WebLogic in accordance with the categorization of data hosted by the web server.
1
Rule
Severity: Medium
OHS must have the WLSSLWallet directive enabled to protect the integrity of remote sessions when integrated with WebLogic in accordance with the categorization of data hosted by the web server.
1
Rule
Severity: Medium
OHS must have the WebLogicSSLVersion directive enabled to protect the integrity of remote sessions when integrated with WebLogic in accordance with the categorization of data hosted by the web server.
1
Rule
Severity: Medium
OHS must have the WLProxySSL directive enabled to protect the integrity of remote sessions when integrated with WebLogic in accordance with the categorization of data hosted by the web server.
1
Rule
Severity: Medium
Oracle WebLogic must use cryptography to protect the integrity of the remote access session.
1
Rule
Severity: Medium
The Riverbed Optimization System (RiOS) providing intermediary services for remote access communications traffic must use NIST FIPS-validated cryptography to protect the integrity of remote access sessions.
1
Rule
Severity: High
Innoslate must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.
1
Rule
Severity: Medium
The Tanium endpoint must have the Tanium Servers public key in its installation, which will allow it to authenticate and uniquely identify all network-connected endpoint devices before establishing any connection.
6
Rule
Severity: Medium
Tanium Trusted Content providers must be documented.
6
Rule
Severity: Medium
Content providers must provide their public key to the Tanium administrator to import for validating signed content.
6
Rule
Severity: Medium
Tanium public keys of content providers must be validated against documented trusted content providers.
4
Rule
Severity: Medium
The Tanium endpoint must have the Tanium Server's pki.db in its installation.
1
Rule
Severity: Medium
The Tanium endpoint must have the Tanium Servers public key in its installation.
2
Rule
Severity: Medium
The UEM server must be configured to prohibit client negotiation to TLS 1.1, TLS 1.0, SSL 2.0, or SSL 3.0.
1
Rule
Severity: High
The Horizon Connection Server must be configured to only support TLS 1.2 connections.
1
Rule
Severity: High
The Blast Secure Gateway must be configured to only support TLS 1.2 connections.
1
Rule
Severity: High
The Horizon Connection Server must force server cipher preference.
2
Rule
Severity: Medium
The remote access VPN Gateway must use a digital signature generated using FIPS-validated algorithms and an approved hash function to protect the integrity of TLS remote access sessions.
2
Rule
Severity: Medium
The VPN Gateway must be configured to use IPsec with SHA-2 at 384 bits or greater for hashing to protect the integrity of remote access sessions.
2
Rule
Severity: Medium
The TLS VPN Gateway that supports Government-only services must prohibit client negotiation to TLS 1.1, TLS 1.0, SSL 2.0, or SSL 3.0.
2
Rule
Severity: Medium
The TLS VPN Gateway that supports citizen- or business-facing network devices must prohibit client negotiation to SSL 2.0 or SSL 3.0.
2
Rule
Severity: Medium
Hardware Management Console management must be accomplished by using the out-of-band or direct connection method.
2
Rule
Severity: Medium
The Apache web server must use cryptography to protect the integrity of remote sessions.
2
Rule
Severity: Low
HTTP Strict Transport Security (HSTS) must be enabled.
2
Rule
Severity: Medium
TLS 1.2 must be used on secured HTTP connectors.
1
Rule
Severity: High
The macOS system must disable the SSHD service.
1
Rule
Severity: High
The macOS system must implement approved ciphers to protect the confidentiality of SSH connections.
1
Rule
Severity: High
The macOS system must implement approved Message Authentication Codes (MACs).
1
Rule
Severity: High
The macOS system must implement approved Key Exchange Algorithms.
3
Rule
Severity: High
The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.
3
Rule
Severity: High
The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.
3
Rule
Severity: High
The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.
2
Rule
Severity: High
The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.
2
Rule
Severity: High
The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.
2
Rule
Severity: High
The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.
3
Rule
Severity: High
The macOS system must limit SSHD to FIPS-compliant connections.
3
Rule
Severity: High
The macOS system must limit SSH to FIPS-compliant connections.
1
Rule
Severity: Medium
The Ubuntu operating system must configure the SSH daemon to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms to protect the integrity of nonlocal maintenance and diagnostic communications.
2
Rule
Severity: Medium
The Ubuntu operating system must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
2
Rule
Severity: Medium
The Cisco ASA remote access VPN server must be configured to use a FIPS-validated algorithm and hash function to protect the integrity of TLS remote access sessions.
2
Rule
Severity: Medium
The Cisco ASA remote access VPN server must be configured to use SHA-2 at 384 bits or greater for hashing to protect the integrity of IPsec remote access sessions.
2
Rule
Severity: Medium
The container platform must prohibit communication using TLS versions 1.0 and 1.1, and SSL 2.0 and 3.0.
2
Rule
Severity: High
The operating system must implement cryptography to protect the integrity of remote access sessions.
2
Rule
Severity: Medium
SSMC must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
2
Rule
Severity: High
SSMC web server must use cryptography to protect the integrity of remote sessions.
2
Rule
Severity: High
The HPE 3PAR OS must be configured to restrict the encryption algorithms and protocols to comply with DOD-approved encryption to protect the confidentiality and integrity of remote access sessions.
2
Rule
Severity: Medium
If LDAP authentication is required on AIX, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.
2
Rule
Severity: High
IBM z/OS SSH daemon must be configured to use a FIPS 140-2 compliant cryptographic algorithm.
4
Rule
Severity: Medium
IBM z/OS SSL encryption options for the TN3270 Telnet Server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.
2
Rule
Severity: High
The SSH daemon must be configured to use a FIPS 140-2 compliant cryptographic algorithm.
2
Rule
Severity: Medium
IBM z/OS SSL encryption options for the TN3270 Telnet server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.
2
Rule
Severity: High
The IBM RACF SSH daemon must be configured to use a FIPS 140-2 compliant cryptographic algorithm to protect confidential information and remote access sessions.
2
Rule
Severity: High
The ICS must be configured to use TLS 1.2, at a minimum.
4
Rule
Severity: Medium
The Remote Desktop Session Host must require secure RPC communications.
2
Rule
Severity: Medium
The Remote Desktop Session Host must require secure Remote Procedure Call (RPC) communications.
2
Rule
Severity: Medium
Remote Desktop Services must be configured with the client connection encryption set to High Level.
2
Rule
Severity: Medium
Windows Server 2019 Remote Desktop Services must require secure Remote Procedure Call (RPC) communications.
2
Rule
Severity: Medium
Windows Server 2019 Remote Desktop Services must be configured with the client connection encryption set to High Level.
2
Rule
Severity: Medium
Windows Server 2022 Remote Desktop Services must require secure Remote Procedure Call (RPC) communications.
2
Rule
Severity: Medium
Windows Server 2022 Remote Desktop Services must be configured with the client connection encryption set to High Level.
3
Rule
Severity: Medium
WLAN components must be Wi-Fi Alliance certified with WPA2 or WPA3.
1
Rule
Severity: Medium
The WLAN access point must be configured for Wi-Fi Alliance WPA2 or WPA3 security.
2
Rule
Severity: High
OL 8 must implement NIST FIPS-validated cryptography for the following: To provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
2
Rule
Severity: Medium
The Oracle Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications.
4
Rule
Severity: Medium
The Oracle Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that the SSH daemon is configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.
2
Rule
Severity: Medium
The Oracle Linux operating system SSH server must be configured to use only FIPS-validated key exchange algorithms.
2
Rule
Severity: Medium
The OL 8 SSH daemon must be configured to use system-wide crypto policies.
2
Rule
Severity: Medium
The OL 8 operating system must implement DoD-approved encryption in the OpenSSL package.
2
Rule
Severity: Medium
The OL 8 operating system must implement DoD-approved TLS encryption in the OpenSSL package.
2
Rule
Severity: Medium
The OL 8 operating system must implement DoD-approved TLS encryption in the GnuTLS package.
2
Rule
Severity: Medium
OL 8 SSH server must be configured to use only FIPS-validated key exchange algorithms.
2
Rule
Severity: Medium
The Palo Alto Networks security platform, if used as a TLS gateway/decryption point or VPN concentrator, must use NIST FIPS-validated cryptography to protect the integrity of remote access sessions.
2
Rule
Severity: High
Automation Controller must implement cryptography mechanisms to protect the integrity of information.
2
Rule
Severity: Medium
The Automation Controller NGINX web server must use cryptography on all remote connections.
2
Rule
Severity: Medium
OpenShift must use TLS 1.2 or greater for secure communication.
2
Rule
Severity: Medium
The RHEL 8 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.
2
Rule
Severity: Medium
The RHEL 8 operating system must implement DoD-approved encryption to protect the confidentiality of SSH server connections.
2
Rule
Severity: Medium
The RHEL 8 operating system must implement DoD-approved encryption in the OpenSSL package.
2
Rule
Severity: Medium
The RHEL 8 operating system must implement DoD-approved TLS encryption in the OpenSSL package.
2
Rule
Severity: Medium
The RHEL 8 operating system must implement DoD-approved TLS encryption in the GnuTLS package.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications.
2
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon is configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system SSH server must be configured to use only FIPS-validated key exchange algorithms.
2
Rule
Severity: Medium
The RHEL 8 SSH daemon must be configured to use system-wide crypto policies.
2
Rule
Severity: Medium
RHEL 8 SSH server must be configured to use only FIPS-validated key exchange algorithms.
4
Rule
Severity: Medium
The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.
2
Rule
Severity: Medium
RHEL 9 SSH daemon must be configured to use system-wide crypto policies.
2
Rule
Severity: Medium
RHEL 9 must implement DOD-approved encryption ciphers to protect the confidentiality of SSH client connections.
2
Rule
Severity: Medium
RHEL 9 must implement DOD-approved encryption ciphers to protect the confidentiality of SSH server connections.
1
Rule
Severity: Medium
RHEL 9 SSH client must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms.
2
Rule
Severity: Medium
RHEL 9 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms.
4
Rule
Severity: Medium
The SUSE operating system SSH server must be configured to use only FIPS-validated key exchange algorithms.
2
Rule
Severity: High
RHEL 9 must implement DOD-approved TLS encryption in the GnuTLS package.
2
Rule
Severity: Medium
RHEL 9 must implement DOD-approved encryption in the OpenSSL package.
2
Rule
Severity: Medium
RHEL 9 must implement DOD-approved TLS encryption in the OpenSSL package.
4
Rule
Severity: Medium
The boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception).
2
Rule
Severity: Medium
The VMM must implement cryptography to protect the integrity of remote access sessions.
1
Rule
Severity: Medium
VAMI must use cryptography to protect the integrity of remote sessions.
1
Rule
Severity: Low
The Photon operating system must configure sshd to use approved encryption algorithms.
1
Rule
Severity: Medium
Envoy must use only Transport Layer Security (TLS) 1.2 for the protection of client connections.
3
Rule
Severity: High
The Photon operating system must implement only approved ciphers to protect the integrity of remote access sessions.
3
Rule
Severity: High
The Photon operating system must implement only approved Message Authentication Codes (MACs) to protect the integrity of remote access sessions.
2
Rule
Severity: Medium
The vCenter STS service must be configured to use strong encryption ciphers.
3
Rule
Severity: Medium
The vCenter VAMI service must use cryptography to protect the integrity of remote sessions.
2
Rule
Severity: Medium
The web server must use cryptography to protect the integrity of remote sessions.
1
Rule
Severity: Medium
The BIG-IP Core implementation must be configured to use NIST SP 800-52 Revision 1 compliant cryptography to protect the integrity of remote access sessions to virtual servers.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3-approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.
1
Rule
Severity: High
The Enterprise Voice, Video, and Messaging Endpoint must prohibit client negotiation to TLS 1.1, TLS 1.0, SSL 2.0, or SSL 3.0.
1
Rule
Severity: High
The F5 BIG-IP appliance providing intermediary services for remote access must use FIPS-validated cryptographic algorithms, including TLS 1.2 at a minimum.
1
Rule
Severity: High
The Enterprise Voice, Video, and Messaging Session Manager must be configured to use only TLS 1.2 or greater for all TLS and SSL communications.
1
Rule
Severity: Medium
If cipher suites using pre-shared keys are used for device authentication, the ISEC7 SPHERE must have a minimum security strength of 112 bits or higher, must only be used in networks where both the client and server are government systems, must prohibit client negotiation to TLS 1.1, TLS 1.0, SSL 2.0, or SSL 3.0 and must prohibit or restrict the use of protocols that transmit unencrypted authentication information or use flawed cryptographic algorithm for transmission.
1
Rule
Severity: High
Rancher RKE2 must protect authenticity of communications sessions with the use of FIPS-validated 140-2 or 140-3 security requirements for cryptographic modules.
1
Rule
Severity: High
SLEM 5 must implement DOD-approved encryption to protect the confidentiality of SSH remote connections.
1
Rule
Severity: High
SLEM 5 SSH server must be configured to use only FIPS 140-2/140-3 validated key exchange algorithms.
1
Rule
Severity: Medium
The TOSS operating system must implement DoD-approved encryption in the OpenSSL package.
1
Rule
Severity: Medium
The TOSS operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections.
1
Rule
Severity: Medium
The TOSS operating system must implement DoD-approved TLS encryption in the GnuTLS package.
1
Rule
Severity: Medium
The TOSS SSH daemon must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.
1
Rule
Severity: Medium
The vCenter Server must use DOD-approved encryption to protect the confidentiality of network sessions.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules