CCI-001958
Authenticate organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection.
The Arista Multilayer Switch must authenticate 802.1X connected devices before establishing any connection.
1 rule found Severity: Medium
HP FlexFabric Switch must authenticate all network-connected endpoint devices before establishing any connection.
1 rule found Severity: High
The Infoblox DNS server must authenticate to any external (non-Grid) DNS servers before responding to a server-to-server transaction.
1 rule found Severity: Medium
The MQ Appliance messaging server must authenticate all network-connected endpoint devices before establishing any connection.
1 rule found Severity: Medium
The WebSphere Application Server must authenticate all network-connected endpoint devices before establishing any connection.
1 rule found Severity: Medium
The Infoblox system must authenticate the other DNS server before responding to a server-to-server transaction.
1 rule found Severity: Medium
1 rule found Severity: Medium
The secondary Windows DNS name servers must cryptographically authenticate zone transfers from primary name servers.
2 rules found Severity: Medium
The Windows DNS primary server must only send zone transfers to a specific list of secondary name servers.
1 rule found Severity: Medium
The Windows 2012 DNS Server must provide its identity with returned DNS information by enabling DNSSEC and TSIG/SIG(0).
1 rule found Severity: Medium
The SEL-2740S must authenticate all network-connected endpoint devices before establishing any connection.
1 rule found Severity: Medium
The Tanium endpoint must have the Tanium Servers public key in its installation, which will allow it to authenticate and uniquely identify all network-connected endpoint devices before establishing any connection.
1 rule found Severity: Medium
1 rule found Severity: Medium
The Ubuntu operating system must disable automatic mounting of Universal Serial Bus (USB) mass storage driver.
2 rules found Severity: Medium
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the Datagram Congestion Control Protocol (DCCP) kernel module is disabled unless required.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must disable the file system automounter unless required.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must disable the graphical user interface automounter unless required.
1 rule found Severity: Medium
The PE router providing MPLS Layer 2 Virtual Private Network (L2VPN) services must be configured to authenticate targeted Label Distribution Protocol (LDP) sessions used to exchange virtual circuit (VC) information using a FIPS-approved message authentication code algorithm.
2 rules found Severity: Medium
The BIND 9.x server implementation must uniquely identify and authenticate the other DNS server before responding to a server-to-server transaction, zone transfer and/or dynamic update request using cryptographically based bidirectional authentication to protect the integrity of the information in transit.
1 rule found Severity: High
The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection.
2 rules found Severity: High
The Cisco PE router providing MPLS Layer 2 Virtual Private Network (L2VPN) services must be configured to authenticate targeted Label Distribution Protocol (LDP) sessions used to exchange virtual circuit (VC) information using a FIPS-approved message authentication code algorithm.
3 rules found Severity: Medium
The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to authenticate all received MSDP packets.
3 rules found Severity: Medium
The Cisco PE switch providing MPLS Layer 2 Virtual Private Network (L2VPN) services must be configured to authenticate targeted Label Distribution Protocol (LDP) sessions used to exchange virtual circuit (VC) information using a FIPS-approved message authentication code algorithm.
3 rules found Severity: Medium
The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to authenticate all received MSDP packets.
2 rules found Severity: Medium
The Cisco ISE must authenticate all endpoint devices before establishing a connection and proceeding with posture assessment. This is required for compliance with C2C Step 4.
1 rule found Severity: Medium
The Cisco ISE must be configured to dynamically apply restricted access of endpoints that are granted access using MAC Authentication Bypass (MAB). This is required for compliance with C2C Step 4.
1 rule found Severity: Medium
The DNS server implementation must authenticate the other DNS server before responding to a server-to-server transaction.
1 rule found Severity: Medium
The F5 BIG-IP must be configured to identify and authenticate all endpoint devices or peers before establishing a connection.
1 rule found Severity: Medium
The Enterprise Voice, Video, and Messaging Session Manager must be configured to authenticate each Voice Video Endpoint device before registration.
1 rule found Severity: Medium
The Enterprise Voice, Video, and Messaging Session Manager must be configured to authenticate each Voice Video peer (trunk) before registration.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The Juniper EX switch must be configured to authenticate all network-connected endpoint devices before establishing any connection.
1 rule found Severity: Medium
The router providing MPLS L2VPN services must be configured to authenticate targeted LDP sessions used to exchange VC information using a FIPS-approved message authentication code algorithm.
1 rule found Severity: Medium
The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to authenticate all received MSDP packets.
2 rules found Severity: Medium
The layer 2 switch must authenticate all network-connected endpoint devices before establishing any connection.
1 rule found Severity: Medium
1 rule found Severity: Medium
The Oracle Linux operating system must be configured so that the Datagram Congestion Control Protocol (DCCP) kernel module is disabled unless required.
1 rule found Severity: Medium
The Oracle Linux operating system must disable the graphical user interface automounter unless required.
1 rule found Severity: Medium
The Multicast Source Discovery Protocol (MSDP) router must be configured to authenticate all received MSDP packets.
1 rule found Severity: Medium
AAA Services used for 802.1x must be configured to authenticate network endpoint devices (supplicants) before the authenticator establishes any connection.
1 rule found Severity: Medium
2 rules found Severity: Medium
The application must authenticate all network connected endpoint devices before establishing any connection.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
AlmaLinux OS 9 must prevent a user from overriding the disabling of the graphical user interface automount function.
1 rule found Severity: Medium
AlmaLinux OS 9 must prevent a user from overriding the disabling of the graphical user interface autorun function.
1 rule found Severity: Medium
1 rule found Severity: Medium
The Dell OS10 Switch must uniquely identify all network-connected endpoint devices before establishing any connection.
1 rule found Severity: High
Forescout must authenticate all endpoint devices before establishing a connection and proceeding with posture assessment. This is required for compliance with C2C Step 4.
1 rule found Severity: Medium
Forescout must be configured to apply dynamic ACLs that restrict the use of ports when non-entity endpoints are connected using MAC Authentication Bypass (MAB). This is required for compliance with C2C Step 4.
1 rule found Severity: Medium
Forescout switch module must only allow a maximum of one registered MAC address per access port. This is required for compliance with C2C Step 4.
1 rule found Severity: Medium
1 rule found Severity: Medium
AOS, when used as a VPN Gateway, must authenticate all network-connected endpoint devices before establishing a connection.
1 rule found Severity: Medium
The network element must authenticate all network-connected endpoint devices before establishing any connection.
1 rule found Severity: Medium
The Juniper PE router providing MPLS Layer 2 Virtual Private Network (L2VPN) services must be configured to authenticate targeted Label Distribution Protocol (LDP) sessions used to exchange virtual circuit (VC) information using a FIPS-approved message authentication code algorithm.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
RHEL 9 must prevent a user from overriding the disabling of the graphical user interface automount function.
1 rule found Severity: Medium
RHEL 9 must prevent a user from overriding the disabling of the graphical user interface autorun function.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
2 rules found Severity: Medium
2 rules found Severity: Medium
1 rule found Severity: Medium
The VPN Gateway must authenticate all network-connected endpoint devices before establishing a connection.
1 rule found Severity: Medium