CCI-002314
Employ automated mechanisms to control remote access methods.
Firewalld Must Employ a Deny-all, Allow-by-exception Policy for Allowing Connections to Other Systems
1 rule found Severity: Medium
The CA API Gateway providing intermediary services for remote access communications traffic must control remote access methods.
1 rule found Severity: Medium
DoD-approved encryption must be implemented to protect the confidentiality and integrity of remote access sessions, information during preparation for transmission, information during reception, and information during transmission in addition to enforcing replay-resistant authentication mechanisms for network access to privileged accounts.
1 rule found Severity: High
1 rule found Severity: High
The WebSphere Application Server users in a local user registry group must be authorized for that group.
1 rule found Severity: Medium
Remote access to OHS must follow access policy or work in conjunction with enterprise tools designed to enforce policy requirements.
1 rule found Severity: Medium
OHS must have the Order, Allow, and Deny directives set within the Directory directives set to restrict inbound connections from nonsecure zones.
1 rule found Severity: Medium
OHS must have the Order, Allow, and Deny directives set within the Files directives set to restrict inbound connections from nonsecure zones.
1 rule found Severity: Medium
OHS must have the Order, Allow, and Deny directives set within the Location directives set to restrict inbound connections from nonsecure zones.
1 rule found Severity: Medium
Samsung Android must be configured to enable authentication of personal hotspot connections to the device using a pre-shared key.
7 rules found Severity: Medium
Common Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
2 rules found Severity: Medium
The Ubuntu operating system must have an application firewall installed in order to control remote access methods.
2 rules found Severity: Medium
2 rules found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management Component Local Service Assessment (PPSM CLSA) and vulnerability assessments.
1 rule found Severity: Medium
Samsung Android must be configured to enable authentication of personal hotspot connections to the device using a preshared key.
2 rules found Severity: Medium
1 rule found Severity: Medium
The BIG-IP Core implementation providing intermediary services for remote access communications traffic must control remote access methods to virtual servers.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The HPE 3PAR OS must be configured to restrict the encryption algorithms and protocols to comply with DOD-approved encryption to protect the confidentiality and integrity of remote access sessions.
1 rule found Severity: High
The ICS must be configured to generate log records containing sufficient information about where, when, identity, source, or outcome of the events.
1 rule found Severity: Low
1 rule found Severity: Medium
The "Deny log on through Remote Desktop Services" user right on Windows 11 workstations must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems.
1 rule found Severity: Medium
The Deny log on through Remote Desktop Services user right on domain controllers must be configured to prevent unauthenticated access.
1 rule found Severity: Medium
The "Deny log on through Remote Desktop Services" user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems and from unauthenticated access on all systems.
1 rule found Severity: Medium
The Oracle Linux operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management Component Local Service Assessment (PPSM CLSA) and vulnerability assessments.
1 rule found Severity: Medium
SLEM 5 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.
1 rule found Severity: Medium
Remote access to the web server must follow access policy or work in conjunction with enterprise tools designed to enforce policy requirements.
1 rule found Severity: Medium
1 rule found Severity: Medium
3 rules found Severity: Medium
1 rule found Severity: Medium
The ALG providing intermediary services for remote access communications traffic must control remote access methods.
1 rule found Severity: Medium
Ubuntu 22.04 LTS must have an application firewall installed in order to control remote access methods.
1 rule found Severity: Medium
1 rule found Severity: Medium
Google Android 15 must be configured to enable authentication of personal hotspot connections to the device using a preshared key.
2 rules found Severity: Medium
IBM z//OS must be configured to restrict all TCP/IP ports to ports, protocols, and/or services as defined in the PPSM CAL and vulnerability assessments.
2 rules found Severity: Medium
IBM z/OS must be configured to restrict all TCP/IP ports to ports, protocols, and/or services as defined in the PPSM CAL and vulnerability assessments.
1 rule found Severity: Medium
Windows Server 2019 Deny log on through Remote Desktop Services user right on domain controllers must be configured to prevent unauthenticated access.
1 rule found Severity: Medium
Windows Server 2019 "Deny log on through Remote Desktop Services" user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and all local accounts and from unauthenticated access on all systems.
1 rule found Severity: Medium
The Deny log on through Remote Desktop Services user right on Windows 10 workstations must at a minimum be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems.
1 rule found Severity: Medium
Windows Server 2022 Deny log on through Remote Desktop Services user right on domain controllers must be configured to prevent unauthenticated access.
1 rule found Severity: Medium
Windows Server 2022 Deny log on through Remote Desktop Services user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and all local accounts and from unauthenticated access on all systems.
1 rule found Severity: Medium
The Palo Alto Networks security platform, if used as a TLS gateway/decryption point or VPN concentrator, must control remote access methods (inspect and filter traffic).
1 rule found Severity: Medium
An OL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems.
1 rule found Severity: Medium
A RHEL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems.
1 rule found Severity: Medium
The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.
2 rules found Severity: Medium
Samsung Android must be configured to enable authentication of personal hotspot connections to the device using a preshared key. - Disallow config tethering.
1 rule found Severity: Medium
The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH).
3 rules found Severity: Medium
1 rule found Severity: Medium
The VPN Gateway must be configured to perform an organization-defined action if the audit reveals unauthorized activity.
1 rule found Severity: Medium
Zebra Android 13 must be configured to enable authentication of personal hotspot connections to the device using a pre-shared key.
2 rules found Severity: Medium