Capacity
CCI-002418
Protect the confidentiality and/or integrity of transmitted information.
22
Rule
Severity: Medium
Deactivate Wireless Network Interfaces
29
Rule
Severity: Medium
Install the OpenSSH Server Package
13
Rule
Severity: Medium
Disable Bluetooth Kernel Module
14
Rule
Severity: Medium
Enable the OpenSSH Service
9
Rule
Severity: High
Set kernel parameter 'crypto.fips_enabled' to 1
7
Rule
Severity: High
Configure SSH Client to Use FIPS 140-2 Validated Ciphers: openssh.config
3
Rule
Severity: Medium
Install the OpenSSH Client and Server Package
2
Rule
Severity: Medium
A VPN must be used to protect directory network traffic for directory service implementation spanning enclave boundaries.
2
Rule
Severity: Medium
The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.
4
Rule
Severity: Medium
The Apache web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed.
4
Rule
Severity: Medium
Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to prohibit client-side scripts from reading the cookie data.
2
Rule
Severity: Medium
Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to force the encryption of cookies.
2
Rule
Severity: High
An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
2
Rule
Severity: High
The application server must protect the confidentiality and integrity of transmitted information through the use of an approved TLS version.
2
Rule
Severity: High
The application server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
6
Rule
Severity: High
The application must protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: Medium
The BlackBerry UEM server must connect to [assignment: [SQL Server]] with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: Medium
The BlackBerry Enterprise Mobility Server (BEMS) must protect the confidentiality and integrity of transmitted information through the use of an approved TLS version.
2
Rule
Severity: Medium
The BlackBerry Enterprise Mobility Server (BEMS) must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: High
The BIND 9.x server implementation must uniquely identify and authenticate the other DNS server before responding to a server-to-server transaction, zone transfer and/or dynamic update request using cryptographically based bidirectional authentication to protect the integrity of the information in transit.
2
Rule
Severity: High
The Central Log Server must be configured to protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: Medium
Citrix License Server must protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: Medium
XenDesktop License Server must protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: High
Citrix Linux Virtual Delivery Agent must implement DoD-approved encryption.
1
Rule
Severity: High
Citrix Receiver must implement DoD-approved encryption.
1
Rule
Severity: Medium
Citrix StoreFront server must accept Personal Identity Verification (PIV) credentials.
2
Rule
Severity: High
Citrix Windows Virtual Delivery Agent must implement DoD-approved encryption.
1
Rule
Severity: Medium
TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.
2
Rule
Severity: High
The DNS server implementation must protect the integrity of transmitted information.
1
Rule
Severity: High
The CIM service must use DoD-approved encryption.
1
Rule
Severity: High
DoD-approved encryption must be implemented to protect the confidentiality and integrity of remote access sessions, information during preparation for transmission, information during reception, and information during transmission in addition to enforcing replay-resistant authentication mechanisms for network access to privileged accounts.
1
Rule
Severity: Medium
The Infoblox DNS server must protect the integrity of transmitted information.
1
Rule
Severity: Medium
The MQ Appliance messaging server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: Medium
The MQ Appliance messaging server must protect the confidentiality and integrity of transmitted information through the use of an approved TLS version.
2
Rule
Severity: High
The WebSphere Liberty Server must use FIPS 140-2 approved encryption modules when authenticating users and processes.
2
Rule
Severity: Medium
The WebSphere Liberty Server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: Medium
The WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes.
1
Rule
Severity: Medium
The WebSphere Application Server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: Medium
The Infoblox system must be configured to must protect the integrity of transmitted information.
2
Rule
Severity: Medium
The ISEC7 EMM Suite must configure Enable HTTPS to use HTTP over SSL in Apache Tomcat.
3
Rule
Severity: Medium
SSL must be enabled on Apache Tomcat.
2
Rule
Severity: Medium
Tomcat SSL must be restricted except for ISEC7 EMM Suite tasks.
2
Rule
Severity: Medium
The ISEC7 EMM Suite must protect the confidentiality and integrity of transmitted information during preparation for transmission and during reception using cryptographic mechanisms.
2
Rule
Severity: High
The Jamf Pro EMM server must connect to [Authentication Gateway Service (AGS)] with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: Medium
JBoss must be configured to use an approved TLS version.
1
Rule
Severity: High
Exchange OWA must use https.
4
Rule
Severity: High
Exchange must provide redundancy.
4
Rule
Severity: High
Exchange internal Receive connectors must require encryption.
4
Rule
Severity: High
Exchange internal Send connectors must require encryption.
2
Rule
Severity: Medium
Plain Text Options for outbound email must be configured.
1
Rule
Severity: Medium
The Windows 2012 DNS Server must protect the integrity of transmitted information.
1
Rule
Severity: Medium
Nutanix AOS must protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: High
OHS must have the LoadModule ossl_module directive enabled to prevent unauthorized disclosure of information during transmission.
1
Rule
Severity: High
OHS must have the SSLFIPS directive enabled to prevent unauthorized disclosure of information during transmission.
1
Rule
Severity: High
OHS must have the SSLEngine, SSLProtocol, SSLWallet directives enabled and configured to prevent unauthorized disclosure of information during transmission.
1
Rule
Severity: High
OHS must have the SSLCipherSuite directive enabled to prevent unauthorized disclosure of information during transmission.
1
Rule
Severity: Medium
If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL, OHS must have the SecureProxy directive enabled to prevent unauthorized disclosure of information during transmission.
1
Rule
Severity: Medium
OHS must have the WLSSLWallet directive enabled to prevent unauthorized disclosure of information during transmission.
1
Rule
Severity: Medium
If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL, OHS must have the WebLogicSSLVersion directive enabled to prevent unauthorized disclosure of information during transmission.
1
Rule
Severity: Medium
If using the WebLogic Web Server Proxy Plugin and configuring SSL termination at OHS, OHS must have the WLProxySSL directive enabled to prevent unauthorized disclosure of information during transmission.
1
Rule
Severity: Medium
OHS must have the LoadModule ossl_module directive enabled to maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
1
Rule
Severity: Medium
OHS must have the SSLFIPS directive enabled to maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
1
Rule
Severity: Medium
OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
1
Rule
Severity: Medium
OHS must have the SSLCipherSuite directive enabled to maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
2
Rule
Severity: High
Prisma Cloud Compute must protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: High
Splunk Enterprise must use SSL to protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: Medium
The Tanium Server must protect the confidentiality and integrity of transmitted information with cryptographic signing capabilities enabled to ensure the authenticity of communications sessions when making requests from Tanium Clients.
37
Rule
Severity: Medium
Tanium must be configured to communicate using TLS 1.2 Strict Only.
1
Rule
Severity: Medium
The Tanium application, SQL and Module servers must all be configured to communicate using TLS 1.2 Strict Only.
2
Rule
Severity: Medium
The Tanium application must be configured to communicate using TLS 1.2 Strict Only.
2
Rule
Severity: High
The Tanium Application, SQL, and Module servers must all be configured to communicate using TLS 1.2 Strict Only.
2
Rule
Severity: High
The SchUseStrongCrypto registry value must be set.
2
Rule
Severity: High
The SSLCipherSuite registry value must be set.
2
Rule
Severity: High
The UEM server must connect to [assignment: [list of applications]] and managed mobile devices with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: High
The IPsec VPN Gateway must specify Perfect Forward Secrecy (PFS) during Internet Key Exchange (IKE) negotiation.
2
Rule
Severity: High
The VPN Gateway and Client must be configured to protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: Medium
The Apache web server must use cryptography to protect the integrity of remote sessions.
2
Rule
Severity: Medium
The Apache web server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: Medium
TLS 1.2 must be used on secured HTTP connectors.
2
Rule
Severity: High
Tomcat must use FIPS-validated ciphers on secured connectors.
1
Rule
Severity: High
The macOS system must disable the SSHD service.
4
Rule
Severity: Low
The macOS system must be configured with Bluetooth turned off unless approved by the organization.
3
Rule
Severity: High
The macOS system must disable Bluetooth when no approved device is connected.
1
Rule
Severity: High
The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).
3
Rule
Severity: Medium
The Ubuntu operating system must disable all wireless network adapters.
2
Rule
Severity: High
The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: Medium
The Cisco ASA must be configured to specify Perfect Forward Secrecy (PFS) for the IPsec Security Association (SA) during IKE Phase 2 negotiation.
2
Rule
Severity: High
The operating system must protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: High
The operating system must protect the confidentiality and integrity of communications with wireless peripherals.
2
Rule
Severity: Medium
SSMC must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
2
Rule
Severity: High
SSMC web server must use encryption strength in accordance with the categorization of data hosted by the web server when remote connections are provided.
2
Rule
Severity: High
The HPE 3PAR OS must be configured to restrict the encryption algorithms and protocols to comply with DOD-approved encryption to protect the confidentiality and integrity of remote access sessions.
2
Rule
Severity: Medium
AIX must protect the confidentiality and integrity of transmitted information during preparation for transmission and maintain the confidentiality and integrity of information during reception and disable all non-encryption network access methods.
4
Rule
Severity: Medium
IBM z/OS SSL encryption options for the TN3270 Telnet Server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.
2
Rule
Severity: Medium
IBM z/OS SSL encryption options for the TN3270 Telnet server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.
2
Rule
Severity: High
The ICS must be configured to use TLS 1.2, at a minimum.
2
Rule
Severity: Medium
IIS 10.0 website session IDs must be sent to the client using TLS.
2
Rule
Severity: Medium
Cookies exchanged between the IIS 10.0 website and the client must have cookie properties set to prohibit client-side scripts from reading the cookie data.
2
Rule
Severity: Medium
IIS 10.0 web server session IDs must be sent to the client using TLS.
2
Rule
Severity: High
An IIS 10.0 web server must maintain the confidentiality of controlled information during transmission through the use of an approved Transport Layer Security (TLS) version.
2
Rule
Severity: Medium
The IIS 10.0 web server must maintain the confidentiality of controlled information during transmission through the use of an approved Transport Layer Security (TLS) version.
4
Rule
Severity: Medium
Outgoing secure channel traffic must be encrypted or signed.
2
Rule
Severity: Medium
Outgoing secure channel traffic must be encrypted when possible.
2
Rule
Severity: Medium
Outgoing secure channel traffic must be signed when possible.
4
Rule
Severity: Medium
The system must be configured to require a strong session key.
4
Rule
Severity: Medium
The Windows SMB client must be configured to always perform SMB packet signing.
4
Rule
Severity: Medium
The Windows SMB server must be configured to always perform SMB packet signing.
2
Rule
Severity: Medium
Simultaneous connections to the internet or a Windows domain must be limited.
2
Rule
Severity: Medium
Outgoing secure channel traffic must be encrypted.
2
Rule
Severity: Medium
Outgoing secure channel traffic must be signed.
2
Rule
Severity: Medium
Domain controllers must require LDAP access signing.
2
Rule
Severity: Medium
The setting Domain member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled.
2
Rule
Severity: Medium
The setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to enabled.
2
Rule
Severity: Medium
The setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to require a strong session key.
2
Rule
Severity: Medium
The setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.
2
Rule
Severity: Medium
The setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.
2
Rule
Severity: Medium
The setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.
2
Rule
Severity: Medium
The setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.
2
Rule
Severity: Medium
Windows Server 2019 domain controllers must require LDAP access signing.
2
Rule
Severity: Medium
Windows Server 2019 setting Domain member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled.
2
Rule
Severity: Medium
Windows Server 2019 setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to enabled.
2
Rule
Severity: Medium
Windows Server 2019 setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to require a strong session key.
2
Rule
Severity: Medium
Windows Server 2019 setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.
2
Rule
Severity: Medium
Windows Server 2019 setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.
2
Rule
Severity: Medium
Windows Server 2019 setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.
2
Rule
Severity: Medium
Windows Server 2019 setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.
2
Rule
Severity: Medium
Windows Server 2022 domain controllers must require LDAP access signing.
2
Rule
Severity: Medium
Windows Server 2022 setting Domain member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled.
2
Rule
Severity: Medium
Windows Server 2022 setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to Enabled.
2
Rule
Severity: Medium
Windows Server 2022 setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to require a strong session key.
2
Rule
Severity: Medium
Windows Server 2022 setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.
2
Rule
Severity: Medium
Windows Server 2022 setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.
2
Rule
Severity: Medium
Windows Server 2022 setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.
2
Rule
Severity: Medium
Windows Server 2022 setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.
2
Rule
Severity: High
Tunneling of classified traffic across an unclassified IP transport network or service provider backbone must be documented in the enclaves security authorization package and an Approval to Connect (ATC), or an Interim ATC must be issued by DISA prior to implementation.
2
Rule
Severity: High
DSAWG approval must be obtained before tunneling classified traffic outside the components local area network boundaries across a non-DISN or OCONUS DISN unclassified IP wide area network transport infrastructure.
2
Rule
Severity: High
Tunneling of classified traffic across an unclassified IP transport network must employ cryptographic algorithms in accordance with CNSS Policy No. 15.
2
Rule
Severity: High
OL 8 must implement NIST FIPS-validated cryptography for the following: To provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that all networked systems have SSH installed.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that all networked systems use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission.
2
Rule
Severity: Medium
OL 8 wireless network adapters must be disabled.
2
Rule
Severity: Medium
OL 8 Bluetooth must be disabled.
2
Rule
Severity: Medium
All OL 8 networked systems must have SSH installed.
2
Rule
Severity: Medium
All OL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
2
Rule
Severity: High
Automation Controller must implement cryptography mechanisms to protect the integrity of information.
2
Rule
Severity: Medium
OpenShift must protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: Medium
Cookies exchanged between any Automation Controller NGINX web server and any client, such as session cookies, must have security settings that disallow cookie access outside the originating Automation Controller NGINX web server and hosted application.
1
Rule
Severity: Medium
The Automation Controller NGINX web server must employ cryptographic mechanisms (TLS/DTLS/SSL) to prevent the unauthorized disclosure of information during transmission.
2
Rule
Severity: Medium
Automation Controller NGINX web servers must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all networked systems have SSH installed.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all networked systems use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission.
2
Rule
Severity: Medium
All RHEL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all wireless network adapters are disabled.
2
Rule
Severity: Medium
All RHEL 8 networked systems must have SSH installed.
2
Rule
Severity: Medium
All RHEL 9 networked systems must have SSH installed.
2
Rule
Severity: Medium
All RHEL 9 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
4
Rule
Severity: High
All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
4
Rule
Severity: Medium
The SUSE operating system wireless network adapters must be disabled unless approved and documented.
2
Rule
Severity: Medium
RHEL 9 must force a frequent session key renegotiation for SSH connections to the server.
2
Rule
Severity: Medium
RHEL 9 wireless network adapters must be disabled.
2
Rule
Severity: High
RHEL 9 must enable FIPS mode.
2
Rule
Severity: High
RHEL 9 must implement DOD-approved TLS encryption in the GnuTLS package.
2
Rule
Severity: Medium
RHEL 9 must implement DOD-approved encryption in the bind package.
4
Rule
Severity: Medium
Wireless network adapters must be disabled.
4
Rule
Severity: Medium
The operating system must protect the confidentiality of transmitted information.
6
Rule
Severity: Medium
The operating system must protect the integrity of transmitted information.
2
Rule
Severity: High
Splunk Enterprise must be configured to protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: Medium
The VMM must protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: Medium
The VMM must protect the confidentiality and integrity of communications with wireless peripherals.
4
Rule
Severity: Medium
The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic.
1
Rule
Severity: Medium
The ESXi host must protect the confidentiality and integrity of transmitted information by protecting ESXi management traffic.
4
Rule
Severity: Medium
The ESXi host must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic.
1
Rule
Severity: High
VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections.
1
Rule
Severity: Medium
VAMI must use cryptography to protect the integrity of remote sessions.
1
Rule
Severity: Medium
VAMI must implement Transport Layer Security (TLS) 1.2 exclusively.
1
Rule
Severity: Medium
Performance Charts must protect cookies from cross-site scripting (XSS).
1
Rule
Severity: Medium
Performance Charts must set the secure flag for cookies.
1
Rule
Severity: Medium
ESX Agent Manager must protect cookies from cross-site scripting (XSS).
1
Rule
Severity: Medium
Lookup Service must protect cookies from cross-site scripting (XSS).
1
Rule
Severity: Medium
Lookup Service must set the secure flag for cookies.
3
Rule
Severity: Medium
The ESXi host must protect the confidentiality and integrity of transmitted information by isolating ESXi management traffic.
1
Rule
Severity: Low
The Photon operating system must configure sshd to use approved encryption algorithms.
1
Rule
Severity: Medium
Envoy must be configured to operate in FIPS mode.
1
Rule
Severity: Medium
Envoy must use only Transport Layer Security (TLS) 1.2 for the protection of client connections.
1
Rule
Severity: Medium
The Security Token Service must protect cookies from cross-site scripting (XSS).
1
Rule
Severity: Medium
The Security Token Service must set the secure flag for cookies.
1
Rule
Severity: Medium
vSphere UI must protect cookies from cross-site scripting (XSS).
1
Rule
Severity: Medium
vSphere UI must set the secure flag for cookies.
3
Rule
Severity: High
The Photon operating system must have the OpenSSL FIPS provider installed to protect the confidentiality of remote access sessions.
2
Rule
Severity: Medium
The vCenter STS service must be configured to use strong encryption ciphers.
2
Rule
Severity: High
The vCenter VAMI service must enable FIPS mode.
2
Rule
Severity: High
The web server must employ cryptographic mechanisms (TLS/DTLS/SSL) preventing the unauthorized disclosure of information during transmission.
2
Rule
Severity: Medium
Web server session IDs must be sent to the client using SSL/TLS.
2
Rule
Severity: Medium
Web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed.
2
Rule
Severity: Medium
Cookies exchanged between the web server and the client, such as session cookies, must have cookie properties set to prohibit client-side scripts from reading the cookie data.
2
Rule
Severity: Medium
Cookies exchanged between the web server and the client, such as session cookies, must have cookie properties set to force the encryption of cookies.
2
Rule
Severity: Medium
A web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
2
Rule
Severity: Medium
The web server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: High
The Windows DNS Server must protect the integrity of transmitted information.
1
Rule
Severity: High
Ubuntu 22.04 LTS must have SSH installed.
1
Rule
Severity: High
Ubuntu 22.04 LTS must use SSH to protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must disable all wireless network adapters.
1
Rule
Severity: High
The Enterprise Voice, Video, and Messaging Endpoint must be configured to use FIPS-compliant algorithms for network traffic.
1
Rule
Severity: High
The Enterprise Voice, Video, and Messaging Session Manager must be configured to protect the confidentiality and integrity of transmitted configuration files, signaling, and media streams.
1
Rule
Severity: Medium
The F5 BIG-IP appliance IPsec VPN Gateway must specify Perfect Forward Secrecy (PFS) during Internet Key Exchange (IKE) negotiation.
1
Rule
Severity: Medium
The ISEC7 SPHERE must protect the confidentiality and integrity of transmitted information during preparation for transmission and during reception using cryptographic mechanisms.
1
Rule
Severity: Medium
The ISEC7 SPHERE must configure Enable HTTPS to use HTTP over SSL in Apache Tomcat.
1
Rule
Severity: Medium
Tomcat SSL must be restricted except for ISEC7 SPHERE tasks.
1
Rule
Severity: High
FIPS mode must be enabled.
1
Rule
Severity: High
The Automation Controller NGINX web server must employ cryptographic mechanisms (TLS/DTLS/SSL) to prevent the unauthorized disclosure of information during transmission.
1
Rule
Severity: High
SLEM 5 must have SSH installed to protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: High
SLEM 5 must use SSH to protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: Medium
SLEM 5 wireless network adapters must be disabled unless approved and documented.
1
Rule
Severity: Medium
All TOSS networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
1
Rule
Severity: Medium
TOSS must protect wireless access to the system using authentication of users and/or devices.
1
Rule
Severity: Medium
The web server must use HTTP/2, at a minimum.
1
Rule
Severity: Medium
The web server must disable HTTP/1.x downgrading.
1
Rule
Severity: Medium
The web server must only use forward proxies that route HTTP/2 requests upstream.
1
Rule
Severity: Medium
The vCenter Server must use DOD-approved encryption to protect the confidentiality of network sessions.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules