CCI-002418
Protect the confidentiality and/or integrity of transmitted information.
1 rule found Severity: High
The BlackBerry UEM server must connect to [assignment: [SQL Server]] with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: Medium
The BlackBerry Enterprise Mobility Server (BEMS) must protect the confidentiality and integrity of transmitted information through the use of an approved TLS version.
2 rules found Severity: Medium
The BlackBerry Enterprise Mobility Server (BEMS) must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
2 rules found Severity: Medium
1 rule found Severity: Medium
XenDesktop License Server must protect the confidentiality and integrity of transmitted information.
1 rule found Severity: Medium
1 rule found Severity: High
1 rule found Severity: Medium
2 rules found Severity: High
TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.
1 rule found Severity: Medium
DoD-approved encryption must be implemented to protect the confidentiality and integrity of remote access sessions, information during preparation for transmission, information during reception, and information during transmission in addition to enforcing replay-resistant authentication mechanisms for network access to privileged accounts.
1 rule found Severity: High
1 rule found Severity: Medium
The MQ Appliance messaging server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: Medium
The MQ Appliance messaging server must protect the confidentiality and integrity of transmitted information through the use of an approved TLS version.
1 rule found Severity: Medium
The WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes.
1 rule found Severity: Medium
The WebSphere Application Server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The ISEC7 EMM Suite must protect the confidentiality and integrity of transmitted information during preparation for transmission and during reception using cryptographic mechanisms.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
OHS must have the LoadModule ossl_module directive enabled to prevent unauthorized disclosure of information during transmission.
1 rule found Severity: High
OHS must have the SSLFIPS directive enabled to prevent unauthorized disclosure of information during transmission.
1 rule found Severity: High
OHS must have the SSLEngine, SSLProtocol, SSLWallet directives enabled and configured to prevent unauthorized disclosure of information during transmission.
1 rule found Severity: High
OHS must have the SSLCipherSuite directive enabled to prevent unauthorized disclosure of information during transmission.
1 rule found Severity: High
If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL, OHS must have the SecureProxy directive enabled to prevent unauthorized disclosure of information during transmission.
1 rule found Severity: Medium
OHS must have the WLSSLWallet directive enabled to prevent unauthorized disclosure of information during transmission.
1 rule found Severity: Medium
If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL, OHS must have the WebLogicSSLVersion directive enabled to prevent unauthorized disclosure of information during transmission.
1 rule found Severity: Medium
If using the WebLogic Web Server Proxy Plugin and configuring SSL termination at OHS, OHS must have the WLProxySSL directive enabled to prevent unauthorized disclosure of information during transmission.
1 rule found Severity: Medium
OHS must have the LoadModule ossl_module directive enabled to maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
1 rule found Severity: Medium
OHS must have the SSLFIPS directive enabled to maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
1 rule found Severity: Medium
OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
1 rule found Severity: Medium
OHS must have the SSLCipherSuite directive enabled to maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
1 rule found Severity: Medium
The Tanium Server must protect the confidentiality and integrity of transmitted information with cryptographic signing capabilities enabled to ensure the authenticity of communications sessions when making requests from Tanium Clients.
1 rule found Severity: Medium
The Tanium application, SQL and Module servers must all be configured to communicate using TLS 1.2 Strict Only.
1 rule found Severity: Medium
2 rules found Severity: Medium
2 rules found Severity: Low
The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).
1 rule found Severity: High
2 rules found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all networked systems have SSH installed.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all networked systems use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all wireless network adapters are disabled.
1 rule found Severity: Medium
The BIND 9.x server implementation must uniquely identify and authenticate the other DNS server before responding to a server-to-server transaction, zone transfer and/or dynamic update request using cryptographically based bidirectional authentication to protect the integrity of the information in transit.
1 rule found Severity: High
The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: High
The Cisco ASA must be configured to specify Perfect Forward Secrecy (PFS) for the IPsec Security Association (SA) during IKE Phase 2 negotiation.
1 rule found Severity: Medium
1 rule found Severity: High
The Enterprise Voice, Video, and Messaging Endpoint must be configured to use FIPS-compliant algorithms for network traffic.
1 rule found Severity: High
The Enterprise Voice, Video, and Messaging Session Manager must be configured to protect the confidentiality and integrity of transmitted configuration files, signaling, and media streams.
1 rule found Severity: High
The F5 BIG-IP appliance IPsec VPN Gateway must specify Perfect Forward Secrecy (PFS) during Internet Key Exchange (IKE) negotiation.
1 rule found Severity: Medium
SSMC must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
1 rule found Severity: Medium
SSMC web server must use encryption strength in accordance with the categorization of data hosted by the web server when remote connections are provided.
1 rule found Severity: High
The HPE 3PAR OS must be configured to restrict the encryption algorithms and protocols to comply with DOD-approved encryption to protect the confidentiality and integrity of remote access sessions.
1 rule found Severity: High
The WebSphere Liberty Server must use FIPS 140-2 approved encryption modules when authenticating users and processes.
1 rule found Severity: High
AIX must protect the confidentiality and integrity of transmitted information during preparation for transmission and maintain the confidentiality and integrity of information during reception and disable all non-encryption network access methods.
1 rule found Severity: Medium
The WebSphere Liberty Server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: Medium
The ISEC7 SPHERE must protect the confidentiality and integrity of transmitted information during preparation for transmission and during reception using cryptographic mechanisms.
1 rule found Severity: Medium
1 rule found Severity: Medium
The Jamf Pro EMM server must connect to [Authentication Gateway Service (AGS)] with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: High
An IIS 10.0 web server must maintain the confidentiality of controlled information during transmission through the use of an approved Transport Layer Security (TLS) version.
1 rule found Severity: High
The IIS 10.0 web server must maintain the confidentiality of controlled information during transmission through the use of an approved Transport Layer Security (TLS) version.
1 rule found Severity: Medium
Cookies exchanged between the IIS 10.0 website and the client must have cookie properties set to prohibit client-side scripts from reading the cookie data.
1 rule found Severity: Medium
1 rule found Severity: Medium
2 rules found Severity: Medium
2 rules found Severity: Medium
The setting Domain member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled.
1 rule found Severity: Medium
The setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to enabled.
1 rule found Severity: Medium
The setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled.
1 rule found Severity: Medium
1 rule found Severity: Medium
The setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.
1 rule found Severity: Medium
The setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.
1 rule found Severity: Medium
The setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.
1 rule found Severity: Medium
The setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.
1 rule found Severity: Medium
1 rule found Severity: High
Tunneling of classified traffic across an unclassified IP transport network or service provider backbone must be documented in the enclaves security authorization package and an Approval to Connect (ATC), or an Interim ATC must be issued by DISA prior to implementation.
1 rule found Severity: High
DSAWG approval must be obtained before tunneling classified traffic outside the components local area network boundaries across a non-DISN or OCONUS DISN unclassified IP wide area network transport infrastructure.
1 rule found Severity: High
Tunneling of classified traffic across an unclassified IP transport network must employ cryptographic algorithms in accordance with CNSS Policy No. 15.
1 rule found Severity: High
The Oracle Linux operating system must be configured so that all networked systems have SSH installed.
1 rule found Severity: Medium
The Oracle Linux operating system must be configured so that all networked systems use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission.
1 rule found Severity: Medium
Automation Controller must implement cryptography mechanisms to protect the integrity of information.
1 rule found Severity: High
Cookies exchanged between any Automation Controller NGINX web server and any client, such as session cookies, must have security settings that disallow cookie access outside the originating Automation Controller NGINX web server and hosted application.
1 rule found Severity: Medium
The Automation Controller NGINX web server must employ cryptographic mechanisms (TLS/DTLS/SSL) to prevent the unauthorized disclosure of information during transmission.
1 rule found Severity: High
Automation Controller NGINX web servers must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
1 rule found Severity: Medium
SLEM 5 must have SSH installed to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: High
1 rule found Severity: High
1 rule found Severity: Medium
Splunk Enterprise must use SSL to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: High
Splunk Enterprise must be configured to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: High
The Tanium Application, SQL, and Module servers must all be configured to communicate using TLS 1.2 Strict Only.
1 rule found Severity: High
All TOSS networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
1 rule found Severity: Medium
1 rule found Severity: Medium
The web server must employ cryptographic mechanisms (TLS/DTLS/SSL) preventing the unauthorized disclosure of information during transmission.
1 rule found Severity: High
Web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed.
1 rule found Severity: Medium
Cookies exchanged between the web server and the client, such as session cookies, must have cookie properties set to prohibit client-side scripts from reading the cookie data.
1 rule found Severity: Medium
Cookies exchanged between the web server and the client, such as session cookies, must have cookie properties set to force the encryption of cookies.
1 rule found Severity: Medium
A web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
1 rule found Severity: Medium
The web server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: Medium
1 rule found Severity: Medium
A VPN must be used to protect directory network traffic for directory service implementation spanning enclave boundaries.
1 rule found Severity: Medium
1 rule found Severity: High
1 rule found Severity: High
1 rule found Severity: Medium
Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to prohibit client-side scripts from reading the cookie data.
2 rules found Severity: Medium
The Apache web server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: Medium
The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.
1 rule found Severity: Medium
The Apache web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed.
2 rules found Severity: Medium
Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to force the encryption of cookies.
1 rule found Severity: Medium
An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
1 rule found Severity: High
2 rules found Severity: High
The application server must protect the confidentiality and integrity of transmitted information through the use of an approved TLS version.
1 rule found Severity: High
The application server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: High
3 rules found Severity: High
Ubuntu 22.04 LTS must use SSH to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: High
The Central Log Server must be configured to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: High
1 rule found Severity: High
1 rule found Severity: High
The operating system must protect the confidentiality and integrity of communications with wireless peripherals.
1 rule found Severity: High
AOS, when used as an IPsec VPN Gateway, must specify Perfect Forward Secrecy (PFS) during Internet Key Exchange (IKE) negotiation.
1 rule found Severity: High
AOS, when used as an IPsec VPN Gateway, must use Advanced Encryption Standard (AES) encryption for the Internet Key Exchange (IKE) proposal to protect confidentiality of remote access sessions.
1 rule found Severity: High
IBM z/OS SSL encryption options for the TN3270 Telnet Server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.
2 rules found Severity: Medium
IBM z/OS SSL encryption options for the TN3270 Telnet server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.
1 rule found Severity: Medium
1 rule found Severity: Medium
Windows Server 2019 setting Domain member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled.
1 rule found Severity: Medium
Windows Server 2019 setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to enabled.
1 rule found Severity: Medium
Windows Server 2019 setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled.
1 rule found Severity: Medium
1 rule found Severity: Medium
Windows Server 2019 setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.
1 rule found Severity: Medium
Windows Server 2019 setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.
1 rule found Severity: Medium
Windows Server 2019 setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.
1 rule found Severity: Medium
Windows Server 2019 setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.
1 rule found Severity: Medium
1 rule found Severity: Medium
Windows Server 2022 setting Domain member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled.
1 rule found Severity: Medium
Windows Server 2022 setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to Enabled.
1 rule found Severity: Medium
Windows Server 2022 setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled.
1 rule found Severity: Medium
1 rule found Severity: Medium
Windows Server 2022 setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.
1 rule found Severity: Medium
Windows Server 2022 setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.
1 rule found Severity: Medium
Windows Server 2022 setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.
1 rule found Severity: Medium
Windows Server 2022 setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.
1 rule found Severity: Medium
OL 8 must implement NIST FIPS-validated cryptography for the following: To provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
1 rule found Severity: High
1 rule found Severity: High
1 rule found Severity: Medium
All OL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
1 rule found Severity: Medium
All RHEL 9 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
1 rule found Severity: Medium
1 rule found Severity: Medium
All RHEL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
1 rule found Severity: Medium
The SUSE operating system wireless network adapters must be disabled unless approved and documented.
2 rules found Severity: Medium
All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
2 rules found Severity: High
2 rules found Severity: Medium
3 rules found Severity: Medium
The UEM server must connect to [assignment: [list of applications]] and managed mobile devices with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: High
1 rule found Severity: Medium
The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic.
3 rules found Severity: Medium
The ESXi host must protect the confidentiality and integrity of transmitted information by protecting ESXi management traffic.
1 rule found Severity: Medium
The ESXi host must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic.
3 rules found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: High
1 rule found Severity: Medium
1 rule found Severity: Medium
The ESXi host must protect the confidentiality and integrity of transmitted information by isolating ESXi management traffic.
2 rules found Severity: Medium
1 rule found Severity: Low
1 rule found Severity: Medium
1 rule found Severity: Medium
The vCenter Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.
1 rule found Severity: High
The Photon operating system must have the OpenSSL FIPS provider installed to protect the confidentiality of remote access sessions.
2 rules found Severity: High
The IPsec VPN Gateway must specify Perfect Forward Secrecy (PFS) during Internet Key Exchange (IKE) negotiation.
1 rule found Severity: High
The VPN Gateway and Client must be configured to protect the confidentiality and integrity of transmitted information.
1 rule found Severity: High
1 rule found Severity: Medium
The vCenter Server must use DOD-approved encryption to protect the confidentiality of network sessions.
1 rule found Severity: Medium
1 rule found Severity: Medium