Capacity
CCI-002420
Maintain the confidentiality and/or integrity of information during preparation for transmission.
29
Rule
Severity: Medium
Install the OpenSSH Server Package
14
Rule
Severity: Medium
Enable the OpenSSH Service
3
Rule
Severity: Medium
Install the OpenSSH Client and Server Package
2
Rule
Severity: High
An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
2
Rule
Severity: Medium
The application server must maintain the confidentiality and integrity of information during preparation for transmission.
2
Rule
Severity: Medium
The application must maintain the confidentiality and integrity of information during preparation for transmission.
2
Rule
Severity: Medium
The application must not disclose unnecessary information to users.
2
Rule
Severity: High
The application must not store sensitive information in hidden fields.
1
Rule
Severity: Medium
The BlackBerry UEM server must connect to [assignment: [SQL Server]] with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: High
A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information.
2
Rule
Severity: Medium
The system storage used for data collection by the CA IDMS server must be protected.
2
Rule
Severity: Medium
The cache table procedures and views used for performance enhancements for dynamic SQL must be protected.
2
Rule
Severity: Medium
The storage used for data collection by CA IDMS web services must be protected.
2
Rule
Severity: Medium
The storage used for data collection by CA IDMS Server and CA IDMS Web Services must be protected from online display and update.
1
Rule
Severity: High
Citrix Linux Virtual Delivery Agent must implement DoD-approved encryption.
1
Rule
Severity: High
Citrix Receiver must implement DoD-approved encryption.
2
Rule
Severity: High
Citrix Windows Virtual Delivery Agent must implement DoD-approved encryption.
1
Rule
Severity: Medium
TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.
3
Rule
Severity: Medium
The DNS server implementation must maintain the integrity of information during preparation for transmission.
1
Rule
Severity: High
DoD-approved encryption must be implemented to protect the confidentiality and integrity of remote access sessions, information during preparation for transmission, information during reception, and information during transmission in addition to enforcing replay-resistant authentication mechanisms for network access to privileged accounts.
1
Rule
Severity: Medium
The Infoblox DNS server implementation must maintain the integrity of information during preparation for transmission.
1
Rule
Severity: Medium
The MQ Appliance messaging server must implement cryptography mechanisms to protect the integrity of the remote access session.
1
Rule
Severity: Medium
DB2 must maintain the confidentiality and integrity of information during preparation for transmission.
1
Rule
Severity: Medium
The WebSphere Application Server distribution and consistency services (DCS) transport links must be encrypted.
2
Rule
Severity: Medium
The ISEC7 EMM Suite must protect the confidentiality and integrity of transmitted information during preparation for transmission and during reception using cryptographic mechanisms.
2
Rule
Severity: High
The Jamf Pro EMM server must connect to [Authentication Gateway Service (AGS)] with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: Medium
Azure SQL Database must maintain the confidentiality and integrity of information during preparation for transmission.
1
Rule
Severity: High
SharePoint must maintain the confidentiality of information during aggregation, packaging, and transformation in preparation for transmission. When transmitting data, applications need to leverage transmission protection mechanisms such as TLS, SSL VPNs, or IPSec.
1
Rule
Severity: Medium
The confidentiality and integrity of information managed by SQL Server must be maintained during preparation for transmission.
1
Rule
Severity: Medium
The Windows 2012 DNS Server must maintain the integrity of information during reception.
1
Rule
Severity: Medium
Nutanix AOS must maintain the confidentiality and integrity of information during preparation for transmission.
1
Rule
Severity: Medium
OHS must have the LoadModule ossl_module directive enabled to maintain the confidentiality and integrity of information during preparation for transmission.
1
Rule
Severity: Medium
OHS must have the SSLFIPS directive enabled to maintain the confidentiality and integrity of information during preparation for transmission.
1
Rule
Severity: Medium
OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to maintain the confidentiality and integrity of information during preparation for transmission.
1
Rule
Severity: Medium
OHS must have the SSLCipherSuite directive enabled to maintain the confidentiality and integrity of information during preparation for transmission.
1
Rule
Severity: Medium
If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL, OHS must have the SecureProxy directive enabled to maintain the confidentiality and integrity of information during preparation for transmission.
1
Rule
Severity: Medium
If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL, OHS must have the WLSSLWallet directive enabled to maintain the confidentiality and integrity of information during preparation for transmission.
1
Rule
Severity: Medium
If using the WebLogic Web Server Proxy Plugin and configuring SSL termination at OHS, OHS must have the WLSProxySSL directive enabled to maintain the confidentiality and integrity of information during preparation for transmission.
1
Rule
Severity: Low
Oracle WebLogic must protect the integrity of applications during the processes of data aggregation, packaging, and transformation in preparation for deployment.
1
Rule
Severity: Medium
The Tanium Server must protect the confidentiality and integrity of transmitted information with cryptographic signing capabilities enabled to ensure the authenticity of communications sessions when making requests from Tanium Clients.
1
Rule
Severity: Medium
The Tanium Server must protect the confidentiality and integrity of transmitted information, in preparation to be transmitted and data at rest, with cryptographic signing capabilities enabled to protect the authenticity of communications sessions when making requests from Tanium Clients.
1
Rule
Severity: High
The macOS system must disable the SSHD service.
1
Rule
Severity: Medium
The macOS system must enable SSH server for remote access sessions.
1
Rule
Severity: High
The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).
2
Rule
Severity: High
The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information.
4
Rule
Severity: Medium
PostgreSQL must maintain the confidentiality and integrity of information during preparation for transmission.
2
Rule
Severity: Medium
The container platform must maintain the confidentiality and integrity of information during preparation for transmission.
3
Rule
Severity: Medium
The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission.
2
Rule
Severity: Medium
The DBMS must maintain the confidentiality and integrity of information during preparation for transmission.
2
Rule
Severity: Medium
The operating system must maintain the confidentiality and integrity of information during preparation for transmission.
2
Rule
Severity: Medium
SSMC must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
2
Rule
Severity: High
SSMC web server must use encryption strength in accordance with the categorization of data hosted by the web server when remote connections are provided.
2
Rule
Severity: High
The HPE 3PAR OS must be configured to restrict the encryption algorithms and protocols to comply with DOD-approved encryption to protect the confidentiality and integrity of remote access sessions.
2
Rule
Severity: Medium
AIX must protect the confidentiality and integrity of transmitted information during preparation for transmission and maintain the confidentiality and integrity of information during reception and disable all non-encryption network access methods.
4
Rule
Severity: Medium
IBM z/OS SSL encryption options for the TN3270 Telnet Server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.
2
Rule
Severity: Medium
IBM z/OS SSL encryption options for the TN3270 Telnet server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.
2
Rule
Severity: Medium
IBM z/OS TELNETPARMS or TELNETGLOBALS must specify a SECUREPORT statement for systems requiring confidentiality and integrity.
1
Rule
Severity: Medium
The IBM z/OS systems requiring data-at-rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.
1
Rule
Severity: Medium
The IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.
2
Rule
Severity: Medium
MariaDB must maintain the confidentiality and integrity of information during preparation for transmission.
3
Rule
Severity: Medium
MongoDB must maintain the confidentiality and integrity of information during preparation for transmission.
2
Rule
Severity: Medium
Exchange must render hyperlinks from email sources from non-.mil domains as unclickable.
2
Rule
Severity: Medium
Protection methods such as TLS, encrypted VPNs, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.
2
Rule
Severity: Medium
Windows Server 2019 must implement protection methods such as TLS, encrypted VPNs, or IPsec if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.
2
Rule
Severity: Medium
Windows Server 2022 must implement protection methods such as TLS, encrypted VPNs, or IPsec if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.
1
Rule
Severity: High
The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that all networked systems have SSH installed.
2
Rule
Severity: Medium
All OL 8 networked systems must have SSH installed.
2
Rule
Severity: Medium
All OL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
2
Rule
Severity: Medium
The MySQL Database Server 8.0 must maintain the confidentiality and integrity of information during preparation for transmission.
2
Rule
Severity: Medium
Automation Controller must use encryption strength in accordance with the categorization of the management data during remote access management sessions.
2
Rule
Severity: Medium
Redis Enterprise DBMS must maintain the confidentiality and integrity of information during preparation for transmission.
2
Rule
Severity: Medium
The Automation Controller NGINX web servers must maintain the confidentiality and integrity of information during preparation for transmission.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all networked systems have SSH installed.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all networked systems use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission.
2
Rule
Severity: Medium
All RHEL 9 networked systems must have SSH installed.
2
Rule
Severity: Medium
All RHEL 9 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
4
Rule
Severity: High
All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
4
Rule
Severity: Medium
The operating system must maintain the integrity of information during aggregation, packaging, and transformation in preparation for transmission.
4
Rule
Severity: Medium
The operating system must maintain the confidentiality of information during aggregation, packaging, and transformation in preparation for transmission.
2
Rule
Severity: Medium
The VMM must maintain the confidentiality and integrity of information during preparation for transmission.
1
Rule
Severity: High
The ESXi host must exclusively enable Transport Layer Security (TLS) 1.2 for all endpoints.
3
Rule
Severity: High
The ESXi host must maintain the confidentiality and integrity of information during transmission by exclusively enabling Transport Layer Security (TLS) 1.2.
1
Rule
Severity: Medium
The Photon operating system must use an OpenSSH server version that does not support protocol 1.
1
Rule
Severity: Medium
Envoy must use only Transport Layer Security (TLS) 1.2 for the protection of client connections.
3
Rule
Severity: High
The Photon operating system must have the OpenSSL FIPS provider installed to protect the confidentiality of remote access sessions.
2
Rule
Severity: Medium
The vCenter PostgreSQL service must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.
2
Rule
Severity: Medium
The web server must maintain the confidentiality and integrity of information during preparation for transmission.
2
Rule
Severity: Medium
The Windows DNS Server must maintain the integrity of information during preparation for transmission.
1
Rule
Severity: High
Ubuntu 22.04 LTS must have SSH installed.
1
Rule
Severity: High
Ubuntu 22.04 LTS must use SSH to protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: Medium
The ISEC7 SPHERE must protect the confidentiality and integrity of transmitted information during preparation for transmission and during reception using cryptographic mechanisms.
1
Rule
Severity: High
The IBM z/OS systems requiring data-at-rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.
1
Rule
Severity: High
The IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.
1
Rule
Severity: High
FIPS mode must be enabled.
1
Rule
Severity: High
Rancher RKE2 must protect authenticity of communications sessions with the use of FIPS-validated 140-2 or 140-3 security requirements for cryptographic modules.
1
Rule
Severity: High
SLEM 5 must use SSH to protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: Medium
All TOSS networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
1
Rule
Severity: Medium
The ESXi host must use DOD-approved encryption to protect the confidentiality of network sessions.
1
Rule
Severity: Medium
The vCenter Server must use DOD-approved encryption to protect the confidentiality of network sessions.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules