Capacity
CCI-002422
Maintain the confidentiality and/or integrity of information during reception.
29
Rule
Severity: Medium
Install the OpenSSH Server Package
14
Rule
Severity: Medium
Enable the OpenSSH Service
3
Rule
Severity: Medium
Install the OpenSSH Client and Server Package
2
Rule
Severity: Medium
The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.
2
Rule
Severity: High
An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
2
Rule
Severity: Medium
The application server must maintain the confidentiality and integrity of information during reception.
2
Rule
Severity: Medium
The application must maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: Medium
The BlackBerry UEM server must connect to [assignment: [SQL Server]] with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: High
A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and t must perform integrity verification and data origin verification for all DNS information.
2
Rule
Severity: Medium
The system storage used for data collection by the CA IDMS server must be protected.
2
Rule
Severity: Medium
The storage used for data collection by CA IDMS web services must be protected.
2
Rule
Severity: Medium
The storage used for data collection by CA IDMS Server and CA IDMS Web Services must be protected from online display and update.
1
Rule
Severity: Medium
Citrix License Server must maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: Medium
XenDesktop License Server must maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: High
Citrix Linux Virtual Delivery Agent must implement DoD-approved encryption.
1
Rule
Severity: High
Citrix Receiver must implement DoD-approved encryption.
1
Rule
Severity: Medium
Citrix StoreFront server must accept Personal Identity Verification (PIV) credentials.
2
Rule
Severity: High
Citrix Windows Virtual Delivery Agent must implement DoD-approved encryption.
1
Rule
Severity: Medium
TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.
3
Rule
Severity: Medium
The DNS server implementation must maintain the integrity of information during reception.
1
Rule
Severity: High
DoD-approved encryption must be implemented to protect the confidentiality and integrity of remote access sessions, information during preparation for transmission, information during reception, and information during transmission in addition to enforcing replay-resistant authentication mechanisms for network access to privileged accounts.
1
Rule
Severity: Medium
The Infoblox DNS server implementation must maintain the integrity of information during reception.
1
Rule
Severity: Medium
The MQ Appliance messaging server must implement cryptography mechanisms to protect the integrity of the remote access session.
2
Rule
Severity: High
The WebSphere Liberty Server must use FIPS 140-2 approved encryption modules when authenticating users and processes.
1
Rule
Severity: Medium
DB2 must maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: Medium
The WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes.
2
Rule
Severity: Medium
The ISEC7 EMM Suite must protect the confidentiality and integrity of transmitted information during preparation for transmission and during reception using cryptographic mechanisms.
2
Rule
Severity: High
The Jamf Pro EMM server must connect to [Authentication Gateway Service (AGS)] with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information.
2
Rule
Severity: Medium
Azure SQL Database must maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: Medium
The confidentiality and integrity of information managed by SQL Server must be maintained during reception.
1
Rule
Severity: Medium
Nutanix AOS must maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: Medium
OHS must have the LoadModule ossl_module directive enabled to maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: Medium
OHS must have the SSLFIPS directive enabled to maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: Medium
OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: Medium
OHS must have the SSLCipherSuite directive enabled to maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: Medium
If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL, OHS must have the SSLSecureProxy directive enabled to maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: Medium
If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL, OHS must have the WLSSLWallet directive enabled to maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: Medium
If using the WebLogic Web Server Proxy Plugin and configuring SSL termination at OHS, OHS must have the WLProxySSL directive enabled to maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: High
Innoslate must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.
2
Rule
Severity: Medium
Any Tanium configured EMAIL RESULTS connectors must be configured to enable TLS/SSL to encrypt communications.
2
Rule
Severity: Medium
The Apache web server must use cryptography to protect the integrity of remote sessions.
1
Rule
Severity: High
The macOS system must disable the SSHD service.
1
Rule
Severity: Medium
The macOS system must enable SSH server for remote access sessions.
1
Rule
Severity: High
The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).
2
Rule
Severity: High
The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information.
4
Rule
Severity: Medium
PostgreSQL must maintain the confidentiality and integrity of information during reception.
2
Rule
Severity: Medium
The container platform must maintain the confidentiality and integrity of information during reception.
3
Rule
Severity: Medium
The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during reception.
2
Rule
Severity: Medium
The DBMS must maintain the confidentiality and integrity of information during reception.
2
Rule
Severity: Medium
The operating system must maintain the confidentiality and integrity of information during reception.
2
Rule
Severity: Medium
SSMC must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
2
Rule
Severity: High
SSMC web server must use encryption strength in accordance with the categorization of data hosted by the web server when remote connections are provided.
2
Rule
Severity: High
The HPE 3PAR OS must be configured to restrict the encryption algorithms and protocols to comply with DOD-approved encryption to protect the confidentiality and integrity of remote access sessions.
2
Rule
Severity: Medium
AIX must protect the confidentiality and integrity of transmitted information during preparation for transmission and maintain the confidentiality and integrity of information during reception and disable all non-encryption network access methods.
4
Rule
Severity: Medium
IBM z/OS SSL encryption options for the TN3270 Telnet Server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.
2
Rule
Severity: Medium
IBM z/OS SSL encryption options for the TN3270 Telnet server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.
2
Rule
Severity: Medium
IBM z/OS TELNETPARMS or TELNETGLOBALS must specify a SECUREPORT statement for systems requiring confidentiality and integrity.
2
Rule
Severity: Medium
MariaDB must maintain the confidentiality and integrity of information during reception.
3
Rule
Severity: Medium
MongoDB must maintain the confidentiality and integrity of information during reception.
2
Rule
Severity: Medium
Protection methods such as TLS, encrypted VPNs, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.
2
Rule
Severity: Medium
Windows Server 2019 must implement protection methods such as TLS, encrypted VPNs, or IPsec if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.
2
Rule
Severity: Medium
Windows Server 2022 must implement protection methods such as TLS, encrypted VPNs, or IPsec if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that all networked systems have SSH installed.
2
Rule
Severity: Medium
All OL 8 networked systems must have SSH installed.
2
Rule
Severity: Medium
All OL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
2
Rule
Severity: Medium
Automation Controller must use encryption strength in accordance with the categorization of the management data during remote access management sessions.
2
Rule
Severity: Medium
Redis Enterprise DBMS must maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: Medium
The Automation Controller NGINX web server must employ cryptographic mechanisms (TLS/DTLS/SSL) to prevent the unauthorized disclosure of information during transmission.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all networked systems have SSH installed.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all networked systems use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission.
2
Rule
Severity: Medium
All RHEL 9 networked systems must have SSH installed.
2
Rule
Severity: Medium
All RHEL 9 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
4
Rule
Severity: High
All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
2
Rule
Severity: Medium
RHEL 9 must implement DOD-approved encryption in the bind package.
2
Rule
Severity: Medium
The VMM must maintain the confidentiality and integrity of information during reception.
1
Rule
Severity: Medium
VAMI must implement Transport Layer Security (TLS) 1.2 exclusively.
3
Rule
Severity: High
The ESXi host must maintain the confidentiality and integrity of information during transmission by exclusively enabling Transport Layer Security (TLS) 1.2.
1
Rule
Severity: Medium
The Photon operating system must use an OpenSSH server version that does not support protocol 1.
1
Rule
Severity: High
VMware Postgres must be configured to use Transport Layer Security (TLS).
1
Rule
Severity: Medium
Envoy must use only Transport Layer Security (TLS) 1.2 for the protection of client connections.
3
Rule
Severity: High
The Photon operating system must have the OpenSSL FIPS provider installed to protect the confidentiality of remote access sessions.
2
Rule
Severity: Medium
The vCenter PostgreSQL service must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.
2
Rule
Severity: Medium
The web server must maintain the confidentiality and integrity of information during reception.
2
Rule
Severity: Medium
The Windows DNS Server must maintain the integrity of information during reception.
1
Rule
Severity: High
Ubuntu 22.04 LTS must have SSH installed.
1
Rule
Severity: High
Ubuntu 22.04 LTS must use SSH to protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: Medium
The ISEC7 SPHERE must protect the confidentiality and integrity of transmitted information during preparation for transmission and during reception using cryptographic mechanisms.
1
Rule
Severity: High
FIPS mode must be enabled.
1
Rule
Severity: High
Rancher RKE2 must protect authenticity of communications sessions with the use of FIPS-validated 140-2 or 140-3 security requirements for cryptographic modules.
1
Rule
Severity: High
The Automation Controller NGINX web server must employ cryptographic mechanisms (TLS/DTLS/SSL) to prevent the unauthorized disclosure of information during transmission.
1
Rule
Severity: High
SLEM 5 must use SSH to protect the confidentiality and integrity of transmitted information.
1
Rule
Severity: Medium
All TOSS networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
1
Rule
Severity: Medium
The ESXi host must use DOD-approved encryption to protect the confidentiality of network sessions.
1
Rule
Severity: Medium
The vCenter Server must use DOD-approved encryption to protect the confidentiality of network sessions.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules