Capacity
CCI-002475
Implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information when at rest on organization-defined system components.
17
Rule
Severity: High
Encrypt Partitions
2
Rule
Severity: Medium
The application server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest on organization-defined information system components.
2
Rule
Severity: Medium
The application must implement approved cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest on organization-defined information system components.
1
Rule
Severity: Medium
The DNS server implementation must utilize cryptographic mechanisms to prevent unauthorized modification of DNS zone data.
1
Rule
Severity: Low
The storage system must implement cryptographic mechanisms to prevent unauthorized modification or disclosure of all information at rest on all storage system components.
1
Rule
Severity: Medium
IBM Aspera Faspex must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
1
Rule
Severity: Medium
IBM Aspera Shares must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Endpoint must enable content protection for each transfer user by encrypting passphrases used for server-side encryption at rest (SSEAR).
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Endpoint must not store group content-protection secrets in plain text.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Endpoint must not store node content-protection secrets in plain text.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Endpoint must not store user content-protection secrets in plain text.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Server must enable content protection for each transfer user by encrypting passphrases used for server-side encryption at rest (SSEAR).
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Server must not store group content-protection secrets in plain text.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Server must not store node content-protection secrets in plain text.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Server must not store user content-protection secrets in plain text.
1
Rule
Severity: Medium
The MQ Appliance messaging server must implement cryptography mechanisms to protect the integrity of the remote access session.
2
Rule
Severity: High
The WebSphere Liberty Server must store only encrypted representations of user passwords.
1
Rule
Severity: Medium
DB2 must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
2
Rule
Severity: Medium
The WebSphere Liberty Server LTPA keys password must be changed.
1
Rule
Severity: Low
The WebSphere Application Server must not generate LTPA keys automatically.
1
Rule
Severity: Low
The WebSphere Application Server must periodically regenerate LTPA keys.
1
Rule
Severity: Medium
The Mainframe Product must implement cryptographic mechanisms to prevent unauthorized modification of all information not cleared for public release at rest on system components outside of organization facilities.
1
Rule
Severity: Medium
Azure SQL Database must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1
Rule
Severity: Medium
SQL Server must implement and/or support cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1
Rule
Severity: Medium
The Windows 2012 DNS Server must not contain zone records that have not been validated in over a year.
1
Rule
Severity: High
Nutanix AOS must protect the confidentiality and integrity of all information at rest.
2
Rule
Severity: High
Tomcat must use FIPS-validated ciphers on secured connectors.
1
Rule
Severity: Medium
The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.
3
Rule
Severity: High
The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.
1
Rule
Severity: Medium
Ubuntu operating systems handling data requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
3
Rule
Severity: High
The macOS system must enforce FileVault.
1
Rule
Severity: Medium
Ubuntu operating system must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest.
4
Rule
Severity: Medium
PostgreSQL must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
3
Rule
Severity: Medium
The EDB Postgres Advanced Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1
Rule
Severity: Medium
The DBMS must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
2
Rule
Severity: High
The operating system must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest on all operating system components.
2
Rule
Severity: Medium
The HPE 3PAR OS must be configured to implement cryptographic mechanisms to prevent the unauthorized modification or disclosure of all information at rest on all operating system components.
2
Rule
Severity: Medium
AIX must encrypt user data at rest using AIX Encrypted File System (EFS) if it is required.
1
Rule
Severity: Medium
The IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.
1
Rule
Severity: Medium
MarkLogic Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1
Rule
Severity: Medium
MariaDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
3
Rule
Severity: Medium
MongoDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1
Rule
Severity: Medium
SQL Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1
Rule
Severity: Medium
Windows 10 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.
1
Rule
Severity: Medium
Windows 10 systems must use a BitLocker PIN for pre-boot authentication.
1
Rule
Severity: Medium
Windows 10 systems must use a BitLocker PIN with a minimum length of six digits for pre-boot authentication.
1
Rule
Severity: Medium
Windows 11 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.
1
Rule
Severity: Medium
Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1
Rule
Severity: Medium
Windows Server 2019 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1
Rule
Severity: Medium
Windows Server 2022 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1
Rule
Severity: Medium
All OL 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.
1
Rule
Severity: Medium
The MySQL Database Server 8.0 must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
2
Rule
Severity: High
Automation Controller must implement cryptography mechanisms to protect the integrity of information.
1
Rule
Severity: Medium
Redis Enterprise DBMS must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1
Rule
Severity: Medium
All SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
2
Rule
Severity: High
RHEL 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
1
Rule
Severity: Medium
All SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.
4
Rule
Severity: Low
The operating system must employ cryptographic mechanisms to protect information in storage.
4
Rule
Severity: Low
The operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures.
2
Rule
Severity: Medium
The VMM must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest on all VMM components.
1
Rule
Severity: High
The ESXi Image Profile and vSphere Installation Bundle (VIB) acceptance levels must be verified.
3
Rule
Severity: Medium
The vCenter Server must enable data at rest encryption for vSAN.
2
Rule
Severity: Medium
The Windows DNS Server must only contain zone records that have been validated annually.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must implement cryptographic mechanisms to prevent unauthorized disclosure and modification of all information that requires protection at rest.
1
Rule
Severity: Medium
Ubuntu operating systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1
Rule
Severity: High
For storage service offerings, the Mission Owner must configure or ensure the cloud instance uses encryption to protect all DOD files housed in the cloud instance.
1
Rule
Severity: High
The DBMS must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1
Rule
Severity: High
The DNS server implementation must utilize cryptographic mechanisms to prevent unauthorized modification of DNS zone data.
1
Rule
Severity: High
The IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.
1
Rule
Severity: High
The Mainframe Product must implement cryptographic mechanisms to prevent unauthorized modification of all information not cleared for public release at rest on system components outside of organization facilities.
1
Rule
Severity: High
MariaDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1
Rule
Severity: High
MarkLogic Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1
Rule
Severity: High
Azure SQL Database must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1
Rule
Severity: High
SQL Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1
Rule
Severity: High
Windows 10 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.
1
Rule
Severity: High
Windows 10 systems must use a BitLocker PIN for pre-boot authentication.
1
Rule
Severity: High
Windows 11 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.
1
Rule
Severity: High
Windows 10 systems must use a BitLocker PIN with a minimum length of six digits for pre-boot authentication.
1
Rule
Severity: High
Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1
Rule
Severity: High
Windows Server 2019 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1
Rule
Severity: High
Windows Server 2022 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1
Rule
Severity: High
All OL 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.
1
Rule
Severity: High
The MySQL Database Server 8.0 must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1
Rule
Severity: High
Redis Enterprise DBMS must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1
Rule
Severity: High
All SLEM 5 persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.
1
Rule
Severity: High
All SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
1
Rule
Severity: High
All SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.
1
Rule
Severity: Medium
All TOSS local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules