CCI-002475
Implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information when at rest on organization-defined system components.
The storage system must implement cryptographic mechanisms to prevent unauthorized modification or disclosure of all information at rest on all storage system components.
1 rule found Severity: Low
IBM Aspera Faspex must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
1 rule found Severity: Medium
IBM Aspera Shares must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
1 rule found Severity: Medium
The IBM Aspera High-Speed Transfer Endpoint must enable content protection for each transfer user by encrypting passphrases used for server-side encryption at rest (SSEAR).
1 rule found Severity: Medium
The IBM Aspera High-Speed Transfer Endpoint must not store group content-protection secrets in plain text.
1 rule found Severity: Medium
The IBM Aspera High-Speed Transfer Endpoint must not store node content-protection secrets in plain text.
1 rule found Severity: Medium
The IBM Aspera High-Speed Transfer Endpoint must not store user content-protection secrets in plain text.
1 rule found Severity: Medium
The IBM Aspera High-Speed Transfer Server must enable content protection for each transfer user by encrypting passphrases used for server-side encryption at rest (SSEAR).
1 rule found Severity: Medium
The IBM Aspera High-Speed Transfer Server must not store group content-protection secrets in plain text.
1 rule found Severity: Medium
The IBM Aspera High-Speed Transfer Server must not store node content-protection secrets in plain text.
1 rule found Severity: Medium
The IBM Aspera High-Speed Transfer Server must not store user content-protection secrets in plain text.
1 rule found Severity: Medium
The MQ Appliance messaging server must implement cryptography mechanisms to protect the integrity of the remote access session.
1 rule found Severity: Medium
DB2 must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1 rule found Severity: Medium
1 rule found Severity: Low
SQL Server must implement and/or support cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1 rule found Severity: Medium
The Windows 2012 DNS Server must not contain zone records that have not been validated in over a year.
1 rule found Severity: Medium
1 rule found Severity: High
The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.
1 rule found Severity: Medium
Ubuntu operating systems handling data requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1 rule found Severity: Medium
MongoDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
3 rules found Severity: Medium
PostgreSQL must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
3 rules found Severity: Medium
The EDB Postgres Advanced Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
2 rules found Severity: Medium
The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.
1 rule found Severity: High
Ubuntu operating systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1 rule found Severity: Medium
The DNS server implementation must utilize cryptographic mechanisms to prevent unauthorized modification of DNS zone data.
1 rule found Severity: High
The HPE 3PAR OS must be configured to implement cryptographic mechanisms to prevent the unauthorized modification or disclosure of all information at rest on all operating system components.
1 rule found Severity: Medium
1 rule found Severity: High
1 rule found Severity: Medium
MarkLogic Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1 rule found Severity: High
Azure SQL Database must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1 rule found Severity: High
Windows 11 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.
1 rule found Severity: High
Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1 rule found Severity: High
1 rule found Severity: Medium
The MySQL Database Server 8.0 must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1 rule found Severity: High
Automation Controller must implement cryptography mechanisms to protect the integrity of information.
1 rule found Severity: High
Redis Enterprise DBMS must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1 rule found Severity: High
All SLEM 5 persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.
1 rule found Severity: High
All TOSS local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
1 rule found Severity: Medium
1 rule found Severity: High
The application server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest on organization-defined information system components.
1 rule found Severity: Medium
The application must implement approved cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest on organization-defined information system components.
1 rule found Severity: Medium
Ubuntu 22.04 LTS must implement cryptographic mechanisms to prevent unauthorized disclosure and modification of all information that requires protection at rest.
1 rule found Severity: Medium
For storage service offerings, the Mission Owner must configure or ensure the cloud instance uses encryption to protect all DOD files housed in the cloud instance.
1 rule found Severity: High
AlmaLinux OS 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
1 rule found Severity: High
The DBMS must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1 rule found Severity: High
The operating system must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest on all operating system components.
1 rule found Severity: High
The IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.
1 rule found Severity: High
The Mainframe Product must implement cryptographic mechanisms to prevent unauthorized modification of all information not cleared for public release at rest on system components outside of organization facilities.
1 rule found Severity: High
MariaDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1 rule found Severity: High
SQL Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
1 rule found Severity: High
Windows 10 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.
1 rule found Severity: High
1 rule found Severity: High
Windows 10 systems must use a BitLocker PIN with a minimum length of six digits for pre-boot authentication.
1 rule found Severity: High
Windows Server 2019 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1 rule found Severity: High
Windows Server 2022 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1 rule found Severity: High
All OL 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.
1 rule found Severity: High
RHEL 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
1 rule found Severity: High
All SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
1 rule found Severity: High
All SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.
1 rule found Severity: High
2 rules found Severity: Low
The operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures.
2 rules found Severity: Low
The VMM must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest on all VMM components.
1 rule found Severity: Medium
1 rule found Severity: High