Capacity
CCI-002476
Implement cryptographic mechanisms to prevent unauthorized disclosure of organization-defined information at rest on organization-defined system components.
5
Rule
Severity: High
Enable FIPS Mode in GRUB2
17
Rule
Severity: High
Encrypt Partitions
2
Rule
Severity: High
An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version.
2
Rule
Severity: Medium
The application must implement cryptographic mechanisms to prevent unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
2
Rule
Severity: Medium
The application must use appropriate cryptography in order to protect stored DoD information when required by the information owner or DoD policy.
1
Rule
Severity: Medium
CA IDMS must use pervasive encryption to cryptographically protect the confidentiality and integrity of all information at rest in accordance with data owner requirements.
1
Rule
Severity: Medium
The DNS server implementation must utilize cryptographic mechanisms to prevent unauthorized disclosure of non-DNS data stored on the DNS server.
1
Rule
Severity: Low
The storage system must implement cryptographic mechanisms to prevent unauthorized modification or disclosure of all information at rest on all storage system components.
1
Rule
Severity: Medium
IBM Aspera Faspex must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
1
Rule
Severity: Medium
IBM Aspera Shares must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Endpoint must enable content protection for each transfer user by encrypting passphrases used for server-side encryption at rest (SSEAR).
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Endpoint must not store group content-protection secrets in plain text.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Endpoint must not store node content-protection secrets in plain text.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Endpoint must not store user content-protection secrets in plain text.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Server must enable content protection for each transfer user by encrypting passphrases used for server-side encryption at rest (SSEAR).
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Server must not store group content-protection secrets in plain text.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Server must not store node content-protection secrets in plain text.
1
Rule
Severity: Medium
The IBM Aspera High-Speed Transfer Server must not store user content-protection secrets in plain text.
1
Rule
Severity: Medium
The MQ Appliance messaging server must implement cryptography mechanisms to protect the integrity of the remote access session.
2
Rule
Severity: High
The WebSphere Liberty Server must store only encrypted representations of user passwords.
1
Rule
Severity: Medium
DB2 must implement and/or support cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
1
Rule
Severity: Medium
The Mainframe Product must implement cryptographic mechanisms to prevent unauthorized disclosure of all information not cleared for public release at rest on system components outside of organization facilities.
1
Rule
Severity: Medium
Azure SQL Database must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
2
Rule
Severity: Medium
Rights managed Office Open XML files must be protected.
4
Rule
Severity: Medium
Encrypt document properties must be configured for OLE documents.
2
Rule
Severity: Medium
Rights managed Office Open XML files must be protected.
1
Rule
Severity: Medium
SQL Server must implement and/or support cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
1
Rule
Severity: High
Nutanix AOS must protect the confidentiality and integrity of all information at rest.
1
Rule
Severity: Medium
The Tanium Server must protect the confidentiality and integrity of transmitted information, in preparation to be transmitted and data at rest, with cryptographic signing capabilities enabled to protect the authenticity of communications sessions when making requests from Tanium Clients.
2
Rule
Severity: High
Tomcat must use FIPS-validated ciphers on secured connectors.
1
Rule
Severity: Medium
The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.
3
Rule
Severity: High
The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.
1
Rule
Severity: Medium
Ubuntu operating systems handling data requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
3
Rule
Severity: High
The macOS system must enforce FileVault.
1
Rule
Severity: Medium
Ubuntu operating system must implement cryptographic mechanisms to prevent unauthorized disclosure of all information at rest.
4
Rule
Severity: Medium
PostgreSQL must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
2
Rule
Severity: Medium
The container platform keystore must implement encryption to prevent unauthorized disclosure of information at rest within the container platform.
3
Rule
Severity: Medium
The EDB Postgres Advanced Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
1
Rule
Severity: Medium
The DBMS must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
2
Rule
Severity: High
The operating system must implement cryptographic mechanisms to prevent unauthorized disclosure of all information at rest on all operating system components.
2
Rule
Severity: Medium
The HPE 3PAR OS must be configured to implement cryptographic mechanisms to prevent the unauthorized modification or disclosure of all information at rest on all operating system components.
2
Rule
Severity: Medium
AIX must encrypt user data at rest using AIX Encrypted File System (EFS) if it is required.
2
Rule
Severity: Medium
The IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.
1
Rule
Severity: Medium
MarkLogic Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
1
Rule
Severity: Medium
MariaDB must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
2
Rule
Severity: Medium
MongoDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
2
Rule
Severity: Medium
The IIS 10.0 private website must employ cryptographic mechanisms (TLS) and require client certificates.
3
Rule
Severity: Medium
Document metadata for rights managed Office Open XML files must be protected.
1
Rule
Severity: Medium
SQL Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
1
Rule
Severity: Medium
Windows 10 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.
1
Rule
Severity: Medium
Windows 10 systems must use a BitLocker PIN for pre-boot authentication.
1
Rule
Severity: Medium
Windows 10 systems must use a BitLocker PIN with a minimum length of six digits for pre-boot authentication.
1
Rule
Severity: Medium
Windows 11 systems must use a BitLocker PIN for pre-boot authentication.
1
Rule
Severity: Medium
Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1
Rule
Severity: Medium
Windows Server 2019 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1
Rule
Severity: Medium
Windows Server 2022 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1
Rule
Severity: Medium
All OL 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.
2
Rule
Severity: High
The Oracle Linux operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
1
Rule
Severity: Medium
The MySQL Database Server 8.0 must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
2
Rule
Severity: High
Automation Controller must implement cryptography mechanisms to protect the integrity of information.
1
Rule
Severity: Medium
Redis Enterprise DBMS must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
1
Rule
Severity: Medium
Rancher RKE2 keystore must implement encryption to prevent unauthorized disclosure of information at rest within Rancher RKE2.
2
Rule
Severity: Medium
OpenShift keystore must implement encryption to prevent unauthorized disclosure of information at rest within the container platform.
1
Rule
Severity: Medium
The Automation Controller NGINX web server must employ cryptographic mechanisms (TLS/DTLS/SSL) to prevent the unauthorized disclosure of information during transmission.
1
Rule
Severity: High
The Red Hat Enterprise Linux operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
2
Rule
Severity: High
RHEL 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
2
Rule
Severity: Medium
The VMM must implement cryptographic mechanisms to prevent unauthorized disclosure of all information at rest on all VMM components.
1
Rule
Severity: Medium
The web server must encrypt user identifiers and passwords.
1
Rule
Severity: High
CA IDMS must use pervasive encryption to cryptographically protect the confidentiality and integrity of all information at rest in accordance with data owner requirements.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must implement cryptographic mechanisms to prevent unauthorized disclosure and modification of all information that requires protection at rest.
1
Rule
Severity: Medium
Ubuntu operating systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1
Rule
Severity: High
The DBMS must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
1
Rule
Severity: High
The DNS server implementation must utilize cryptographic mechanisms to prevent unauthorized disclosure of non-DNS data stored on the DNS server.
2
Rule
Severity: High
The IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.
1
Rule
Severity: High
The Mainframe Product must implement cryptographic mechanisms to prevent unauthorized disclosure of all information not cleared for public release at rest on system components outside of organization facilities.
1
Rule
Severity: High
MariaDB must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
1
Rule
Severity: High
MarkLogic Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
1
Rule
Severity: Medium
Swarm Secrets or Kubernetes Secrets must be used.
1
Rule
Severity: High
Azure SQL Database must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
1
Rule
Severity: High
SQL Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
1
Rule
Severity: High
Windows 10 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.
1
Rule
Severity: High
Windows 10 systems must use a BitLocker PIN for pre-boot authentication.
1
Rule
Severity: High
Windows 11 systems must use a BitLocker PIN for pre-boot authentication.
1
Rule
Severity: High
Windows 10 systems must use a BitLocker PIN with a minimum length of six digits for pre-boot authentication.
1
Rule
Severity: High
Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1
Rule
Severity: High
Windows Server 2019 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1
Rule
Severity: High
Windows Server 2022 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
1
Rule
Severity: High
All OL 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.
1
Rule
Severity: High
The MySQL Database Server 8.0 must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
1
Rule
Severity: High
Redis Enterprise DBMS must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
1
Rule
Severity: High
Rancher RKE2 keystore must implement encryption to prevent unauthorized disclosure of information at rest within Rancher RKE2.
1
Rule
Severity: High
The Automation Controller NGINX web server must employ cryptographic mechanisms (TLS/DTLS/SSL) to prevent the unauthorized disclosure of information during transmission.
1
Rule
Severity: High
All SLEM 5 persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.
1
Rule
Severity: Medium
All TOSS local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
1
Rule
Severity: High
The web server must encrypt user identifiers and passwords.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules