💼 AC-17(2) Remote Access | Protection of Confidentiality and Integrity Using Encryption

• ID: /frameworks/nist-sp-800-53-r5/ac/17/02

Description

Implement cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions.

Similar

• Sections
  • /frameworks/aws-fsbp-v1.0.0/api-gateway/02
  • /frameworks/aws-fsbp-v1.0.0/cloudfront/03
  • /frameworks/aws-fsbp-v1.0.0/cloudfront/07
  • /frameworks/aws-fsbp-v1.0.0/cloudfront/08
  • /frameworks/aws-fsbp-v1.0.0/cloudfront/10
  • /frameworks/aws-fsbp-v1.0.0/elasticache/05
  • /frameworks/aws-fsbp-v1.0.0/elb/01
  • /frameworks/aws-fsbp-v1.0.0/elb/02
  • /frameworks/aws-fsbp-v1.0.0/elb/03
  • /frameworks/aws-fsbp-v1.0.0/elb/08
  • /frameworks/aws-fsbp-v1.0.0/elb/17
  • /frameworks/aws-fsbp-v1.0.0/es/08
  • /frameworks/aws-fsbp-v1.0.0/opensearch/08
  • /frameworks/aws-fsbp-v1.0.0/s3/05
• Internal
  • ID: dec-c-ec9990b0

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [APIGateway.2] API Gateway REST API stages should be configured to use SSL certificates for backend authentication"		1	1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.3] CloudFront distributions should require encryption in transit		1	1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.7] CloudFront distributions should use custom SSL/TLS certificates		1	1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.8] CloudFront distributions should use SNI to serve HTTPS requests		1	1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.10] CloudFront distributions should not use deprecated SSL protocols between edge locations and custom origins		1	1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ElastiCache.5] ElastiCache replication groups should be encrypted in transit					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.1] Application Load Balancer should be configured to redirect all HTTP requests to HTTPS					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.2] Classic Load Balancers with SSL/HTTPS listeners should use a certificate provided by AWS Certificate Manager					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.3] Classic Load Balancer listeners should be configured with HTTPS or TLS termination					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.8] Classic Load Balancers with SSL listeners should use a predefined security policy that has strong AWS Configuration					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.17] Application and Network Load Balancers with listeners should use recommended security policies					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.8] Connections to Elasticsearch domains should be encrypted using the latest TLS security policy					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.8] Connections to OpenSearch domains should be encrypted using the latest TLS security policy					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.5] S3 general purpose buckets should require requests to use SSL		1	1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 FedRAMP High Security Controls → 💼 AC-17(2) Protection of Confidentiality and Integrity Using Encryption (M)(H)			17		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (17)

Policy	Logic Count	Flags	Compliance
🛡️ AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution uses default SSL/TLS certificate🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution uses Dedicated IP for SSL🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢	1	🟢 x6	no data
🛡️ Azure App Service Authentication is disabled and Basic Authentication is enabled🟢	1	🟢 x6	no data
🛡️ Azure App Service Basic Authentication is enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ Azure App Service FTP deployments are not disabled🟢	1	🟢 x6	no data
🛡️ Azure App Service HTTPS Only configuration is not enabled🟢	1	🟢 x6	no data
🛡️ Azure App Service Minimum TLS Version is not set to TLS 1.2 or higher🟢	1	🟢 x6	no data
🛡️ Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure MySQL Flexible Server TLS Version is not set to TLS 1.2🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled🟢	1	🟢 x6	no data
🛡️ Azure Storage Account Minimum TLS Version is not set to TLS 1.2 or higher🟢	1	🟢 x6	no data
🛡️ Azure Storage Account Secure Transfer Required is not enabled🟢	1	🟢 x6	no data

Internal Rules

Rule	Policies	Flags
✉️ dec-x-2ace1952	1
✉️ dec-x-14f5fc25	1
✉️ dec-x-75db76ad	1
✉️ dec-x-4002ecfe	1
✉️ dec-x-995424b7	2
✉️ dec-x-aeac09d6	1
✉️ dec-x-b94bd368	1
✉️ dec-x-c0a7793e	1
✉️ dec-x-ca52f63a	2
✉️ dec-x-d5fbfc40	1
✉️ dec-x-d9d39f21	1
✉️ dec-x-d95ea48b	1