DISA_STIG_Ubuntu_20.04_LTS_v1r5.audit from DISA Canonical Ubuntu 20.04 LTS v1r5 STIG

UBTU-20-010000 - The Ubuntu operating system must provision temporary user accounts with an expiration time of 72 hours or less.

CAT|II

CCI|CCI-000016

Rule-ID|SV-238196r653763_rule

STIG-ID|UBTU-20-010000

Vuln-ID|V-238196

UBTU-20-010002 - The Ubuntu operating system must enable the graphical user logon banner to display the Standard Mandatory DoD Notice and Consent Banner before granting local access to the system via a graphical user logon.

CCI|CCI-000048

Rule-ID|SV-238197r653766_rule

STIG-ID|UBTU-20-010002

Vuln-ID|V-238197

UBTU-20-010003 - The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local access to the system via a graphical user logon.

Rule-ID|SV-238198r653769_rule

STIG-ID|UBTU-20-010003

Vuln-ID|V-238198

UBTU-20-010004 - The Ubuntu operating system must retain a user's session lock until that user reestablishes access using established identification and authentication procedures.

CCI|CCI-000056

CCI|CCI-000057

Rule-ID|SV-238199r653772_rule

STIG-ID|UBTU-20-010004

Vuln-ID|V-238199

UBTU-20-010005 - The Ubuntu operating system must allow users to directly initiate a session lock for all connection types.

CCI|CCI-000058

CCI|CCI-000060

Rule-ID|SV-238200r653775_rule

STIG-ID|UBTU-20-010005

Vuln-ID|V-238200

UBTU-20-010006 - The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication.

CAT|I

CCI|CCI-000187

Rule-ID|SV-238201r832933_rule

STIG-ID|UBTU-20-010006

Vuln-ID|V-238201

UBTU-20-010007 - The Ubuntu operating system must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.

CAT|III

CCI|CCI-000198

Rule-ID|SV-238202r653781_rule

STIG-ID|UBTU-20-010007

Vuln-ID|V-238202

UBTU-20-010008 - The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.

CCI|CCI-000199

Rule-ID|SV-238203r653784_rule

STIG-ID|UBTU-20-010008

Vuln-ID|V-238203

UBTU-20-010009 - Ubuntu operating systems when booted must require authentication upon booting into single-user and maintenance modes.

CCI|CCI-000213

Rule-ID|SV-238204r832936_rule

STIG-ID|UBTU-20-010009

Vuln-ID|V-238204

UBTU-20-010010 - The Ubuntu operating system must uniquely identify interactive users.

CCI|CCI-000764

CCI|CCI-000804

Rule-ID|SV-238205r653790_rule

STIG-ID|UBTU-20-010010

Vuln-ID|V-238205

UBTU-20-010012 - The Ubuntu operating system must ensure only users who need access to security functions are part of sudo group.

CCI|CCI-001084

Rule-ID|SV-238206r653793_rule

STIG-ID|UBTU-20-010012

Vuln-ID|V-238206

UBTU-20-010013 - The Ubuntu operating system must automatically terminate a user session after inactivity timeouts have expired.

CCI|CCI-002361

Rule-ID|SV-238207r653796_rule

STIG-ID|UBTU-20-010013

Vuln-ID|V-238207

UBTU-20-010014 - The Ubuntu operating system must require users to reauthenticate for privilege escalation or when changing roles.

CCI|CCI-002038

Rule-ID|SV-238208r653799_rule

STIG-ID|UBTU-20-010014

Vuln-ID|V-238208

UBTU-20-010016 - The Ubuntu operating system default filesystem permissions must be defined in such a way that all authenticated users can read and modify only their own files.

CCI|CCI-000366

Rule-ID|SV-238209r653802_rule

STIG-ID|UBTU-20-010016

Vuln-ID|V-238209

UBTU-20-010033 - The Ubuntu operating system must implement smart card logins for multifactor authentication for local and network access to privileged and non-privileged accounts - libpam-pkcs11

CCI|CCI-000765

CCI|CCI-000766

CCI|CCI-000767

CCI|CCI-000768

Rule-ID|SV-238210r653805_rule

STIG-ID|UBTU-20-010033

Vuln-ID|V-238210

UBTU-20-010033 - The Ubuntu operating system must implement smart card logins for multifactor authentication for local and network access to privileged and non-privileged accounts - PubkeyAuthentication

UBTU-20-010035 - The Ubuntu operating system must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions.

CCI|CCI-000877

Rule-ID|SV-238211r653808_rule

STIG-ID|UBTU-20-010035

Vuln-ID|V-238211

UBTU-20-010036 - The Ubuntu operating system must immediately terminate all network connections associated with SSH traffic after a period of inactivity.

CCI|CCI-000879

Rule-ID|SV-238212r653811_rule

STIG-ID|UBTU-20-010036

Vuln-ID|V-238212

UBTU-20-010037 - The Ubuntu operating system must immediately terminate all network connections associated with SSH traffic at the end of the session or after 10 minutes of inactivity.

CCI|CCI-001133

Rule-ID|SV-238213r653814_rule

STIG-ID|UBTU-20-010037

Vuln-ID|V-238213

UBTU-20-010038 - The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting any local or remote connection to the system - banner text

CCI|CCI-001384

CCI|CCI-001385

CCI|CCI-001386

CCI|CCI-001387

CCI|CCI-001388

Rule-ID|SV-238214r832938_rule

STIG-ID|UBTU-20-010038

Vuln-ID|V-238214

UBTU-20-010038 - The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting any local or remote connection to the system - sshd_config

UBTU-20-010042 - The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information - openssh-server

CCI|CCI-002418

CCI|CCI-002420

CCI|CCI-002422

Rule-ID|SV-238215r653820_rule

STIG-ID|UBTU-20-010042

Vuln-ID|V-238215

UBTU-20-010042 - The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information - sshd.service

UBTU-20-010043 - The Ubuntu operating system must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.

CCI|CCI-001453

CCI|CCI-002421

CCI|CCI-002890

Rule-ID|SV-238216r654316_rule

STIG-ID|UBTU-20-010043

Vuln-ID|V-238216

UBTU-20-010044 - The Ubuntu operating system must configure the SSH daemon to use FIPS 140-2 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.

CCI|CCI-000068

CCI|CCI-003123

Rule-ID|SV-238217r832940_rule

STIG-ID|UBTU-20-010044

Vuln-ID|V-238217

UBTU-20-010047 - The Ubuntu operating system must not allow unattended or automatic login via SSH - PermitEmptyPasswords

Rule-ID|SV-238218r653829_rule

STIG-ID|UBTU-20-010047

Vuln-ID|V-238218

UBTU-20-010047 - The Ubuntu operating system must not allow unattended or automatic login via SSH - PermitUserEnvironment

UBTU-20-010048 - The Ubuntu operating system must be configured so that remote X connections are disabled, unless to fulfill documented and validated mission requirements.

Rule-ID|SV-238219r653832_rule

STIG-ID|UBTU-20-010048

Vuln-ID|V-238219

UBTU-20-010049 - The Ubuntu operating system SSH daemon must prevent remote hosts from connecting to the proxy display.

Rule-ID|SV-238220r653835_rule

STIG-ID|UBTU-20-010049

Vuln-ID|V-238220

UBTU-20-010050 - The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.

CCI|CCI-000192

Rule-ID|SV-238221r653838_rule

STIG-ID|UBTU-20-010050

Vuln-ID|V-238221

UBTU-20-010051 - The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used.

CCI|CCI-000193

Rule-ID|SV-238222r653841_rule

STIG-ID|UBTU-20-010051

Vuln-ID|V-238222

UBTU-20-010052 - The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used.

CCI|CCI-000194

Rule-ID|SV-238223r653844_rule

STIG-ID|UBTU-20-010052

Vuln-ID|V-238223

UBTU-20-010053 - The Ubuntu operating system must require the change of at least 8 characters when passwords are changed.

CCI|CCI-000195

Rule-ID|SV-238224r653847_rule

STIG-ID|UBTU-20-010053

Vuln-ID|V-238224

UBTU-20-010054 - The Ubuntu operating system must enforce a minimum 15-character password length.

CCI|CCI-000205

Rule-ID|SV-238225r832942_rule

STIG-ID|UBTU-20-010054

Vuln-ID|V-238225

UBTU-20-010055 - The Ubuntu operating system must enforce password complexity by requiring that at least one special character be used.

CCI|CCI-001619

Rule-ID|SV-238226r653853_rule

STIG-ID|UBTU-20-010055

Vuln-ID|V-238226

UBTU-20-010056 - The Ubuntu operating system must prevent the use of dictionary words for passwords.

Rule-ID|SV-238227r653856_rule

STIG-ID|UBTU-20-010056

Vuln-ID|V-238227

UBTU-20-010057 - The Ubuntu operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used - enforcing

Rule-ID|SV-238228r653859_rule

STIG-ID|UBTU-20-010057

Vuln-ID|V-238228

UBTU-20-010057 - The Ubuntu operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used - libpam-pwquality

UBTU-20-010057 - The Ubuntu operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used - retry

UBTU-20-010060 - The Ubuntu operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.

CCI|CCI-000185

Rule-ID|SV-238229r653862_rule

STIG-ID|UBTU-20-010060

Vuln-ID|V-238229

UBTU-20-010063 - The Ubuntu operating system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.

CCI|CCI-001948

Rule-ID|SV-238230r653865_rule

STIG-ID|UBTU-20-010063

Vuln-ID|V-238230

UBTU-20-010064 - The Ubuntu operating system must accept Personal Identity Verification (PIV) credentials.

CCI|CCI-001953

Rule-ID|SV-238231r653868_rule

STIG-ID|UBTU-20-010064

Vuln-ID|V-238231

UBTU-20-010065 - The Ubuntu operating system must electronically verify Personal Identity Verification (PIV) credentials.

Detections

Analytics

DISA STIG Ubuntu 20.04 LTS v1r5

Warning! Audit Deprecated

Audit Details

Audit Changelog

Revision 1.4

Miscellaneous

Revision 1.3

Functional Update

Miscellaneous

Revision 1.2

Miscellaneous

Revision 1.1

Miscellaneous