800-53|CA-9

Title

INTERNAL SYSTEM CONNECTIONS

Description

The organization:

Supplemental

This control applies to connections between organizational information systems and (separate) constituent system components (i.e., intra-system connections) including, for example, system connections with mobile devices, notebook/desktop computers, printers, copiers, facsimile machines, scanners, sensors, and servers. Instead of authorizing each individual internal connection, organizations can authorize internal connections for a class of components with common characteristics and/or configurations, for example, all digital printers, scanners, and copiers with a specified processing, storage, and transmission capability or all smart phones with a specific baseline configuration.

Reference Item Details

Related: AC-18,AC-19,AC-3,AC-4,AU-12,AU-2,CA-7,CM-2,IA-3,SC-7,SI-4

Category: SECURITY ASSESSMENT AND AUTHORIZATION

Family: SECURITY ASSESSMENT AND AUTHORIZATION

Priority: P2

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.3 Set 'no exec' for 'line aux 0'CiscoCIS Cisco IOS 16 L1 v2.0.0
1.2.3 Set 'no exec' for 'line aux 0'CiscoCIS Cisco IOS 17 L1 v2.0.0
1.5.1 Set 'no snmp-server' to disable SNMP when unusedCiscoCIS Cisco IOS 16 L1 v2.0.0
1.5.1 Set 'no snmp-server' to disable SNMP when unusedCiscoCIS Cisco IOS 17 L1 v2.0.0
1.5.2 Unset 'private' for 'snmp-server community'CiscoCIS Cisco IOS 16 L1 v2.0.0
1.5.2 Unset 'private' for 'snmp-server community'CiscoCIS Cisco IOS 17 L1 v2.0.0
1.5.3 Unset 'public' for 'snmp-server community'CiscoCIS Cisco IOS 16 L1 v2.0.0
1.5.3 Unset 'public' for 'snmp-server community'CiscoCIS Cisco IOS 17 L1 v2.0.0
1.5.4 Do not set 'RW' for any 'snmp-server community'CiscoCIS Cisco IOS 17 L1 v2.0.0
1.5.4 Do not set 'RW' for any 'snmp-server community'CiscoCIS Cisco IOS 16 L1 v2.0.0
1.6.3 Create network segmentation using Network PoliciesUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L2
2.1 Configure TCP WrappersUnixCIS Oracle Solaris 11.4 L1 v1.1.0
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2017 Database L1 DB v1.3.0
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2016 Database L1 AWS RDS v1.4.0
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2016 Database L1 DB v1.4.0
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2017 Database L1 AWS RDS v1.3.0
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2019 Database L1 DB v1.3.0
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2022 Database L1 AWS RDS v1.0.0
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2019 Database L1 AWS RDS v1.3.0
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2022 Database L1 DB v1.0.0
2.1.1 Ensure 'extproc' Is Not Present in 'listener.ora'UnixCIS Oracle Server 19c Linux v1.2.0
2.1.1 Ensure 'extproc' Is Not Present in 'listener.ora'WindowsCIS Oracle Server 19c Windows v1.2.0
2.1.2 Ensure 'extproc' Is Not Present in 'listener.ora'UnixCIS Oracle Server 18c Linux v1.1.0
2.1.2 Ensure 'extproc' Is Not Present in 'listener.ora'WindowsCIS Oracle Server 18c Windows v1.1.0
2.1.2 Set 'no cdp run'CiscoCIS Cisco IOS 16 L1 v2.0.0
2.1.2 Set 'no cdp run'CiscoCIS Cisco IOS 17 L1 v2.0.0
2.1.3 Ensure NFS and RPC are not enabled - nfs-serverUnixCIS Google Container-Optimized OS L1 Server v1.1.0
2.1.3 Ensure NFS and RPC are not enabled - rpcbindUnixCIS Google Container-Optimized OS L1 Server v1.1.0
2.1.3 Set 'no ip bootp server'CiscoCIS Cisco IOS 16 L1 v2.0.0
2.1.3 Set 'no ip bootp server'CiscoCIS Cisco IOS 17 L1 v2.0.0
2.1.4 Ensure rsync service is not enabledUnixCIS Google Container-Optimized OS L1 Server v1.1.0
2.1.4 Set 'no service dhcp'CiscoCIS Cisco IOS 17 L1 v2.0.0
2.1.4 Set 'no service dhcp'CiscoCIS Cisco IOS 16 L1 v2.0.0
2.1.4 Set 'no service dhcp' - dhcp poolCiscoCIS Cisco IOS 17 L1 v2.0.0
2.1.4 Set 'no service dhcp' - dhcp poolCiscoCIS Cisco IOS 16 L1 v2.0.0
2.1.5 Set 'no ip identd'CiscoCIS Cisco IOS 16 L1 v2.0.0
2.1.5 Set 'no ip identd'CiscoCIS Cisco IOS 17 L1 v2.0.0
2.1.6 Set 'service tcp-keepalives-in'CiscoCIS Cisco IOS 16 L1 v2.0.0
2.1.6 Set 'service tcp-keepalives-in'CiscoCIS Cisco IOS 17 L1 v2.0.0
2.1.8 Set 'no service pad'CiscoCIS Cisco IOS 16 L1 v2.0.0
2.1.8 Set 'no service pad'CiscoCIS Cisco IOS 17 L1 v2.0.0
2.10 Disable Removable Volume ManagerUnixCIS Oracle Solaris 11.4 L1 v1.1.0
2.10 Ensure Unnecessary SQL Server Protocols are set to 'Disabled'WindowsCIS SQL Server 2016 Database L1 OS v1.4.0
2.10 Ensure Unnecessary SQL Server Protocols are set to 'Disabled'WindowsCIS SQL Server 2022 Database L1 OS v1.0.0
2.10 Ensure Unnecessary SQL Server Protocols are set to 'Disabled'WindowsCIS SQL Server 2019 Database L1 OS v1.3.0
2.10 Ensure Unnecessary SQL Server Protocols are set to 'Disabled'WindowsCIS SQL Server 2017 Database L1 OS v1.3.0
2.11 Disable automount ServiceUnixCIS Oracle Solaris 11.4 L1 v1.1.0
10.2 SN.2 Remove Support for Internet Services (inetd)UnixCIS Oracle Solaris 11.4 L2 v1.1.0
18.9.35.1 (L1) Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.35.1 Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1