Theme

800-53|CM-10

Title

SOFTWARE USAGE RESTRICTIONS

Description

The organization:

Supplemental

Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-17,CM-8,SC-7

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Priority: P2

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1 Ensure the appropriate MongoDB software version/patches are installed	MongoDB	CIS MongoDB 5 L1 DB v1.1.0
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.3.4.5 Configure 'Devices: Prevent users from installing printer drivers'	Windows	CIS Windows 8 L1 v1.0.0
1.1.5 Ensure noexec option set on /tmp partition	Unix	CIS Google Container-Optimized OS L1 Server v1.0.0
1.1.7 Ensure noexec option set on /var partition	Unix	CIS Google Container-Optimized OS L2 Server v1.0.0
1.1.9 Ensure noexec option set on /var/tmp partition	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.9 Ensure noexec option set on /var/tmp partition	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.12 Ensure noexec option set on /dev/shm partition	Unix	CIS Google Container-Optimized OS L1 Server v1.0.0
1.1.16 Ensure noexec option set on /dev/shm partition	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.16 Ensure noexec option set on /dev/shm partition	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.3.1 Ensure 'Allow read access via the File System API on these sites' is set to 'Disabled'	Windows	CIS Microsoft Edge L2 v1.1.0
1.3.4 Ensure 'Control use of JavaScript JIT' is set to 'Disabled'	Windows	CIS Microsoft Edge L2 v1.1.0
1.3.5 Ensure 'Control use of the File System API for reading' is set to 'Enabled: Don't allow any site to request read access to files and directories'	Windows	CIS Microsoft Edge L2 v1.1.0
1.3.6 Ensure 'Control use of the File System API for writing' is set to 'Enabled: Don't allow any site to request write access to files and directories'	Windows	CIS Microsoft Edge L1 v1.1.0
1.3.7 Ensure 'Control use of the Web Bluetooth API' is set to 'Enabled: Do not allow any site to request access to Bluetooth'	Windows	CIS Microsoft Edge L2 v1.1.0
1.3.8 Ensure 'Control use of the WebHID API' is set to 'Enabled: Do not allow any site to request access to HID devices via the WebHID API'	Windows	CIS Microsoft Edge L2 v1.1.0
1.5.1 Ensure 'Configure users ability to override feature flags' is set to 'Enabled: Prevent users from overriding feature flags'	Windows	CIS Microsoft Edge L1 v1.1.0
1.6.1 Ensure 'Configure extension management settings' is set to 'Enabled: *'	Windows	CIS Microsoft Edge L2 v1.1.0
1.11 Ensure That 'Users Can Consent to Apps Accessing Company Data on Their Behalf' Is Set To 'Allow for Verified Publishers'	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L2
1.12 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.14 Ensure That 'Users Can Register Applications' Is Set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.14.1 Ensure 'Enable startup boost' is set to 'Disabled'	Windows	CIS Microsoft Edge L1 v1.1.0
1.25 Ensure 'Allow features to download assets from the Asset Delivery Service' is set to 'Disabled'	Windows	CIS Microsoft Edge L2 v1.1.0
1.26 Ensure 'Allow file selection dialog' is set to 'Disabled'	Windows	CIS Microsoft Edge L2 v1.1.0
1.34 Ensure 'Allow managed extensions to use the Enterprise Hardware Platform API' is set to 'Disabled'	Windows	CIS Microsoft Edge L1 v1.1.0
1.40 Ensure 'Allow remote debugging' is set to 'Disabled'	Windows	CIS Microsoft Edge L1 v1.1.0
1.43 Ensure 'Allow unconfigured sites to be reloaded in Internet Explorer mode' is set to 'Disabled'	Windows	CIS Microsoft Edge L2 v1.1.0
1.49 Ensure 'AutoLaunch Protocols Component Enabled' is set to 'Disabled'	Windows	CIS Microsoft Edge L2 v1.1.0
1.65 Ensure 'Control communication with the Experimentation and Configuration Service' is set to 'Enabled: Disable communication with the Experimentation and Configuration Service'	Windows	CIS Microsoft Edge L1 v1.1.0
1.67 Ensure 'Control use of the Serial API' is set to 'Enable: Do not allow any site to request access to serial ports via the Serial API'	Windows	CIS Microsoft Edge L2 v1.1.0
1.76 Ensure 'Enable browser legacy extension point blocking' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.1.0
1.107 Ensure 'Show the Reload in Internet Explorer mode button in the toolbar' is set to 'Disabled'	Windows	CIS Microsoft Edge L1 v1.1.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 MS L1 v2.6.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 DC L1 v1.3.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v1.0.0 L1 MS
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v1.0.0 L1 DC
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Windows Server 2012 DC L1 v2.4.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0