800-53|CM-10

Title

SOFTWARE USAGE RESTRICTIONS

Description

The organization:

Supplemental

Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-17,CM-8,SC-7

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Priority: P2

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1 Ensure the appropriate MongoDB software version/patches are installed	MongoDB	CIS MongoDB 5 L1 DB v1.2.0
1.1 Ensure the appropriate MongoDB software version/patches are installed	Windows	CIS MongoDB 6 v1.2.0 L1 MongoDB
1.1 Ensure the appropriate MongoDB software version/patches are installed	Unix	CIS MongoDB 6 v1.2.0 L1 MongoDB
1.1 Ensure the appropriate MongoDB software version/patches are installed	Unix	CIS MongoDB 7 v1.2.0 L1 Unix
1.1 Ensure the appropriate MongoDB software version/patches are installed	Windows	CIS MongoDB 8 v1.0.0 L1 Windows
1.1 Ensure the appropriate MongoDB software version/patches are installed	Windows	CIS MongoDB 7 v1.2.0 L1 Windows
1.1 Ensure the appropriate MongoDB software version/patches are installed	Unix	CIS MongoDB 8 v1.0.0 L1 Unix
1.1.1.1 (L1) Ensure 'Allow add-on installs from websites' is set to 'Disabled'	Windows	CIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.1.1 (L1) Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation'	Windows	CIS Microsoft Intune for Office v1.1.0 L1
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.2.11.3 Ensure noexec option set on removable media partitions	Unix	CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Server
1.1.2.11.3 Ensure noexec option set on removable media partitions	Unix	CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG
1.1.2.11.3 Ensure noexec option set on removable media partitions	Unix	CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Workstation
1.1.3.4.5 Configure 'Devices: Prevent users from installing printer drivers'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.1.1 Ensure 'Add-on Management' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
1.1.4.1.2 Ensure 'Bind to object' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
1.1.4.1.5 Ensure 'Information Bar' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
1.1.4.1.11 Ensure 'Restrict ActiveX Install' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
1.1.4.1.14 Ensure 'Scripted Window Security Restrictions' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
1.1.5 Ensure noexec option set on /tmp partition	Unix	CIS Google Container-Optimized OS v1.2.0 L1 Server
1.1.7 Ensure noexec option set on /var partition	Unix	CIS Google Container-Optimized OS v1.2.0 L2 Server
1.1.9 Ensure noexec option set on /var/tmp partition	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.9 Ensure noexec option set on /var/tmp partition	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.12 Ensure noexec option set on /dev/shm partition	Unix	CIS Google Container-Optimized OS v1.2.0 L1 Server
1.1.12.1 (L1) Ensure 'Activate Flash on websites' is set to 'Disabled'	Windows	CIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.16 Ensure noexec option set on /dev/shm partition	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.16 Ensure noexec option set on /dev/shm partition	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.18.7 (L1) Ensure 'extensions.blocklist.enabled' is set to 'Enabled'	Windows	CIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.23.1 (L1) Ensure 'Extension Recommendations' is set to 'Disabled'	Windows	CIS Mozilla Firefox ESR GPO v1.0.0 L1
1.2.1 (L2) Ensure 'AllowedExtensions' is configured	Windows	CIS Visual Studio Code GPO v1.0.0 L2
1.2.5.1.1 (L1) Ensure 'Add-on Management' is set to 'Enabled'	Windows	CIS Microsoft Intune for Office v1.1.0 L1
1.2.5.1.2 (L1) Ensure 'Bind to object' is set to 'Enabled'	Windows	CIS Microsoft Intune for Office v1.1.0 L1
1.2.5.1.5 (L1) Ensure 'Information Bar' is set to 'Enabled'	Windows	CIS Microsoft Intune for Office v1.1.0 L1
1.2.5.1.11 (L1) Ensure 'Restrict ActiveX Install' is set to 'Enabled'	Windows	CIS Microsoft Intune for Office v1.1.0 L1
1.2.5.1.14 (L1) Ensure 'Scripted Window Security Restrictions' is set to 'Enabled'	Windows	CIS Microsoft Intune for Office v1.1.0 L1
1.3.1 Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
1.4.1 (L2) Ensure 'Allow read access via the File System API on these sites' is set to 'Disabled'	Windows	CIS Microsoft Edge v4.0.0 L2
1.4.4 (L2) Ensure 'Control use of JavaScript JIT' is set to 'Enabled: Do not allow any site to run JavaScript JIT'	Windows	CIS Microsoft Edge v4.0.0 L2
1.4.5 (L2) Ensure 'Control use of the File System API for reading' is set to 'Enabled: Don't allow any site to request read access to files and directories via the File System API'	Windows	CIS Microsoft Edge v4.0.0 L2
1.4.6 (L1) Ensure 'Control use of the File System API for writing' is set to 'Enabled: Don't allow any site to request write access to files and directories'	Windows	CIS Microsoft Edge v4.0.0 L1
1.10.1 (L1) Ensure 'Blocks external extensions from being installed' is set to 'Enabled'	Windows	CIS Microsoft Edge v4.0.0 L1
1.10.2 (L2) Ensure 'Configure extension management settings' is set to 'Enabled: { '*': {'installation_mode': 'blocked' }}'	Windows	CIS Microsoft Edge v4.0.0 L2
1.35 (L2) Ensure 'Allow features to download assets from the Asset Delivery Service' is set to 'Disabled'	Windows	CIS Microsoft Edge v4.0.0 L2
1.108 (L1) Ensure 'Enable upload files from mobile in Microsoft Edge desktop' is set to 'Disabled'	Windows	CIS Microsoft Edge v4.0.0 L1
1.127 (L1) Ensure 'Show the Reload in Internet Explorer mode button in the toolbar' is set to 'Disabled'	Windows	CIS Microsoft Edge v4.0.0 L1

Detections

Analytics