Detections
Analytics

800-53|CM-5

Title

ACCESS RESTRICTIONS FOR CHANGE

Description

The organization defines, documents, approves, and enforces physical and logical access restrictions associated with changes to the information system.

Supplemental

Any changes to the hardware, software, and/or firmware components of information systems can potentially have significant effects on the overall security of the systems. Therefore, organizations permit only qualified and authorized individuals to access information systems for purposes of initiating changes, including upgrades and modifications. Organizations maintain records of access to ensure that configuration change control is implemented and to support after-the-fact actions should organizations discover any unauthorized changes. Access restrictions for change also include software libraries. Access restrictions include, for example, physical and logical access controls (see AC-3 and PE-3), workflow automation, media libraries, abstract layers (e.g., changes implemented into third-party interfaces rather than directly into information systems), and change windows (e.g., changes occur only during specified times, making unauthorized changes easy to discover).

Reference Item Details

Related: AC-3,AC-6,PE-3

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2 Set permissions on local-settings.jsUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
1.2 Set permissions on local-settings.jsWindowsCIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
1.2.1.2 Ensure gpgcheck is configuredUnixCIS Rocky Linux 8 v3.0.0 L1 Server
1.2.1.2 Ensure gpgcheck is configuredUnixCIS AlmaLinux OS 10 v1.0.0 L1 Workstation
1.2.1.2 Ensure gpgcheck is configuredUnixCIS AlmaLinux OS 8 v4.0.0 L1 Workstation
1.2.1.2 Ensure gpgcheck is configuredUnixCIS Rocky Linux 10 v1.0.0 L1 Workstation
1.2.1.2 Ensure gpgcheck is configuredUnixCIS Oracle Linux 8 v4.0.0 L1 Workstation
1.2.1.2 Ensure gpgcheck is configuredUnixCIS Red Hat Enterprise Linux 10 v1.0.1 L1 Server
1.2.1.2 Ensure gpgcheck is configuredUnixCIS Red Hat Enterprise Linux 10 v1.0.1 L1 Workstation
1.2.1.2 Ensure gpgcheck is configuredUnixCIS Oracle Linux 10 v1.0.0 L1 Workstation
1.2.1.2 Ensure gpgcheck is configuredUnixCIS AlmaLinux OS 8 v4.0.0 L1 Server
1.2.1.2 Ensure gpgcheck is configuredUnixCIS Red Hat Enterprise Linux 8 v4.0.0 L1 Server
1.2.1.2 Ensure gpgcheck is configuredUnixCIS Red Hat Enterprise Linux 8 v4.0.0 L1 Workstation
1.2.1.2 Ensure gpgcheck is configuredUnixCIS Rocky Linux 10 v1.0.0 L1 Server
1.2.1.2 Ensure gpgcheck is configuredUnixCIS Oracle Linux 10 v1.0.0 L1 Server
1.2.1.2 Ensure gpgcheck is configuredUnixCIS Rocky Linux 8 v3.0.0 L1 Workstation
1.2.1.2 Ensure gpgcheck is configuredUnixCIS Oracle Linux 8 v4.0.0 L1 Server
1.2.1.2 Ensure gpgcheck is configuredUnixCIS AlmaLinux OS 10 v1.0.0 L1 Server
1.2.1.5 Ensure DNF is configured to perform a signature check on local packagesUnixCIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG
1.2.1.6 Ensure cryptographic verification of vendor software packagesUnixCIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG
1.2.3 Ensure gpgcheck is globally activatedUnixCIS Amazon Linux 2 STIG v2.0.0 STIG
1.2.3 Ensure gpgcheck is globally activatedUnixCIS Amazon Linux 2 STIG v2.0.0 L1 Workstation
1.2.3 Ensure gpgcheck is globally activatedUnixCIS Amazon Linux 2 STIG v2.0.0 L1 Server
1.2.3 Ensure gpgcheck is globally activated - CA that is recognized and approved by the organization.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.2.4 Ensure software packages have been digitally signed by a Certificate Authority (CA)UnixCIS Amazon Linux 2 STIG v2.0.0 STIG
1.2.6 Ensure software packages have been digitally signed by a Certificate Authority (CA) - CA that is recognized and approved by the organization.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.13 UBTU-24-100400UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.14 UBTU-24-100410UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.18 UBTU-22-232015UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.19 UBTU-22-232020UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.23 RHEL-09-213020UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.24 APPL-14-000100UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.27 UBTU-22-232050UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.28 UBTU-22-232055UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.108 RHEL-09-232010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.109 RHEL-09-232015UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.110 RHEL-09-232020UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.119 UBTU-22-653010UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.120 UBTU-22-653015UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.139 APPL-14-005001UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT I
1.146 RHEL-09-232190UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.147 RHEL-09-232195UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.148 RHEL-09-232200UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.149 RHEL-09-232205UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.150 RHEL-09-232210UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.151 RHEL-09-232215UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.229 OL08-00-030180UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.229 RHEL-09-255135UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.230 OL08-00-030181UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.230 RHEL-09-255140UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II