800-53|CM-5(6)

Title

LIMIT LIBRARY PRIVILEGES

Description

The organization limits privileges to change software resident within software libraries.

Supplemental

Software libraries include privileged programs.

Reference Item Details

Related: AC-2

Category: CONFIGURATION MANAGEMENT

Parent Title: ACCESS RESTRICTIONS FOR CHANGE

Family: CONFIGURATION MANAGEMENT

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3 Protect Firefox BinariesUnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.4 Set permissions on local-settings.jsUnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.4 Set permissions on local-settings.js - AdministratorsWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.4 Set permissions on local-settings.js - UsersWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.5 Set permissions on mozilla.cfgUnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.5 Set permissions on mozilla.cfg - AdministratorsWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.5 Set permissions on mozilla.cfg - UsersWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
AADC-CL-001280 - Adobe Acrobat Pro DC Classic Default Handler changes must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-001280 - Adobe Acrobat Pro DC Continuous Default Handler changes must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-001280 - Adobe Acrobat Pro XI Default Handler changes must be disabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AIX7-00-001018 - All system files, programs, and directories must be owned by a system account.UnixDISA STIG AIX 7.x v2r9
AIX7-00-001019 - AIX device files and directories must only be writable by users with a system account or as configured by the vendor.UnixDISA STIG AIX 7.x v2r9
AIX7-00-002072 - AIX system files, programs, and directories must be group-owned by a system group.UnixDISA STIG AIX 7.x v2r9
AIX7-00-002088 - AIX library files must have mode 0755 or less permissive.UnixDISA STIG AIX 7.x v2r9
AIX7-00-003009 - All system command files must not have extended ACLs.UnixDISA STIG AIX 7.x v2r9
AIX7-00-003010 - All library files must not have extended ACLs.UnixDISA STIG AIX 7.x v2r9
AOSX-13-000240 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 11 v1r8
APPL-12-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 12 v1r7
APPL-13-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 13 v1r3
ARDC-CL-000050 - Adobe Reader DC must disable the ability to change the Default Handler.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000050 - Adobe Reader DC must disable the ability to change the Default Handler.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries.CiscoDISA STIG Cisco IOS XE Router NDM v2r8
CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries.CiscoDISA STIG Cisco IOS Router NDM v2r7
CISC-ND-000460 - The Cisco switch must be configured to limit privileges to change the software resident within software libraries.CiscoDISA STIG Cisco IOS Switch NDM v2r7
CISC-ND-000460 - The Cisco switch must be configured to limit privileges to change the software resident within software libraries.CiscoDISA STIG Cisco IOS XE Switch NDM v2r7
CNTR-K8-000850 - Kubernetes Kubelet must deny hostname override.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000860 - The Kubernetes manifests must be owned by root.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000880 - The Kubernetes KubeletConfiguration file must be owned by root.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000890 - The Kubernetes KubeletConfiguration files must have file permissions set to 644 or more restrictive.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000900 - The Kubernetes manifest files must have least privileges.UnixDISA STIG Kubernetes v1r11