800-53|CM-5(6)

Title

LIMIT LIBRARY PRIVILEGES

Description

The organization limits privileges to change software resident within software libraries.

Supplemental

Software libraries include privileged programs.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-2

Category: CONFIGURATION MANAGEMENT

Parent Title: ACCESS RESTRICTIONS FOR CHANGE

Family: CONFIGURATION MANAGEMENT

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2 Set permissions on local-settings.js	Unix	CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
1.3 Protect Firefox Binaries	Unix	CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.4 Set permissions on local-settings.js	Unix	CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.4 Set permissions on local-settings.js - Administrators	Windows	CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.4 Set permissions on local-settings.js - Users	Windows	CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.4 Set permissions on mozilla.cfg	Unix	CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
1.5 Protect Firefox Binaries	Unix	CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
1.5 Set permissions on mozilla.cfg	Unix	CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.5 Set permissions on mozilla.cfg - Administrators	Windows	CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.5 Set permissions on mozilla.cfg - Users	Windows	CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
AADC-CL-001280 - Adobe Acrobat Pro DC Classic Default Handler changes must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Classic Track v1r3
AADC-CL-001280 - Adobe Acrobat Pro DC Classic Default Handler changes must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-001280 - Adobe Acrobat Pro DC Continuous Default Handler changes must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
AADC-CN-001280 - Adobe Acrobat Pro DC Continuous Default Handler changes must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Continuous Track v1r2
ADBP-XI-001280 - Adobe Acrobat Pro XI Default Handler changes must be disabled.	Windows	DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AIX7-00-001018 - All system files, programs, and directories must be owned by a system account.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-001019 - AIX device files and directories must only be writable by users with a system account or as configured by the vendor - Type B	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-001019 - AIX device files and directories must only be writable by users with a system account or as configured by the vendor - Type B	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-001019 - AIX device files and directories must only be writable by users with a system account or as configured by the vendor - Type C	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-001019 - AIX device files and directories must only be writable by users with a system account or as configured by the vendor - Type C	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-001019 - AIX device files and directories must only be writable by users with a system account or as configured by the vendor.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-002072 - AIX system files, programs, and directories must be group-owned by a system group.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-002088 - AIX library files must have mode 0755 or less permissive.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-003009 - All system command files must not have extended ACLs.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-003010 - All library files must not have extended ACLs.	Unix	DISA STIG AIX 7.x v2r9
AOSX-13-000240 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple Mac OSX 10.14 v2r4
AOSX-14-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple Mac OSX 10.14 v2r1
AOSX-14-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple Mac OSX 10.14 v2r5
AOSX-15-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-12-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple macOS 12 v1r8
APPL-13-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-14-005001 - The macOS system must ensure System Integrity Protection is enabled.	Unix	DISA Apple macOS 14 (Sonoma) STIG v1r2
ARDC-CL-000050 - Adobe Reader DC must disable the ability to change the Default Handler.	Windows	DISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CL-000050 - Adobe Reader DC must disable the ability to change the Default Handler.	Windows	DISA STIG Adobe Acrobat Reader DC Classic Track v1r5
ARDC-CN-000050 - Adobe Reader DC must disable the ability to change the Default Handler.	Windows	DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
ARDC-CN-000050 - Adobe Reader DC must disable the ability to change the Default Handler.	Windows	DISA STIG Adobe Acrobat Reader DC Continuous Track v1r6
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries.	Cisco	DISA STIG Cisco IOS Router NDM v2r8

Detections

Analytics