800-53|CM-6

Title

CONFIGURATION SETTINGS

Description

The organization:

Supplemental

Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the information system that affect the security posture and/or functionality of the system. Information technology products for which security-related configuration settings can be defined include, for example, mainframe computers, servers (e.g., database, electronic mail, authentication, web, proxy, file, domain name), workstations, input/output devices (e.g., scanners, copiers, and printers), network components (e.g., firewalls, routers, gateways, voice and data switches, wireless access points, network appliances, sensors), operating systems, middleware, and applications. Security-related parameters are those parameters impacting the security state of information systems including the parameters required to satisfy other security control requirements. Security-related parameters include, for example: (i) registry settings; (ii) account, file, directory permission settings; and (iii) settings for functions, ports, protocols, services, and remote connections. Organizations establish organization-wide configuration settings and subsequently derive specific settings for information systems. The established settings become part of the systems configuration baseline. Common secure configurations (also referred to as security configuration checklists, lockdown and hardening guides, security reference guides, security technical implementation guides) provide recognized, standardized, and established benchmarks that stipulate secure configuration settings for specific information technology platforms/products and instructions for configuring those information system components to meet operational requirements. Common secure configurations can be developed by a variety of organizations including, for example, information technology product developers, manufacturers, vendors, consortia, academia, industry, federal agencies, and other organizations in the public and private sectors. Common secure configurations include the United States Government Configuration Baseline (USGCB) which affects the implementation of CM-6 and other controls such as AC-19 and CM-7. The Security Content Automation Protocol (SCAP) and the defined standards within the protocol (e.g., Common Configuration Enumeration) provide an effective method to uniquely identify, track, and control configuration settings. OMB establishes federal policy on configuration requirements for federal information systems.

Reference Item Details

Related: AC-19,CM-2,CM-3,CM-7,SI-4

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
1.1 JBoss Enterprise Application Platform should be a vendor supported versionUnixRedhat JBoss EAP 5.x
1.1.1 Create Separate Partition for /tmpUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.1 Ensure 'Ads setting for sites with intrusive ads' is set to 'Enabled: Block ads on sites with intrusive ads'WindowsCIS Microsoft Edge L1 v1.0.1
1.1.1 Ensure 'Login Banner' is setPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.1.1 Ensure /tmp is configuredUnixCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
1.1.1 Ensure mounting of squashfs filesystems is disabled - lsmodUnixCIS Aliyun Linux 2 L1 v1.0.0
1.1.1 Ensure mounting of squashfs filesystems is disabled - modprobeUnixCIS Aliyun Linux 2 L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - blacklistUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - blacklistUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Ubuntu Linux 18.04 LXD Host L1 LXD v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Oracle Linux 8 Workstation L1 v1.0.1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Oracle Linux 8 Server L1 v1.0.1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS CentOS 7 v3.1.2 Workstation L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Debian Family Workstation L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Fedora 28 Family Linux Workstation L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Amazon Linux 2 v2.0.0 L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Ubuntu Linux 20.04 LTS Workstation L1 v1.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Ubuntu Linux 20.04 LTS Server L1 v1.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Oracle Linux 7 Workstation L1 v3.1.1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Red Hat EL7 Server L1 v3.1.1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Red Hat EL7 Workstation L1 v3.1.1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Debian Family Server L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Amazon Linux 2 STIG v1.0.0 L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS CentOS 7 v3.1.2 Server L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Oracle Linux 7 Server L1 v3.1.1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Distribution Independent Linux Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Fedora 28 Family Linux Server L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Amazon Linux 2 v2.0.0 L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Ubuntu Linux 18.04 LXD Host L1 LXD v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Oracle Linux 8 Workstation L1 v1.0.1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Amazon Linux 2 STIG v1.0.0 L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation