800-53|CM-7(2)

Title

PREVENT PROGRAM EXECUTION

Description

The information system prevents program execution in accordance with [Selection (one or more): [Assignment: organization-defined policies regarding software program usage and restrictions]; rules authorizing the terms and conditions of software program usage].

Reference Item Details

Related: CM-8,PM-5

Category: CONFIGURATION MANAGEMENT

Parent Title: LEAST FUNCTIONALITY

Family: CONFIGURATION MANAGEMENT

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 5 L1 DB v1.1.0
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmodUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmodUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobeUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobeUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.5 Ensure noexec option set on /tmp partitionUnixCIS Google Container-Optimized OS L1 Server v1.0.0
1.1.7 Ensure noexec option set on /dev/shm partition - fstabUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.7 Ensure noexec option set on /dev/shm partition - mountUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.8 Ensure nodev option set on /dev/shm partition - fstabUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.8 Ensure nodev option set on /dev/shm partition - mountUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.9 Ensure noexec option set on /var/tmp partitionUnixCIS Debian 8 Server L1 v2.0.2
1.1.9 Ensure noexec option set on /var/tmp partitionUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.9 Ensure nosuid option set on /dev/shm partition - fstabUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.9 Ensure nosuid option set on /dev/shm partition - mountUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.12 Ensure noexec option set on /dev/shm partitionUnixCIS Google Container-Optimized OS L1 Server v1.0.0
1.1.16 Ensure noexec option set on /dev/shm partitionUnixCIS Debian 8 Server L1 v2.0.2
1.1.16 Ensure noexec option set on /dev/shm partitionUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitionsUnixCIS Debian 8 Server L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitionsUnixCIS Debian 8 Workstation L1 v2.0.2
1.2.3.1.7 Configure 'Turn off Event Viewer 'Events.asp' links'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.2.2 Configure 'Do not process the run once list'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.2.3 Configure 'Do not process the legacy run list'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.9 Set 'Turn off Data Execution Prevention for Explorer' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.5.2 Ensure 'Modal Trust Decision Only' is set to DisabledWindowsCIS Microsoft Office Access 2016 v1.0.1
1.5.2 Ensure 'Modal Trust Decision Only' is set to DisabledWindowsCIS Microsoft Office Access 2013 v1.0.1
1.6.6.5 Ensure 'Run Programs' is set to Enabled (Disable (Don't Run Any Programs))WindowsCIS Microsoft Office PowerPoint 2013 v1.0.1
1.6.6.5 Ensure 'Run Programs' is set to Enabled (Disable (Don't Run Any Programs))WindowsCIS Microsoft Office PowerPoint 2016 v1.0.1
1.31 Set 'Turn off Data Execution Prevention' to 'Disabled'WindowsCIS MS Office Outlook 2010 v1.0.0
13.6 Ensure root PATH Integrity - dot or empty in pathUnixCIS Debian Linux 7 L1 v1.0.0
13.6 Ensure root PATH Integrity - other writable directories in patUnixCIS Debian Linux 7 L1 v1.0.0
18.3.5 Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.3.5 Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.16.4 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
18.9.16.4 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
18.9.16.4 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
18.9.16.4 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - Disable preview buildsWindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - Disable preview buildsWindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - EnabledWindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - EnabledWindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
18.9.103.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - Disable preview buildsWindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
18.9.103.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - Disable preview buildsWindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.9.103.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - Disable preview buildsWindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
18.9.103.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - EnabledWindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
18.9.103.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - EnabledWindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.9.103.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - EnabledWindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0