800-53|CM-7(4)

Title

UNAUTHORIZED SOFTWARE / BLACKLISTING

Description

The organization:

Supplemental

The process used to identify software programs that are not authorized to execute on organizational information systems is commonly referred to as blacklisting. Organizations can implement CM-7(5) instead of this control enhancement if whitelisting (the stronger of the two policies) is the preferred approach for restricting software program execution.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: CM-6,CM-8,PM-5

Category: CONFIGURATION MANAGEMENT

Parent Title: LEAST FUNCTIONALITY

Family: CONFIGURATION MANAGEMENT

Baseline Impact: MODERATE

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.19 Disable Automounting	Unix	CIS Aliyun Linux 2 L1 v1.0.0
1.1.21 Disable Automounting	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.1.21 Disable Automounting	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.1.23 Disable Automounting	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
1.1.23 Disable Automounting	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.2.4.10 Configure 'Turn off the Store application'	Windows	CIS Windows 8 L1 v1.0.0
1.5 Remove all non-essential services from the host - running processes	Unix	CIS Docker 1.6 v1.0.0 L1 Linux
1.5.3 Ensure prelink is disabled	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.5.3 Ensure prelink is disabled	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.5.4 Ensure prelink is disabled	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.5.4 Ensure prelink is disabled	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.8.1 Ensure GNOME Display Manager is removed	Unix	CIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
1.11 Do not root your device	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.12 Do not root your device	MDM	MobileIron - CIS Google Android 7 v1.0.0 L1
2.1.2 Ensure X Window System is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.1.3 Ensure Avahi Server is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.1.3 Ensure Avahi Server is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.1.4 Ensure CUPS is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
2.1.4 Ensure CUPS is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.1.5 Ensure DHCP Server is not installed - isc-dhcp-server	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.1.5 Ensure DHCP Server is not installed - isc-dhcp-server	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.1.6 Ensure LDAP server is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.1.6 Ensure LDAP server is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.1.7 Ensure NFS is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.1.7 Ensure NFS is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.1.8 Ensure DNS Server is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.1.8 Ensure DNS Server is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.1.9 Ensure FTP Server is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.1.9 Ensure FTP Server is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.1.10 Ensure HTTP server is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.1.10 Ensure HTTP server is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.1.11 Ensure IMAP and POP3 server are not installed - dovecot-imapd	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.1.11 Ensure IMAP and POP3 server are not installed - dovecot-imapd	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.1.11 Ensure IMAP and POP3 server are not installed - dovecot-pop3d	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.1.11 Ensure IMAP and POP3 server are not installed - dovecot-pop3d	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.1.11 Ensure openbsd-inetd is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
2.1.11 Ensure openbsd-inetd is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
2.1.12 Ensure Samba is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.1.12 Ensure Samba is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.1.13 Ensure HTTP Proxy Server is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.1.13 Ensure HTTP Proxy Server is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.1.16 Ensure rsync service is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.1.16 Ensure rsync service is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.1.17 Ensure NIS Server is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.1.17 Ensure NIS Server is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.2.1 Ensure NIS Client is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.2.1 Ensure NIS Client is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.2.2 Ensure rsh client is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
2.2.2 Ensure rsh client is not installed	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
2.2.2 Ensure X Window System is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0

Detections

Analytics