Detections
Analytics

800-53|CM-7(5)

Title

AUTHORIZED SOFTWARE / WHITELISTING

Description

The organization:

Supplemental

The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting. In addition to whitelisting, organizations consider verifying the integrity of white-listed software programs using, for example, cryptographic checksums, digital signatures, or hash functions. Verification of white-listed software can occur either prior to execution or at system startup.

Reference Item Details

Related: CM-2,CM-6,CM-8,PM-5,SA-10,SC-34,SI-7

Category: CONFIGURATION MANAGEMENT

Parent Title: LEAST FUNCTIONALITY

Family: CONFIGURATION MANAGEMENT

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2012 Database L1 AWS RDS v1.6.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2014 Database L1 AWS RDS v1.5.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2012 Database L1 DB v1.6.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2014 Database L1 DB v1.5.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2008 R2 DB Engine L1 v1.7.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 3.4 Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 4 L1 DB v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 3.2 Database Audit L1 v1.0.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
1.1.1.1 (L1) Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation'WindowsCIS Microsoft Intune for Office v1.1.0 L1
1.2 Ensure End of Life JUNOS Devices are not usedJuniperCIS Juniper OS Benchmark v2.1.0 L1
1.2 Ensure the Image Profile VIB acceptance level is configured properlyUnixCIS VMware ESXi 6.5 v1.0.0 Level 1 Bare Metal
1.2.3.1.5 Set 'Turn off the Windows Messenger Customer Experience Improvement Program' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.1.9 Set 'Turn off printing over HTTP' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.13 Configure 'Allow all trusted apps to install'WindowsCIS Windows 8 L1 v1.0.0
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.2 L1 v3.6.0
1.3 Ensure no unauthorized kernel modules are loaded on the hostUnixCIS VMware ESXi 6.5 v1.0.0 Level 1 Bare Metal
1.3.1 Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.3.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.3.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.5 Installing ISC BIND 9 - bind9 installationUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
1.5 Installing ISC BIND 9 - bind9 installationUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
1.5 Installing ISC BIND 9 - named locationUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
1.5 Installing ISC BIND 9 - named locationUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
1.8 WN16-00-000090WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.8 WN16-00-000090WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.13.3.3.1.1 Ensure 'Configure Trusted Add-ins' to 'Disabled'WindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.3.3.1.1 Ensure 'Configure Trusted Add-ins' to 'Disabled'WindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.16 UBTU-24-100500UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.17 UBTU-24-100510UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.35 (L2) Ensure 'Allow features to download assets from the Asset Delivery Service' is set to 'Disabled'WindowsCIS Microsoft Edge v4.0.0 L2
1.78 (L1) Ensure 'Control communication with the Experimentation and Configuration Service' is set to 'Enabled: Disable communication with the Experimentation and Configuration Service'WindowsCIS Microsoft Edge v4.0.0 L1
1.108 WN16-CC-000170WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.108 WN16-CC-000170WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.109 WN19-CC-000160WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.109 WN19-CC-000160WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.109 WN22-CC-000160WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.109 WN22-CC-000160WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.125 WN10-CC-000110WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.310 RHEL-09-433010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.311 RHEL-09-433015UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.322 OL08-00-040135UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.323 OL08-00-040136UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.324 OL08-00-040137UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II