800-53|CM-7(5)

Title

AUTHORIZED SOFTWARE / WHITELISTING

Description

The organization:

Supplemental

The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting. In addition to whitelisting, organizations consider verifying the integrity of white-listed software programs using, for example, cryptographic checksums, digital signatures, or hash functions. Verification of white-listed software can occur either prior to execution or at system startup.

Reference Item Details

Related: CM-2,CM-6,CM-8,PM-5,SA-10,SC-34,SI-7

Category: CONFIGURATION MANAGEMENT

Parent Title: LEAST FUNCTIONALITY

Family: CONFIGURATION MANAGEMENT

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2012 Database L1 AWS RDS v1.6.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2014 Database L1 AWS RDS v1.5.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2012 Database L1 DB v1.6.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2014 Database L1 DB v1.5.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2008 R2 DB Engine L1 v1.7.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 3.4 Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 4 L1 DB v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 3.2 Database Audit L1 v1.0.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
1.2 Ensure End of Life JUNOS Devices are not usedJuniperCIS Juniper OS Benchmark v2.1.0 L1
1.2 Ensure the Image Profile VIB acceptance level is configured properlyUnixCIS VMware ESXi 6.7 v1.1.0 Level 1 Bare Metal
1.2 Ensure the Image Profile VIB acceptance level is configured properlyUnixCIS VMware ESXi 6.5 v1.0.0 Level 1 Bare Metal
1.2.2.2.1.4 Configure 'Turn off the Windows Messenger Customer Experience Improvement Program'WindowsCIS Windows 2003 MS v3.1.0
1.2.2.2.1.4 Configure 'Turn off the Windows Messenger Customer Experience Improvement Program'WindowsCIS Windows 2003 DC v3.1.0
1.2.2.2.1.5 Configure 'Turn off printing over HTTP'WindowsCIS Windows 2003 DC v3.1.0
1.2.2.2.1.5 Configure 'Turn off printing over HTTP'WindowsCIS Windows 2003 MS v3.1.0
1.2.3.1.5 Set 'Turn off the Windows Messenger Customer Experience Improvement Program' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.1.9 Set 'Turn off printing over HTTP' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.13 Configure 'Allow all trusted apps to install'WindowsCIS Windows 8 L1 v1.0.0
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.2 L1 v3.6.0
1.3 Ensure no unauthorized kernel modules are loaded on the hostUnixCIS VMware ESXi 6.5 v1.0.0 Level 1 Bare Metal
1.3.1 Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation'WindowsCIS Microsoft Office Enterprise v1.1.0 L1
1.3.1 Ensure AIDE is installedUnixCIS CentOS 6 Server L1 v2.1.0
1.3.1 Ensure AIDE is installedUnixCIS Debian 8 Server L1 v2.0.1
1.3.1 Ensure AIDE is installedUnixCIS SUSE Linux Enterprise Server 12 L1 v2.1.0
1.3.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 16.04 LTS Server L1 v1.1.0
1.3.1 Ensure AIDE is installedUnixCIS Red Hat 6 Server L1 v2.1.0
1.3.1 Ensure AIDE is installedUnixCIS Amazon Linux 2 v1.0.0 L1
1.3.1 Ensure AIDE is installedUnixCIS Oracle Linux 6 Server L1 v1.1.0
1.3.1 Ensure AIDE is installedUnixCIS Red Hat 6 Workstation L1 v2.1.0
1.3.1 Ensure AIDE is installedUnixCIS Debian 8 Workstation L1 v2.0.1
1.3.1 Ensure AIDE is installedUnixCIS CentOS 6 Workstation L1 v2.1.0
1.3.1 Ensure AIDE is installedUnixCIS Oracle Linux 6 Workstation L1 v1.1.0
1.3.1 Ensure AIDE is installedUnixCIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0
1.3.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.11 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L2
1.11.4 Turn off printing over HTTPWindowsCIS Windows 2008 Enterprise v1.2.0
1.11.4 Turn off printing over HTTPWindowsCIS Windows 2008 SSLF v1.2.0
1.11.6 Turn off the Windows Messenger Customer Experience Improvement ProgramWindowsCIS Windows 2008 Enterprise v1.2.0
1.11.6 Turn off the Windows Messenger Customer Experience Improvement ProgramWindowsCIS Windows 2008 SSLF v1.2.0
1.13.3.3.1.1 Ensure 'Configure Trusted Add-ins' to 'Disabled'WindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.3.3.1.1 Ensure 'Configure Trusted Add-ins' to 'Disabled'WindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.25 Ensure 'Allow features to download assets from the Asset Delivery Service' is set to 'Disabled'WindowsCIS Microsoft Edge L2 v2.0.0
1.26 Ensure 'Allow file selection dialogs' is set to 'Disabled'WindowsCIS Microsoft Edge L2 v2.0.0