800-53|CM-7(5)

Title

AUTHORIZED SOFTWARE / WHITELISTING

Description

The organization:

Supplemental

The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting. In addition to whitelisting, organizations consider verifying the integrity of white-listed software programs using, for example, cryptographic checksums, digital signatures, or hash functions. Verification of white-listed software can occur either prior to execution or at system startup.

Reference Item Details

Related: CM-2,CM-6,CM-8,PM-5,SA-10,SC-34,SI-7

Category: CONFIGURATION MANAGEMENT

Parent Title: LEAST FUNCTIONALITY

Family: CONFIGURATION MANAGEMENT

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 3.2 Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 3.4 Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 4 L1 DB v1.0.0
1.2 Ensure End of Life JUNOS Devices are not usedJuniperCIS Juniper OS Benchmark v2.1.0 L1
1.2 Ensure the Image Profile VIB acceptance level is configured properlyUnixCIS VMware ESXi 6.5 v1.0.0 Level 1 Bare Metal
1.2.3.1.5 Set 'Turn off the Windows Messenger Customer Experience Improvement Program' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.1.9 Set 'Turn off printing over HTTP' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.13 Configure 'Allow all trusted apps to install'WindowsCIS Windows 8 L1 v1.0.0
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.4 L1 v2.0.0
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.4 L1 v2.0.0 Middleware
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.2 L1 v3.6.0
1.3 Ensure no unauthorized kernel modules are loaded on the hostUnixCIS VMware ESXi 6.5 v1.0.0 Level 1 Bare Metal
1.3.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.3.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.3.1 Ensure AIDE is installed - aideUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.3.1 Ensure AIDE is installed - aideUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.3.1 Ensure AIDE is installed - aide-commonUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.3.1 Ensure AIDE is installed - aide-commonUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.5 Installing ISC BIND 9 - bind9 installationUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
1.5 Installing ISC BIND 9 - bind9 installationUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
1.5 Installing ISC BIND 9 - named locationUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
1.5 Installing ISC BIND 9 - named locationUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
1.11 Ensure That 'Users Can Consent to Apps Accessing Company Data on Their Behalf' Is Set To 'Allow for Verified Publishers'microsoft_azureCIS Microsoft Azure Foundations v1.5.0 L2
1.13.3.3.1.1 Ensure 'Configure Trusted Add-ins' to 'Disabled'WindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.3.3.1.1 Ensure 'Configure Trusted Add-ins' to 'Disabled'WindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.25 Ensure 'Allow features to download assets from the Asset Delivery Service' is set to 'Disabled'WindowsCIS Microsoft Edge L2 v1.1.0
1.26 Ensure 'Allow file selection dialog' is set to 'Disabled'WindowsCIS Microsoft Edge L2 v1.1.0
1.65 Ensure 'Control communication with the Experimentation and Configuration Service' is set to 'Enabled: Disable communication with the Experimentation and Configuration Service'WindowsCIS Microsoft Edge L1 v1.1.0
12.1 Ensure the AppArmor Framework Is EnabledUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
12.1 Ensure the AppArmor Framework Is EnabledUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
12.1 Ensure the AppArmor Framework Is EnabledUnixCIS Apache HTTP Server 2.4 L2 v2.0.0
12.1 Ensure the AppArmor Framework Is EnabledUnixCIS Apache HTTP Server 2.4 L2 v2.0.0 Middleware
12.3 Ensure Apache AppArmor Profile is in Enforce ModeUnixCIS Apache HTTP Server 2.4 L2 v2.0.0 Middleware
12.3 Ensure Apache AppArmor Profile is in Enforce ModeUnixCIS Apache HTTP Server 2.4 L2 v2.0.0
12.3 Ensure the Apache AppArmor Profile Is in Enforce ModeUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
12.3 Ensure the Apache AppArmor Profile Is in Enforce ModeUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 DC L1 v1.3.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 MS L1 v2.6.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 MS
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 DC
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Windows Server 2012 DC L1 v2.4.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0