800-53|CM-8

Title

INFORMATION SYSTEM COMPONENT INVENTORY

Description

The organization:

Supplemental

Organizations may choose to implement centralized information system component inventories that include components from all organizational information systems. In such situations, organizations ensure that the resulting inventories include system-specific information required for proper component accountability (e.g., information system association, information system owner). Information deemed necessary for effective accountability of information system components includes, for example, hardware inventory specifications, software license information, software version numbers, component owners, and for networked components or devices, machine names and network addresses. Inventory specifications include, for example, manufacturer, device type, model, serial number, and physical location.

Reference Item Details

Related: CM-2,CM-6,PM-5

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 9.6 OS v1.0.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 13 OS v1.1.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 14 OS v1.1.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 12 OS v1.1.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 10 OS v1.0.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 16 OS v1.0.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 9.5 OS v1.1.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 11 OS v1.0.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 15 OS v1.1.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 5 L1 DB v1.2.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 6 L1 DB v1.1.0
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmodUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmodUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobeUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobeUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.3.6.3 Set 'startup (minutes)' to '10 or more minute(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.5 Ensure noexec option set on /tmp partitionUnixCIS Google Container-Optimized OS L1 Server v1.1.0
1.1.7 Ensure noexec option set on /var partitionUnixCIS Google Container-Optimized OS L2 Server v1.1.0
1.1.9 Ensure noexec option set on /var/tmp partitionUnixCIS Debian 8 Server L1 v2.0.2
1.1.9 Ensure noexec option set on /var/tmp partitionUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.12 Ensure noexec option set on /dev/shm partitionUnixCIS Google Container-Optimized OS L1 Server v1.1.0
1.1.16 Ensure noexec option set on /dev/shm partitionUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.16 Ensure noexec option set on /dev/shm partitionUnixCIS Debian 8 Server L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitionsUnixCIS Debian 8 Server L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitionsUnixCIS Debian 8 Workstation L1 v2.0.2
1.2 Ensure Installation of Binary PackagesUnixCIS PostgreSQL 9.5 OS v1.1.0
1.2 Ensure Installation of Binary PackagesUnixCIS PostgreSQL 11 OS v1.0.0
1.2 Ensure Installation of Binary PackagesUnixCIS PostgreSQL 9.6 OS v1.0.0
1.2 Ensure Installation of Binary PackagesUnixCIS PostgreSQL 10 OS v1.0.0
1.2.4.7.6 Set 'Configure automatic updating' to '3 - Auto download and notify for install'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.15 Configure 'Turn off Automatic Download of updates'WindowsCIS Windows 8 L1 v1.0.0
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.4 L1 v2.1.0
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.4 L1 v2.1.0 Middleware
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.2 L1 v3.6.0
1.3 Ensure Apache Is Installed From the Appropriate BinariesUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
1.5 Installing ISC BIND 9 - bind9 installationUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
1.5 Installing ISC BIND 9 - bind9 installationUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
1.5 Installing ISC BIND 9 - named locationUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
1.5 Installing ISC BIND 9 - named locationUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
1.7 Audit Computer NameUnixCIS Apple macOS 10.14 v2.0.0 L2
1.8 Ensure Computer Name Does Not Contain PII or Protected Organizational InformationUnixCIS Apple macOS 10.15 v2.1.0 L2
1.8 Ensure Computer Name Does Not Contain PII or Protected Organizational InformationUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L2
1.8 Ensure Computer Name Does Not Contain PII or Protected Organizational InformationUnixCIS Apple macOS 10.15 Catalina v3.0.0 L2
1.8 Ensure Computer Name Does Not Contain PII or Protected Organizational InformationUnixCIS Apple macOS 12.0 Monterey v3.0.0 L2
1.11 Ensure 'User consent for applications' is set to 'Do not allow user consent'microsoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'microsoft_azureCIS Microsoft Azure Foundations v2.0.0 L2
1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
1.14 Ensure That 'Users Can Register Applications' Is Set to 'No'microsoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
18.10.15.4 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1