800-53|CM-8(3)

Title

AUTOMATED UNAUTHORIZED COMPONENT DETECTION

Description

The organization:

Supplemental

This control enhancement is applied in addition to the monitoring for unauthorized remote connections and mobile devices. Monitoring for unauthorized system components may be accomplished on an ongoing basis or by the periodic scanning of systems for that purpose. Automated mechanisms can be implemented within information systems or in other separate devices. Isolation can be achieved, for example, by placing unauthorized information system components in separate domains or subnets or otherwise quarantining such components. This type of component isolation is commonly referred to as sandboxing.

Reference Item Details

Related: AC-17,AC-18,AC-19,CA-7,RA-5,SI-3,SI-4,SI-7

Category: CONFIGURATION MANAGEMENT

Parent Title: INFORMATION SYSTEM COMPONENT INVENTORY

Family: CONFIGURATION MANAGEMENT

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 5 L1 DB v1.1.0
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmodUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmodUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobeUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobeUnixCIS Debian 8 Server L1 v2.0.2
1.1.5 Ensure noexec option set on /tmp partitionUnixCIS Google Container-Optimized OS L1 Server v1.0.0
1.1.7 Ensure noexec option set on /var partitionUnixCIS Google Container-Optimized OS L2 Server v1.0.0
1.1.9 Ensure noexec option set on /var/tmp partitionUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.9 Ensure noexec option set on /var/tmp partitionUnixCIS Debian 8 Server L1 v2.0.2
1.1.12 Ensure noexec option set on /dev/shm partitionUnixCIS Google Container-Optimized OS L1 Server v1.0.0
1.1.16 Ensure noexec option set on /dev/shm partitionUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.16 Ensure noexec option set on /dev/shm partitionUnixCIS Debian 8 Server L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitionsUnixCIS Debian 8 Server L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitionsUnixCIS Debian 8 Workstation L1 v2.0.2
1.11 Ensure That 'Users Can Consent to Apps Accessing Company Data on Their Behalf' Is Set To 'Allow for Verified Publishers'microsoft_azureCIS Microsoft Azure Foundations v1.5.0 L2
1.12 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.5.0 L1
1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.5.0 L1
1.14 Ensure That 'Users Can Register Applications' Is Set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.5.0 L1
2.1.2 Ensure X Window System is not installedUnixCIS Google Container-Optimized OS L1 Server v1.0.0
2.5.4 Audit Location Services AccessUnixCIS Apple macOS 11 v2.1.0 L2
2.5.4 Audit Location Services AccessUnixCIS Apple macOS 10.15 v2.1.0 L2
2.5.4 Audit Location Services AccessUnixCIS Apple macOS 10.14 v2.0.0 L2
2.5.4 Audit Location Services AccessUnixCIS Apple macOS 12.0 Monterey v1.1.0 L2
2.6.1.1 Audit iCloud ConfigurationUnixCIS Apple macOS 10.14 v2.0.0 L2
5.1.2 Ensure System Integrity Protection Status (SIP) Is EnabledUnixCIS Apple macOS 12.0 Monterey v1.1.0 L1
18.9.16.4 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
18.9.16.4 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
18.9.16.4 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
18.9.16.4 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
18.9.16.4 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
18.9.16.4 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
18.9.16.4 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
18.9.16.4 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
18.9.17.8 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 MS
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - Disable preview buildsWindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - Disable preview buildsWindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - EnabledWindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
18.9.102.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - EnabledWindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
18.9.103.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - Disable preview buildsWindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
18.9.103.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - Disable preview buildsWindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
18.9.103.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - EnabledWindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
18.9.103.1.1 Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' - EnabledWindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
20.70 Ensure 'Windows PowerShell 2.0' is 'not installed'WindowsCIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
20.70 Ensure 'Windows PowerShell 2.0' is 'not installed'WindowsCIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
20.74 Ensure 'Windows PowerShell 2.0' is 'not installed'WindowsCIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
20.74 Ensure 'Windows PowerShell 2.0' is 'not installed'WindowsCIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0