800-53|SA-22

Title

UNSUPPORTED SYSTEM COMPONENTS

Description

The organization:

Supplemental

Support for information system components includes, for example, software patches, firmware updates, replacement parts, and maintenance contracts. Unsupported components (e.g., when vendors are no longer providing critical software patches), provide a substantial opportunity for adversaries to exploit new weaknesses discovered in the currently installed components. Exceptions to replacing unsupported system components may include, for example, systems that provide critical mission/business capability where newer technologies are not available or where the systems are so isolated that installing replacement components is not an option.

Reference Item Details

Related: PL-2,SA-3

Category: SYSTEM AND SERVICES ACQUISITION

Family: SYSTEM AND SERVICES ACQUISITION

Priority: P0

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 (L1) Host hardware must have auditable, authentic, and up to date system and device firmwareVMwareCIS VMware ESXi 8.0 v1.1.0 L1
1.1 Ensure Latest SQL Server Cumulative and Security Updates are InstalledMS_SQLDBCIS SQL Server 2017 Database L1 DB v1.3.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are InstalledMS_SQLDBCIS SQL Server 2017 Database L1 AWS RDS v1.3.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are InstalledMS_SQLDBCIS SQL Server 2019 Database L1 DB v1.3.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are InstalledMS_SQLDBCIS SQL Server 2019 Database L1 AWS RDS v1.3.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are InstalledMS_SQLDBCIS SQL Server 2022 Database L1 AWS RDS v1.1.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are InstalledMS_SQLDBCIS SQL Server 2022 Database L1 DB v1.1.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2016 Database L1 AWS RDS v1.4.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2016 Database L1 DB v1.4.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 3.6 Database Audit L1 v1.1.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
1.1.1 Ensure NGINX is installedUnixCIS NGINX Benchmark v2.0.1 L1 Loadbalancer
1.1.1 Ensure NGINX is installedUnixCIS NGINX Benchmark v2.0.1 L1 Proxy
1.1.1 Ensure NGINX is installedUnixCIS NGINX Benchmark v2.0.1 L1 Webserver
1.1.2 Ensure NGINX is installed from sourceUnixCIS NGINX Benchmark v2.0.1 L2 Webserver
1.1.2 Ensure NGINX is installed from sourceUnixCIS NGINX Benchmark v2.0.1 L2 Loadbalancer
1.1.2 Ensure NGINX is installed from sourceUnixCIS NGINX Benchmark v2.0.1 L2 Proxy
1.2 Ensure the Image Profile VIB acceptance level is configured properlyUnixCIS VMware ESXi 7.0 v1.3.0 Level 1 Bare Metal
1.2 Ensure the Image Profile VIB acceptance level is configured properlyUnixCIS VMware ESXi 6.7 v1.3.0 Level 1 Bare Metal
1.2 Verify Image Profile and VIB Acceptance LevelsVMwareCIS VMware ESXi 5.1 v1.0.1 Level 1
1.2 Verify Image Profile and VIB Acceptance LevelsVMwareCIS VMware ESXi 5.5 v1.2.0 Level 1
1.2.33 Ensure unsupported configuration overrides are not usedOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.3 Ensure no unauthorized kernel modules are loaded on the hostUnixCIS VMware ESXi 6.7 v1.3.0 Level 1 Bare Metal
1.3 Ensure no unauthorized kernel modules are loaded on the hostUnixCIS VMware ESXi 7.0 v1.3.0 Level 1 Bare Metal
1.3 Verify no unauthorized kernel modules are loaded on the hostVMwareCIS VMware ESXi 5.5 v1.2.0 Level 1
1.3 Verify no unauthorized kernel modules are loaded on the hostVMwareCIS VMware ESXi 5.1 v1.0.1 Level 1
1.5 Ensure that VDS Netflow traffic is only being sent to authorized collector IP AddressesVMwareCIS VMware ESXi 5.1 v1.0.1 Level 1
1.5 Ensure the Latest Security Patches are AppliedPostgreSQLDBCIS PostgreSQL 13 DB v1.2.0
1.5 Ensure the Latest Security Patches are AppliedPostgreSQLDBCIS PostgreSQL 14 DB v 1.2.0
1.6 Restrict port-level configuration overrides on vDSVMwareCIS VMware ESXi 5.1 v1.0.1 Level 1
1.28 Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.119 Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'WindowsCIS Microsoft Edge L1 v2.0.0
2.1 (L1) Host must run software that has not reached End of General Support statusVMwareCIS VMware ESXi 8.0 v1.1.0 L1
2.4 (L1) Host image profile acceptance level must be PartnerSupported or higherUnixCIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal
2.9 Ensure Legacy EFI Is Valid and Updating - checked regularlyUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - checked regularlyUnixCIS Apple macOS 12.0 Monterey v3.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - checked regularlyUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - validUnixCIS Apple macOS 12.0 Monterey v3.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - validUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - validUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.11 Ensure EFI Version Is Valid and Checked Regularly - daemonUnixCIS Apple macOS 10.14 v2.0.0 L1
2.11 Ensure EFI Version Is Valid and Checked Regularly - integrity-checkUnixCIS Apple macOS 10.14 v2.0.0 L1
4.1 Ensure the Latest Security Patches are AppliedMySQLDBCIS MySQL 5.7 Community Database L1 v2.0.0
4.1 Ensure the Latest Security Patches are AppliedMySQLDBCIS MySQL 5.7 Enterprise Database L1 v2.0.0
20.3 Ensure 'Microsoft Internet Explorer is not installed on the system'WindowsCIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
20.41 Ensure 'Operating System is maintained at a supported servicing level'WindowsCIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
20.41 Ensure 'Operating System is maintained at a supported servicing level'WindowsCIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
20.42 Ensure 'Operating System is maintained at a supported servicing level'WindowsCIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
20.42 Ensure 'Operating System is maintained at a supported servicing level'WindowsCIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0