800-53|SA-22

Title

UNSUPPORTED SYSTEM COMPONENTS

Description

The organization:

Supplemental

Support for information system components includes, for example, software patches, firmware updates, replacement parts, and maintenance contracts. Unsupported components (e.g., when vendors are no longer providing critical software patches), provide a substantial opportunity for adversaries to exploit new weaknesses discovered in the currently installed components. Exceptions to replacing unsupported system components may include, for example, systems that provide critical mission/business capability where newer technologies are not available or where the systems are so isolated that installing replacement components is not an option.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: PL-2,SA-3

Category: SYSTEM AND SERVICES ACQUISITION

Family: SYSTEM AND SERVICES ACQUISITION

Priority: P0

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1 (L1) Host hardware must have auditable, authentic, and up to date system and device firmware	VMware	CIS VMware ESXi 8.0 v1.1.0 L1
1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed	MS_SQLDB	CIS SQL Server 2022 Database L1 AWS RDS v1.1.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed	MS_SQLDB	CIS SQL Server 2022 Database L1 DB v1.1.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed	MS_SQLDB	CIS SQL Server 2017 Database L1 AWS RDS v1.3.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed	MS_SQLDB	CIS SQL Server 2019 Database L1 AWS RDS v1.3.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed	MS_SQLDB	CIS SQL Server 2019 Database L1 DB v1.3.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed	MS_SQLDB	CIS SQL Server 2017 Database L1 DB v1.3.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed	MS_SQLDB	CIS SQL Server 2016 Database L1 DB v1.4.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed	MS_SQLDB	CIS SQL Server 2016 Database L1 AWS RDS v1.4.0
1.1 Ensure the appropriate MongoDB software version/patches are installed	MongoDB	CIS MongoDB 3.6 Database Audit L1 v1.1.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed	OracleDB	CIS Oracle Server 19c DB Traditional Auditing v1.2.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed	OracleDB	CIS Oracle Server 19c DB Unified Auditing v1.2.0
1.1.1 Ensure NGINX is installed	Unix	CIS NGINX Benchmark v2.0.1 L1 Webserver
1.1.1 Ensure NGINX is installed	Unix	CIS NGINX Benchmark v2.0.1 L1 Loadbalancer
1.1.1 Ensure NGINX is installed	Unix	CIS NGINX Benchmark v2.0.1 L1 Proxy
1.1.2 Ensure NGINX is installed from source	Unix	CIS NGINX Benchmark v2.0.1 L2 Webserver
1.1.2 Ensure NGINX is installed from source	Unix	CIS NGINX Benchmark v2.0.1 L2 Proxy
1.1.2 Ensure NGINX is installed from source	Unix	CIS NGINX Benchmark v2.0.1 L2 Loadbalancer
1.2 (L1) Ensure the Image Profile VIB acceptance level is configured properly	Unix	CIS VMware ESXi 7.0 v1.4.0 L1 Bare Metal
1.2 Ensure the Image Profile VIB acceptance level is configured properly	Unix	CIS VMware ESXi 6.7 v1.3.0 Level 1 Bare Metal
1.2.33 Ensure unsupported configuration overrides are not used	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.3 (L1) Ensure no unauthorized kernel modules are loaded on the host	Unix	CIS VMware ESXi 7.0 v1.4.0 L1 Bare Metal
1.3 Ensure no unauthorized kernel modules are loaded on the host	Unix	CIS VMware ESXi 6.7 v1.3.0 Level 1 Bare Metal
1.5 Ensure the Latest Security Patches are Applied	PostgreSQLDB	CIS PostgreSQL 13 DB v1.2.0
1.5 Ensure the Latest Security Patches are Applied	PostgreSQLDB	CIS PostgreSQL 14 DB v 1.2.0
1.28 Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'	Windows	CIS Google Chrome L1 v3.0.0
1.119 Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'	Windows	CIS Microsoft Edge L1 v2.0.0
2.1 (L1) Host must run software that has not reached End of General Support status	VMware	CIS VMware ESXi 8.0 v1.1.0 L1
2.4 (L1) Host image profile acceptance level must be PartnerSupported or higher	Unix	CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal
2.9 Ensure Legacy EFI Is Valid and Updating - checked regularly	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - checked regularly	Unix	CIS Apple macOS 12.0 Monterey v3.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - checked regularly	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - valid	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - valid	Unix	CIS Apple macOS 12.0 Monterey v3.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - valid	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L1
2.11 Ensure EFI Version Is Valid and Checked Regularly - daemon	Unix	CIS Apple macOS 10.14 v2.0.0 L1
2.11 Ensure EFI Version Is Valid and Checked Regularly - integrity-check	Unix	CIS Apple macOS 10.14 v2.0.0 L1
4.1 Ensure the Latest Security Patches are Applied	Unix	CIS MariaDB 10.6 on Linux L1 v1.1.0
4.1 Ensure the Latest Security Patches are Applied	MySQLDB	CIS MySQL 5.6 Community Database L1 v2.0.0
4.1 Ensure the Latest Security Patches are Applied	MySQLDB	CIS MySQL 5.7 Community Database L1 v2.0.0
4.1 Ensure the Latest Security Patches are Applied	MySQLDB	CIS MySQL 5.6 Enterprise Database L1 v2.0.0
4.1 Ensure the Latest Security Patches are Applied	MySQLDB	CIS MySQL 5.7 Enterprise Database L1 v2.0.0
4.2 Ensure device is not obviously jailbroken or compromised	MDM	AirWatch - CIS Apple iOS 17 Institution Owned L1
4.11 Ensure only verified packages are installed	Unix	CIS Docker v1.6.0 L2 Docker Linux
4.12 Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects	GCP	CIS Google Cloud Platform v3.0.0 L2
20.3 (L1) Ensure 'Microsoft Internet Explorer is not installed on the system'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
20.41 Ensure 'Operating System is maintained at a supported servicing level'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG DC
20.41 Ensure 'Operating System is maintained at a supported servicing level'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG MS
20.42 Ensure 'Operating System is maintained at a supported servicing level'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
20.42 Ensure 'Operating System is maintained at a supported servicing level'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS

Detections

Analytics