800-53|SA-22

Title

UNSUPPORTED SYSTEM COMPONENTS

Description

The organization:

Supplemental

Support for information system components includes, for example, software patches, firmware updates, replacement parts, and maintenance contracts. Unsupported components (e.g., when vendors are no longer providing critical software patches), provide a substantial opportunity for adversaries to exploit new weaknesses discovered in the currently installed components. Exceptions to replacing unsupported system components may include, for example, systems that provide critical mission/business capability where newer technologies are not available or where the systems are so isolated that installing replacement components is not an option.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: PL-2,SA-3

Category: SYSTEM AND SERVICES ACQUISITION

Family: SYSTEM AND SERVICES ACQUISITION

Priority: P0

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed	MS_SQLDB	CIS SQL Server 2022 Database L1 AWS RDS v1.0.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed	MS_SQLDB	CIS SQL Server 2019 Database L1 DB v1.3.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed	MS_SQLDB	CIS SQL Server 2022 Database L1 DB v1.0.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed	MS_SQLDB	CIS SQL Server 2017 Database L1 AWS RDS v1.3.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed	MS_SQLDB	CIS SQL Server 2017 Database L1 DB v1.3.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed	MS_SQLDB	CIS SQL Server 2019 Database L1 AWS RDS v1.3.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed	MS_SQLDB	CIS SQL Server 2016 Database L1 AWS RDS v1.4.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed	MS_SQLDB	CIS SQL Server 2016 Database L1 DB v1.4.0
1.1 Ensure the appropriate MongoDB software version/patches are installed	MongoDB	CIS MongoDB 3.6 Database Audit L1 v1.1.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed	OracleDB	CIS Oracle Server 19c DB Traditional Auditing v1.2.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed	OracleDB	CIS Oracle Server 19c DB Unified Auditing v1.2.0
1.1.1 Ensure NGINX is installed	Unix	CIS NGINX Benchmark v2.0.1 L1 Loadbalancer
1.1.1 Ensure NGINX is installed	Unix	CIS NGINX Benchmark v2.0.1 L1 Proxy
1.1.1 Ensure NGINX is installed	Unix	CIS NGINX Benchmark v2.0.1 L1 Webserver
1.1.2 Ensure NGINX is installed from source	Unix	CIS NGINX Benchmark v2.0.1 L2 Proxy
1.1.2 Ensure NGINX is installed from source	Unix	CIS NGINX Benchmark v2.0.1 L2 Webserver
1.1.2 Ensure NGINX is installed from source	Unix	CIS NGINX Benchmark v2.0.1 L2 Loadbalancer
1.2 Ensure the Image Profile VIB acceptance level is configured properly	Unix	CIS VMware ESXi 7.0 v1.3.0 Level 1 Bare Metal
1.2 Ensure the Image Profile VIB acceptance level is configured properly	Unix	CIS VMware ESXi 6.7 v1.3.0 Level 1 Bare Metal
1.2 Verify Image Profile and VIB Acceptance Levels	VMware	CIS VMware ESXi 5.5 v1.2.0 Level 1
1.2 Verify Image Profile and VIB Acceptance Levels	VMware	CIS VMware ESXi 5.1 v1.0.1 Level 1
1.2.33 Ensure unsupported configuration overrides are not used	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.3 Ensure no unauthorized kernel modules are loaded on the host	Unix	CIS VMware ESXi 6.7 v1.3.0 Level 1 Bare Metal
1.3 Ensure no unauthorized kernel modules are loaded on the host	Unix	CIS VMware ESXi 7.0 v1.3.0 Level 1 Bare Metal
1.3 Verify no unauthorized kernel modules are loaded on the host	VMware	CIS VMware ESXi 5.5 v1.2.0 Level 1
1.3 Verify no unauthorized kernel modules are loaded on the host	VMware	CIS VMware ESXi 5.1 v1.0.1 Level 1
1.5 Ensure that VDS Netflow traffic is only being sent to authorized collector IP Addresses	VMware	CIS VMware ESXi 5.1 v1.0.1 Level 1
1.6 Restrict port-level configuration overrides on vDS	VMware	CIS VMware ESXi 5.1 v1.0.1 Level 1
1.28 Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'	Windows	CIS Google Chrome L1 v3.0.0
1.119 Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'	Windows	CIS Microsoft Edge L1 v2.0.0
2.9 Ensure Legacy EFI Is Valid and Updating - checked regularly	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - checked regularly	Unix	CIS Apple macOS 12.0 Monterey v3.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - checked regularly	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - valid	Unix	CIS Apple macOS 12.0 Monterey v3.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - valid	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - valid	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.11 Ensure EFI Version Is Valid and Checked Regularly - daemon	Unix	CIS Apple macOS 10.14 v2.0.0 L1
2.11 Ensure EFI Version Is Valid and Checked Regularly - integrity-check	Unix	CIS Apple macOS 10.14 v2.0.0 L1
4.1 Ensure the Latest Security Patches are Applied	MySQLDB	CIS MySQL 5.7 Community Database L1 v2.0.0
4.1 Ensure the Latest Security Patches are Applied	MySQLDB	CIS MySQL 5.7 Enterprise Database L1 v2.0.0
4.1 Ensure the Latest Security Patches are Applied	Unix	CIS MariaDB 10.6 on Linux L1 v1.0.0
4.1 Ensure the Latest Security Patches are Applied	MySQLDB	CIS MySQL 5.6 Community Database L1 v2.0.0
4.1 Ensure the Latest Security Patches are Applied	MySQLDB	CIS MySQL 5.6 Enterprise Database L1 v2.0.0
4.11 Ensure only verified packages are installed	Unix	CIS Docker v1.6.0 L2 Docker Linux
4.12 Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects	GCP	CIS Google Cloud Platform v2.0.0 L2
20.3 Ensure 'Microsoft Internet Explorer is not installed on the system'	Windows	CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
20.41 Ensure 'Operating System is maintained at a supported servicing level'	Windows	CIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
20.41 Ensure 'Operating System is maintained at a supported servicing level'	Windows	CIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
20.42 Ensure 'Operating System is maintained at a supported servicing level'	Windows	CIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
20.42 Ensure 'Operating System is maintained at a supported servicing level'	Windows	CIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0

Detections

Analytics