800-53|SI-16

Title

MEMORY PROTECTION

Description

The information system implements [Assignment: organization-defined security safeguards] to protect its memory from unauthorized code execution.

Supplemental

Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can either be hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.

Reference Item Details

Related: AC-25,SC-3

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.17.1 (L1) Ensure 'Block pop-ups from websites' is set to 'Enabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.4.2 Ensure XD/NX support is enabledUnixCIS Google Container-Optimized OS v1.2.0 L1 Server
1.4.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Google Container-Optimized OS v1.2.0 L1 Server
1.5.1 Ensure XD/NX support is enabledUnixCIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
1.5.1 Ensure XD/NX support is enabledUnixCIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
1.5.2 Ensure XD/NX support is enabledUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.5.2 Ensure XD/NX support is enabledUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.5.2 Ensure XD/NX support is enabledUnixCIS Amazon Linux v2.1.0 L1
1.5.2 Ensure XD/NX support is enabledUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.5.2 Ensure XD/NX support is enabledUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Debian 9 Server L1 v1.0.1
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Distribution Independent Linux Server L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Debian 8 Workstation L1 v2.0.2
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Debian 9 Workstation L1 v1.0.1
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Debian 8 Server L1 v2.0.2
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctlUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctlUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS Amazon Linux v2.1.0 L1
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Debian 9 Workstation L1 v1.0.1
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Debian 9 Server L1 v1.0.1
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Debian 8 Server L1 v2.0.2
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Debian 8 Workstation L1 v2.0.2
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Amazon Linux v2.1.0 L1
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf sysctl.dUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf sysctl.dUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.5.3 Ensure address space layout randomization (ASLR) is enabled (sysctl.conf/sysctl.d)UnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled (sysctl.conf/sysctl.d)UnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.6.1 Ensure XD/NX support is enabledUnixCIS Debian Family Workstation L1 v1.0.0
1.6.1 Ensure XD/NX support is enabledUnixCIS Debian Family Server L1 v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabledUnixCIS Debian Family Workstation L1 v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabledUnixCIS Debian Family Server L1 v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - configUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - configUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Debian Family Workstation L1 v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Debian Family Server L1 v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.6.2 Ensure XD/NX support is enabledUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.6.2 Ensure XD/NX support is enabledUnixCIS SUSE Linux Enterprise 12 v3.2.0 L1 Server
1.6.2 Ensure XD/NX support is enabledUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
1.6.2 Ensure XD/NX support is enabledUnixCIS SUSE Linux Enterprise 12 v3.2.0 L1 Workstation
1.6.3 Enable Randomized Virtual Memory Region Placement - kernel.randomize_va_space = 2UnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.6.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS SUSE Linux Enterprise 12 v3.2.0 L1 Server