Audits
Settings
Links
Tenable.io
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Links
Tenable.io
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Audits
References
CAT
II
CAT
CAT|II
Title
DISA Severity Level 2
Description
Any vulnerability, the exploitation of which has a potential to result in loss of Confidentiality, Availability, or Integrity.
Reference Item Details
Reference:
CAT - DISA Severity Level
Category:
Severity Level
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements.
Windows
DISA Windows Vista STIG v6r41
1.007 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.
Windows
DISA Windows Vista STIG v6r41
1.7 Declare an EJB authorization policy for deployed applications
Unix
Redhat JBoss EAP 5.x
1.008 - Shared user accounts are permitted on the system.
Windows
DISA Windows Vista STIG v6r41
1.15 - Ensure IBM JRE 1.6 is configured correctly - 'policy.provider = sun.security.provider.PolicyFile'
Unix
Redhat JBoss EAP 5.x
1.17 The allRolesMode must be configured to 'strict' - 'allRolesMode = strict'
Unix
Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'JBossWS password != empty'
Unix
Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'JBossWS principal != sa'
Unix
Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'JBossWS userName != sa'
Unix
Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jbossws-users.properties - kermit'
Unix
Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console password != empty'
Unix
Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console principal != sa'
Unix
Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console userName != sa'
Unix
Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console-users.properties - admin'
Unix
Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'messaging-users.properties - guest'
Unix
Redhat JBoss EAP 5.x
1.20 - Remove default roles from production servers - 'admin-console default role != JBossAdmin|HttpInvoker|friend|guest'
Unix
Redhat JBoss EAP 5.x
1.20 - Remove default roles from production servers - 'console-mgr default role != JBossAdmin|HttpInvoker|friend|guest'
Unix
Redhat JBoss EAP 5.x
1.20 - Remove default roles from production servers - 'jmx-console default role != JBossAdmin|HttpInvoker|friend|guest'
Unix
Redhat JBoss EAP 5.x
1.22 DefaultCacheTimeout must be configured properly for active security domains - 'DefaultCacheTimeout <= 1800'
Unix
Redhat JBoss EAP 5.x
2.001 - Permissions for event logs must conform to minimum requirements - application.evtx
Windows
DISA Windows Vista STIG v6r41
2.001 - Permissions for event logs must conform to minimum requirements - security.evtx
Windows
DISA Windows Vista STIG v6r41
2.001 - Permissions for event logs must conform to minimum requirements - system.evtx
Windows
DISA Windows Vista STIG v6r41
2.1 Configure Java Security Manager to use an environment specific policy - 'JAVA_OPTS -Djava.security.manager -Djava.security.policy'
Unix
Redhat JBoss EAP 5.x
2.006 - ACLs for system files and directories do not conform to minimum requirements. - 'C:'
Windows
DISA Windows Vista STIG v6r41
2.006 - ACLS FOR SYSTEM FILES AND DIRECTORIES DO NOT CONFORM TO MINIMUM REQUIREMENTS. - 'C:\Program Files'
Windows
DISA Windows Vista STIG v6r41
2.006 - ACLS FOR SYSTEM FILES AND DIRECTORIES DO NOT CONFORM TO MINIMUM REQUIREMENTS. - 'C:\Windows'
Windows
DISA Windows Vista STIG v6r41
2.014 - ACLs for disabled services do not conform to minimum standards.
Windows
DISA Windows Vista STIG v6r41
2.015 - File share ACLs have not been reconfigured to remove the Everyone group.
Windows
DISA Windows Vista STIG v6r41
2.019 - Security-related Software Patches are not applied.
Windows
DISA Windows Vista STIG v6r41
2.021 - Remove Software Certificate Installation Files
Windows
DISA Windows Vista STIG v6r41
2.23 Ensure Security Audit Appender is enabled - 'Audit Appender = true'
Unix
Redhat JBoss EAP 5.x
2.24 Ensure Security Audit Provider is enabled - 'Audit Provider = true'
Unix
Redhat JBoss EAP 5.x
2.25 Ensure Configure SecurityInterceptor logging level is set correctly - 'org.jboss.ejb.plugins.SecurityInterceptor = true'
Unix
Redhat JBoss EAP 5.x
2.26 Ensure logging is enabled for Microcontainer bootstrap operations - 'SecurityInterceptor logging level = true'
Unix
Redhat JBoss EAP 5.x
2.27 - Ensure logging is enabled for web-based requests if required by deployed applications - 'AccessLogValve = true'
Unix
Redhat JBoss EAP 5.x
2.31 - Deny the JBoss process owner console access
Unix
Redhat JBoss EAP 5.x
2.32/2.33 - Set JBoss file ownership/permissions
Unix
Redhat JBoss EAP 5.x
3.011 - The required legal notice must be configured to display before console logon.
Windows
DISA Windows Vista STIG v6r41
3.028 - The built-in Windows password complexity policy must be enabled.
Windows
DISA Windows Vista STIG v6r41
3.032 - Ctrl+Alt+Del security attention sequence is Disabled.
Windows
DISA Windows Vista STIG v6r41
3.034 - Unencrypted passwords must not be sent to third-party SMB Servers.
Windows
DISA Windows Vista STIG v6r41
3.040 - Automatic logons must be disabled.
Windows
DISA Windows Vista STIG v6r41
3.042 - Outgoing secure channel traffic is not signed when possible.
Windows
DISA Windows Vista STIG v6r41
3.043 - Outgoing secure channel traffic is not encrypted when possible.
Windows
DISA Windows Vista STIG v6r41
3.045 - The Windows SMB client is not enabled to perform SMB packet signing when possible.
Windows
DISA Windows Vista STIG v6r41
3.046 - The Windows SMB server is not enabled to perform SMB packet signing when possible.
Windows
DISA Windows Vista STIG v6r41
3.047 - The Smart Card removal option is set to take no action.
Windows
DISA Windows Vista STIG v6r41
3.052 - Ejection of removable NTFS media is not restricted to Administrators.
Windows
DISA Windows Vista STIG v6r41
3.057 - Reversible password encryption is not disabled.
Windows
DISA Windows Vista STIG v6r41
3.070 - The system is configured to permit storage of credentials or .NET Passports.
Windows
DISA Windows Vista STIG v6r41
