Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Search
Attack Path Techniques
Overview
Search
Audits
References
CAT
III
CAT
CAT|III
Title
DISA Severity Level 3
Description
Any vulnerability, the existence of which degrades measures to protect against loss of Confidentiality, Availability, or Integrity.
Reference Item Details
Reference:
CAT - DISA Severity Level
Category:
Severity Level
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
1.2 Ensure all configurations are made to the appropriate server profile
Unix
Redhat JBoss EAP 5.x
1.4 Ensure Technology Preview components are disabled in production environments
Unix
Redhat JBoss EAP 5.x
1.5 Disable Hot Deployment in production
Unix
Redhat JBoss EAP 5.x
1.6 Production applications should not implement the default SRPVerifierStore interface for the Secure Remote Password (SRP) protocol
Unix
Redhat JBoss EAP 5.x
1.9 Ensure appropriate DefaultDS is enabled
Unix
Redhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabled
Unix
Redhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabled - 'JBOSS_HOME/common/lib/hsqldb-plugin.jar'
Unix
Redhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabled - 'JBOSS_HOME/common/lib/hsqldb.jar'
Unix
Redhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabled - 'JBOSS_HOME/server/@PROFILE@/deploy/hsqldb-ds.xml'
Unix
Redhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabled - 'JBOSS_HOME/server/@PROFILE@/deploy/messaging/hsqldb-persistence-service.xml'
Unix
Redhat JBoss EAP 5.x
1.12 Ensure HSQLDB Security Domain is removed - 'HsqlDbRealm = false'
Unix
Redhat JBoss EAP 5.x
1.013 - System information backups are not created, updated, and protected according to DISA requirements.
Windows
DISA Windows Vista STIG v6r41
1.14 - Ensure Oracle Database persistence plugin is set correctly - 'DatabasePersistencePlugin'
Unix
Redhat JBoss EAP 5.x
1.016 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.
Windows
DISA Windows Vista STIG v6r41
2.28 Ensure all required information is displayed in <layout> - 'ConversionPattern = %d %-5p \[%c\] \(%t:%x\) %m%n'
Unix
Redhat JBoss EAP 5.x
2.29 Production applications should not log output to the JBoss console - 'JBoss console output log = false'
Unix
Redhat JBoss EAP 5.x
3.003 - System pagefile is cleared upon shutdown.
Windows
DISA Windows Vista STIG v6r41
3.004 - Secure Removable Media - CD-ROM
Windows
DISA Windows Vista STIG v6r41
3.006 - Floppy media devices are not allocated upon user logon.
Windows
DISA Windows Vista STIG v6r41
3.007 - The system allows shutdown from the logon dialog box.
Windows
DISA Windows Vista STIG v6r41
3.013 - Caching of logon credentials must be limited.
Windows
DISA Windows Vista STIG v6r41
3.014 - The Windows dialog box title for the legal banner must be configured.
Windows
DISA Windows Vista STIG v6r41
3.027 - Printer share permissions are not configured as recommended.
Windows
DISA Windows Vista STIG v6r41
3.029 - Print driver installation privilege is not restricted to administrators.
Windows
DISA Windows Vista STIG v6r41
3.044 - The computer account password is prevented from being reset.
Windows
DISA Windows Vista STIG v6r41
3.048 - The Recovery Console SET command must be disabled.
Windows
DISA Windows Vista STIG v6r41
3.054 - Users are not warned in advance that their passwords will expire.
Windows
DISA Windows Vista STIG v6r41
3.055 - The default permissions of Global system objects are not increased.
Windows
DISA Windows Vista STIG v6r41
3.084 - The system is configured to use an unauthorized time server. - 'NTPServer'
Windows
DISA Windows Vista STIG v6r41
3.084 - The system is configured to use an unauthorized time server. - 'Type' - Domain
Windows
DISA Windows Vista STIG v6r41
3.084 - The system is configured to use an unauthorized time server. - 'Type' - Non-domain
Windows
DISA Windows Vista STIG v6r41
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.
Windows
DISA Windows Vista STIG v6r41
3.094 - The system is configured to allow IP source routing.
Windows
DISA Windows Vista STIG v6r41
3.095 - The system is configured to redirect ICMP.
Windows
DISA Windows Vista STIG v6r41
3.097 - The system is configured for a greater keep-alive time than recommended.
Windows
DISA Windows Vista STIG v6r41
3.101 - The system must be configured to ignore NetBIOS name release requests except from WINS servers.
Windows
DISA Windows Vista STIG v6r41
3.104 - The system is configured to detect and configure default gateway addresses.
Windows
DISA Windows Vista STIG v6r41
3.119 - The system is configured to allow the display of the last user name on the logon screen.
Windows
DISA Windows Vista STIG v6r41
3.126 - Hide Computer from the browse list.
Windows
DISA Windows Vista STIG v6r41
3.127 - IPSec Exemptions are limited.
Windows
DISA Windows Vista STIG v6r41
3.141 - User Account Control - Executable Elevation
Windows
DISA Windows Vista STIG v6r41
4.006 - Users must be forcibly disconnected when their logon hours expire.
Windows
DISA Windows Vista STIG v6r41
4.019 - Outdated or unused accounts must be removed from the system.
Windows
DISA Windows Vista STIG v6r41
4.024 - Local users must not exist on a system in a domain.
Windows
DISA Windows Vista STIG v6r41
4.028 - The amount of idle time required before suspending a session must be properly set.
Windows
DISA Windows Vista STIG v6r41
4.043 - The maximum age for machine account passwords is not set to requirements.
Windows
DISA Windows Vista STIG v6r41
4.045 - Domain Controller authentication is not required to unlock the workstation.
Windows
DISA Windows Vista STIG v6r41
5.098 - The system must limit how many times unacknowledged TCP data is retransmitted.
Windows
DISA Windows Vista STIG v6r41
5.102 - This check verifies that Windows is configured to have password protection take effect within a limited time frame.
Windows
DISA Windows Vista STIG v6r41
5.209 - Device Install - Drivers System Restore Point
Windows
DISA Windows Vista STIG v6r41