CAT|III

Title

DISA Severity Level 3

Description

Any vulnerability, the existence of which degrades measures to protect against loss of Confidentiality, Availability, or Integrity.

Reference Item Details

Category: Severity Level

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2 Ensure all configurations are made to the appropriate server profileUnixRedhat JBoss EAP 5.x
1.4 Ensure Technology Preview components are disabled in production environmentsUnixRedhat JBoss EAP 5.x
1.5 Disable Hot Deployment in productionUnixRedhat JBoss EAP 5.x
1.6 Production applications should not implement the default SRPVerifierStore interface for the Secure Remote Password (SRP) protocolUnixRedhat JBoss EAP 5.x
1.9 Ensure appropriate DefaultDS is enabledUnixRedhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabledUnixRedhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabled - 'JBOSS_HOME/common/lib/hsqldb-plugin.jar'UnixRedhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabled - 'JBOSS_HOME/common/lib/hsqldb.jar'UnixRedhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabled - 'JBOSS_HOME/server/@PROFILE@/deploy/hsqldb-ds.xml'UnixRedhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabled - 'JBOSS_HOME/server/@PROFILE@/deploy/messaging/hsqldb-persistence-service.xml'UnixRedhat JBoss EAP 5.x
1.12 Ensure HSQLDB Security Domain is removed - 'HsqlDbRealm = false'UnixRedhat JBoss EAP 5.x
1.013 - System information backups are not created, updated, and protected according to DISA requirements.WindowsDISA Windows Vista STIG v6r41
1.14 - Ensure Oracle Database persistence plugin is set correctly - 'DatabasePersistencePlugin'UnixRedhat JBoss EAP 5.x
1.016 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.WindowsDISA Windows Vista STIG v6r41
2.28 Ensure all required information is displayed in <layout> - 'ConversionPattern = %d %-5p \[%c\] \(%t:%x\) %m%n'UnixRedhat JBoss EAP 5.x
2.29 Production applications should not log output to the JBoss console - 'JBoss console output log = false'UnixRedhat JBoss EAP 5.x
3.003 - System pagefile is cleared upon shutdown.WindowsDISA Windows Vista STIG v6r41
3.004 - Secure Removable Media - CD-ROMWindowsDISA Windows Vista STIG v6r41
3.006 - Floppy media devices are not allocated upon user logon.WindowsDISA Windows Vista STIG v6r41
3.007 - The system allows shutdown from the logon dialog box.WindowsDISA Windows Vista STIG v6r41
3.013 - Caching of logon credentials must be limited.WindowsDISA Windows Vista STIG v6r41
3.014 - The Windows dialog box title for the legal banner must be configured.WindowsDISA Windows Vista STIG v6r41
3.027 - Printer share permissions are not configured as recommended.WindowsDISA Windows Vista STIG v6r41
3.029 - Print driver installation privilege is not restricted to administrators.WindowsDISA Windows Vista STIG v6r41
3.044 - The computer account password is prevented from being reset.WindowsDISA Windows Vista STIG v6r41
3.048 - The Recovery Console SET command must be disabled.WindowsDISA Windows Vista STIG v6r41
3.054 - Users are not warned in advance that their passwords will expire.WindowsDISA Windows Vista STIG v6r41
3.055 - The default permissions of Global system objects are not increased.WindowsDISA Windows Vista STIG v6r41
3.084 - The system is configured to use an unauthorized time server. - 'NTPServer'WindowsDISA Windows Vista STIG v6r41
3.084 - The system is configured to use an unauthorized time server. - 'Type' - DomainWindowsDISA Windows Vista STIG v6r41
3.084 - The system is configured to use an unauthorized time server. - 'Type' - Non-domainWindowsDISA Windows Vista STIG v6r41
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.WindowsDISA Windows Vista STIG v6r41
3.094 - The system is configured to allow IP source routing.WindowsDISA Windows Vista STIG v6r41
3.095 - The system is configured to redirect ICMP.WindowsDISA Windows Vista STIG v6r41
3.097 - The system is configured for a greater keep-alive time than recommended.WindowsDISA Windows Vista STIG v6r41
3.101 - The system must be configured to ignore NetBIOS name release requests except from WINS servers.WindowsDISA Windows Vista STIG v6r41
3.104 - The system is configured to detect and configure default gateway addresses.WindowsDISA Windows Vista STIG v6r41
3.119 - The system is configured to allow the display of the last user name on the logon screen.WindowsDISA Windows Vista STIG v6r41
3.126 - Hide Computer from the browse list.WindowsDISA Windows Vista STIG v6r41
3.127 - IPSec Exemptions are limited.WindowsDISA Windows Vista STIG v6r41
3.141 - User Account Control - Executable ElevationWindowsDISA Windows Vista STIG v6r41
4.006 - Users must be forcibly disconnected when their logon hours expire.WindowsDISA Windows Vista STIG v6r41
4.019 - Outdated or unused accounts must be removed from the system.WindowsDISA Windows Vista STIG v6r41
4.024 - Local users must not exist on a system in a domain.WindowsDISA Windows Vista STIG v6r41
4.028 - The amount of idle time required before suspending a session must be properly set.WindowsDISA Windows Vista STIG v6r41
4.043 - The maximum age for machine account passwords is not set to requirements.WindowsDISA Windows Vista STIG v6r41
4.045 - Domain Controller authentication is not required to unlock the workstation.WindowsDISA Windows Vista STIG v6r41
5.098 - The system must limit how many times unacknowledged TCP data is retransmitted.WindowsDISA Windows Vista STIG v6r41
5.102 - This check verifies that Windows is configured to have password protection take effect within a limited time frame.WindowsDISA Windows Vista STIG v6r41
5.209 - Device Install - Drivers System Restore PointWindowsDISA Windows Vista STIG v6r41