Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CAT
III
CAT
CAT|III
Title
DISA Severity Level 3
Description
Any vulnerability, the existence of which degrades measures to protect against loss of Confidentiality, Availability, or Integrity.
Reference Item Details
Reference:
CAT - DISA Severity Level
Category:
Severity Level
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
1.2 Ensure all configurations are made to the appropriate server profile
Unix
Redhat JBoss EAP 5.x
1.4 Ensure Technology Preview components are disabled in production environments
Unix
Redhat JBoss EAP 5.x
1.5 Disable Hot Deployment in production
Unix
Redhat JBoss EAP 5.x
1.6 Production applications should not implement the default SRPVerifierStore interface for the Secure Remote Password (SRP) protocol
Unix
Redhat JBoss EAP 5.x
1.9 Ensure appropriate DefaultDS is enabled
Unix
Redhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabled
Unix
Redhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabled - 'JBOSS_HOME/common/lib/hsqldb-plugin.jar'
Unix
Redhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabled - 'JBOSS_HOME/common/lib/hsqldb.jar'
Unix
Redhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabled - 'JBOSS_HOME/server/@PROFILE@/deploy/hsqldb-ds.xml'
Unix
Redhat JBoss EAP 5.x
1.11 Ensure default HSQLDB is disabled - 'JBOSS_HOME/server/@PROFILE@/deploy/messaging/hsqldb-persistence-service.xml'
Unix
Redhat JBoss EAP 5.x
1.12 Ensure HSQLDB Security Domain is removed - 'HsqlDbRealm = false'
Unix
Redhat JBoss EAP 5.x
1.013 - System information backups are not created, updated, and protected according to DISA requirements.
Windows
DISA Windows Vista STIG v6r41
1.013 - System information backups are not created, updated, and protected according to DISA requirements.
Windows
DISA Windows Server 2008 MS STIG v6r46
1.013 - System information backups are not created, updated, and protected according to DISA requirements.
Windows
DISA Windows Server 2008 DC STIG v6r47
1.013 - System information backups are not created, updated, and protected according to DISA requirements.
Windows
DISA Windows 7 STIG v1r32
1.013 - System information backups will be created, updated, and protected.
Windows
DISA Windows Server 2008 R2 MS STIG v1r33
1.013 - System information backups will be created, updated, and protected.
Windows
DISA Windows Server 2008 R2 DC STIG v1r34
1.14 - Ensure Oracle Database persistence plugin is set correctly - 'DatabasePersistencePlugin'
Unix
Redhat JBoss EAP 5.x
1.016 - Security configuration tools are not being used to configure platforms for security compliance.
Windows
DISA Windows 7 STIG v1r32
1.016 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.
Windows
DISA Windows Server 2008 MS STIG v6r46
1.016 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.
Windows
DISA Windows Vista STIG v6r41
1.016 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.
Windows
DISA Windows Server 2008 DC STIG v6r47
1.016 - Security configuration tools or equivalent processes will be used to configure platforms for security compliance.
Windows
DISA Windows Server 2008 R2 DC STIG v1r34
1.016 - Security configuration tools or equivalent processes will be used to configure platforms for security compliance.
Windows
DISA Windows Server 2008 R2 MS STIG v1r33
2.28 Ensure all required information is displayed in <layout> - 'ConversionPattern = %d %-5p \[%c\] \(%t:%x\) %m%n'
Unix
Redhat JBoss EAP 5.x
2.29 Production applications should not log output to the JBoss console - 'JBoss console output log = false'
Unix
Redhat JBoss EAP 5.x
2.1022 - The system must mount /dev/shm with the nodev option. - fstab
Unix
Tenable Fedora Linux Best Practices v2.0.0
2.1022 - The system must mount /dev/shm with the nodev option. - mount
Unix
Tenable Fedora Linux Best Practices v2.0.0
2.1023 - The system must mount /dev/shm with the nosuid option. - fstab
Unix
Tenable Fedora Linux Best Practices v2.0.0
2.1023 - The system must mount /dev/shm with the nosuid option. - mount
Unix
Tenable Fedora Linux Best Practices v2.0.0
2.1024 - The system must mount /dev/shm with the noexec option. - fstab
Unix
Tenable Fedora Linux Best Practices v2.0.0
2.1024 - The system must mount /dev/shm with the noexec option. - mount
Unix
Tenable Fedora Linux Best Practices v2.0.0
2.1340 - The system must use a separate file system for /tmp (or equivalent).
Unix
Tenable Fedora Linux Best Practices v2.0.0
2.1600 - The system must be configured so that the file integrity tool is configured to verify Access Control Lists (ACLs) - installed
Unix
Tenable Fedora Linux Best Practices v2.0.0
2.1610 - The system must be configured so that the file integrity tool is configured to verify extended attributes - installed
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.003 - System pagefile is cleared upon shutdown.
Windows
DISA Windows 7 STIG v1r32
3.003 - System pagefile is cleared upon shutdown.
Windows
DISA Windows Vista STIG v6r41
3.004 - Secure Removable Media - CD-ROM
Windows
DISA Windows Vista STIG v6r41
3.004 - Secure Removable Media - CD-ROM
Windows
DISA Windows 7 STIG v1r32
3.006 - Floppy media devices are not allocated upon user logon.
Windows
DISA Windows 7 STIG v1r32
3.006 - Floppy media devices are not allocated upon user logon.
Windows
DISA Windows Vista STIG v6r41
3.007 - The shutdown option will not be available from the logon dialog box.
Windows
DISA Windows Server 2008 R2 DC STIG v1r34
3.007 - The shutdown option will not be available from the logon dialog box.
Windows
DISA Windows Server 2008 R2 MS STIG v1r33
3.007 - The system allows shutdown from the logon dialog box.
Windows
DISA Windows 7 STIG v1r32
3.007 - The system allows shutdown from the logon dialog box.
Windows
DISA Windows Server 2008 DC STIG v6r47
3.007 - The system allows shutdown from the logon dialog box.
Windows
DISA Windows Vista STIG v6r41
3.007 - The system allows shutdown from the logon dialog box.
Windows
DISA Windows Server 2008 MS STIG v6r46
3.013 - Caching of logon credentials must be limited.
Windows
DISA Windows 7 STIG v1r32
3.013 - Caching of logon credentials must be limited.
Windows
DISA Windows Server 2008 DC STIG v6r47
3.013 - Caching of logon credentials must be limited.
Windows
DISA Windows Server 2008 R2 MS STIG v1r33