CCI|CCI-000213

Title

The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2009

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4.1 Ensure bootloader password is set - password efi grub	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - password efi user	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - password grub	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - password user	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - superusers efi	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - superusers grub	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.3 Ensure authentication required for single user mode	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.5 Ensure version 7.2 or newer booted with a BIOS have a unique name for the grub superusers account	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.6 Ensure version 7.2 or newer booted with UEFI have a unique name for the grub superusers account - UEFI must have a unique name for the grub superusers account when booting into single-user mode and maintenance.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.008 - Local volumes are not formatted using NTFS.	Windows	DISA Windows Vista STIG v6r41
3.027 - Printer share permissions are not configured as recommended.	Windows	DISA Windows Vista STIG v6r41
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Site v2r3
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Site v2r3 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Site v2r3 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Site v2r3
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngine	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocol	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Enforce Approved Authorization for Logical Access	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Approved Authorization for Logical Access	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Approved Authorization for Logical Access	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Approved Authorization for Logical Access	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Approved Authorization for Logical Access	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Approved Authorization for Logical Access	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Approved Authorization for Logical Access	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Approved Authorization for Logical Access	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Approved Authorization for Logical Access	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
CNTR-K8-000270 - The Kubernetes API Server must enable Node,RBAC as the authorization mode.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000300 - The Kubernetes Scheduler must have secure binding.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000310 - The Kubernetes Controller Manager must have secure binding.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000320 - The Kubernetes API server must have the insecure port flag disabled.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000330 - The Kubernetes Kubelet must have the 'readOnlyPort' flag disabled.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000340 - The Kubernetes API server must have the insecure bind address not set.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000350 - The Kubernetes API server must have the secure port set.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000360 - The Kubernetes API server must have anonymous authentication disabled.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000370 - The Kubernetes Kubelet must have anonymous authentication disabled.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000380 - The Kubernetes kubelet must enable explicit authorization.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000400 - Kubernetes Worker Nodes must not have sshd service running.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000410 - Kubernetes Worker Nodes must not have the sshd service enabled.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000420 - Kubernetes dashboard must not be enabled.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000430 - Kubernetes Kubectl cp command must give expected access and results.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000440 - The Kubernetes kubelet staticPodPath must not enable static pods.	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000450 - Kubernetes DynamicAuditing must not be enabled - kubelet	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000450 - Kubernetes DynamicAuditing must not be enabled - manifest	Unix	DISA STIG Kubernetes v1r10
CNTR-K8-000460 - Kubernetes DynamicKubeletConfig must not be enabled - kubelet	Unix	DISA STIG Kubernetes v1r10

Detections

Analytics

CCI|CCI-000213

Title

Reference Item Details

Audit Items