CCI|CCI-000213

Title

The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.4.1 Ensure bootloader password is set - password efi grubUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - password efi userUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - password grubUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - password userUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - superusers efiUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - superusers grubUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.3 Ensure authentication required for single user modeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.5 Ensure version 7.2 or newer booted with a BIOS have a unique name for the grub superusers accountUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.6 Ensure version 7.2 or newer booted with UEFI have a unique name for the grub superusers account - UEFI must have a unique name for the grub superusers account when booting into single-user mode and maintenance.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.008 - Local volumes are not formatted using NTFS.WindowsDISA Windows Vista STIG v6r41
3.027 - Printer share permissions are not configured as recommended.WindowsDISA Windows Vista STIG v6r41
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Site v2r2
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Site v2r2
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleWindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngineWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
CNTR-K8-000270 - The Kubernetes API Server must enable Node,RBAC as the authorization mode.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000300 - The Kubernetes Scheduler must have secure binding.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000310 - The Kubernetes Controller Manager must have secure binding.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000320 - The Kubernetes API server must have the insecure port flag disabled.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000330 - The Kubernetes Kubelet must have the read-only port flag disabled.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000340 - The Kubernetes API server must have the insecure bind address not set.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000350 - The Kubernetes API server must have the secure port set.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000360 - The Kubernetes API server must have anonymous authentication disabled.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000370 - The Kubernetes Kubelet must have anonymous authentication disabled.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000380 - The Kubernetes kubelet must enable explicit authorization.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000400 - Kubernetes Worker Nodes must not have sshd service running.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000410 - Kubernetes Worker Nodes must not have the sshd service enabled.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000420 - Kubernetes dashboard must not be enabled.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000430 - Kubernetes Kubectl cp command must give expected access and results.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000440 - The Kubernetes kubelet static PodPath must not enable static pods.UnixDISA STIG Kubernetes v1r5
CNTR-K8-000450 - Kubernetes DynamicAuditing must not be enabled - kubeletUnixDISA STIG Kubernetes v1r5
CNTR-K8-000450 - Kubernetes DynamicAuditing must not be enabled - manifestUnixDISA STIG Kubernetes v1r5
CNTR-K8-000460 - Kubernetes DynamicKubeletConfig must not be enabled - kubeletUnixDISA STIG Kubernetes v1r5