CCI|CCI-000213

Title

The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.4.1 Ensure bootloader password is set - password efi grubUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - password efi userUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - password grubUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - password userUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - superusers efiUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - superusers grubUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.3 Ensure authentication required for single user modeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.5 Ensure version 7.2 or newer booted with a BIOS have a unique name for the grub superusers accountUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.6 Ensure version 7.2 or newer booted with UEFI have a unique name for the grub superusers account - UEFI must have a unique name for the grub superusers account when booting into single-user mode and maintenance.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.008 - Local volumes are not formatted using NTFS.WindowsDISA Windows Vista STIG v6r41
3.027 - Printer share permissions are not configured as recommended.WindowsDISA Windows Vista STIG v6r41
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are providedUnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are providedUnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleWindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngineWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Approved Authorization for Logical AccessUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
CNTR-K8-000270 - The Kubernetes API Server must enable Node,RBAC as the authorization mode.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000300 - The Kubernetes Scheduler must have secure binding.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000310 - The Kubernetes Controller Manager must have secure binding.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000320 - The Kubernetes API server must have the insecure port flag disabled.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000330 - The Kubernetes Kubelet must have the 'readOnlyPort' flag disabled - readOnlyPort flag disabled.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000340 - The Kubernetes API server must have the insecure bind address not set.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000350 - The Kubernetes API server must have the secure port set.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000360 - The Kubernetes API server must have anonymous authentication disabled.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000370 - The Kubernetes Kubelet must have anonymous authentication disabled.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000380 - The Kubernetes kubelet must enable explicit authorization.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000400 - Kubernetes Worker Nodes must not have sshd service running.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000410 - Kubernetes Worker Nodes must not have the sshd service enabled.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000420 - Kubernetes dashboard must not be enabled.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000430 - Kubernetes Kubectl cp command must give expected access and results.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000440 - The Kubernetes kubelet staticPodPath must not enable static pods.UnixDISA STIG Kubernetes v1r11
CNTR-K8-000450 - Kubernetes DynamicAuditing must not be enabled - kubeletUnixDISA STIG Kubernetes v1r11
CNTR-K8-000450 - Kubernetes DynamicAuditing must not be enabled - manifestUnixDISA STIG Kubernetes v1r11
CNTR-K8-000460 - Kubernetes DynamicKubeletConfig must not be enabled - kubeletUnixDISA STIG Kubernetes v1r11
CNTR-K8-000460 - Kubernetes DynamicKubeletConfig must not be enabled - manifestUnixDISA STIG Kubernetes v1r11
CNTR-K8-000470 - The Kubernetes API server must have Alpha APIs disabled.UnixDISA STIG Kubernetes v1r11