CCI|CCI-000366

Title

The organization implements the security configuration settings.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements.WindowsDISA Windows Vista STIG v6r41
1.1.2 Ensure /tmp is configured - or equivalent.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.10 Ensure separate partition exists for /varUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.19 Ensure nosuid is set on users' home directories.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.22 Ensure nosuid option set on removable media partitionsUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.23 Ensure noexec option is configured for NFS - NFS.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.24 Ensure nosuid option is set for NFS - NFS.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.26 Ensure all world-writable directories are group-owned.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.27 Disable AutomountingUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.28 Disable USB Storage - /bin/trueUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.28 Disable USB Storage - blacklistUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.2.8 Ensure the version of the operating system is an active vendor supported releaseUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.3 Ensure AIDE is configured to verify ACLs - configUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.3 Ensure AIDE is configured to verify ACLs - installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.4 Ensure AIDE is configured to verify XATTRS - configUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.4 Ensure AIDE is configured to verify XATTRS - installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.5 Ensure AIDE is configured to use FIPS 140-2 - installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.5 Ensure AIDE is configured to use FIPS 140-2 - sha512UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.3 Ensure address space layout randomization (ASLR) is enabled - configUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.6 Ensure the Ctrl-Alt-Delete key sequence is disabled - inactiveUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.6 Ensure the Ctrl-Alt-Delete key sequence is disabled - targetUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.7 Ensure kernel core dumps are disabled.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.8 Ensure DNS is servers are configured - immutableUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.8 Ensure DNS is servers are configured - nameserver 1UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.8 Ensure DNS is servers are configured - nameserver 2UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.8 Ensure DNS is servers are configured - no dnsUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.006 - Users with Administrative privilege are not documented or do not have separate accounts for administrative duties.WindowsDISA Windows Vista STIG v6r41
1.006-01 - Policy must require that administrative user accounts not be used with applications that access the internet.WindowsDISA Windows Vista STIG v6r41
1.007 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.WindowsDISA Windows Vista STIG v6r41
1.8.7 Ensure the graphical user Ctrl-Alt-Delete key sequence is disabledUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.16 Ensure automatic logon via GUI is not allowedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.17 Ensure unrestricted logon is not allowedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - automountUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - automount-openUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - automount-open=falseUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - automount=falseUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - autorun-neverUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - autorun-never=trueUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.9 Ensure updates, patches, and additional security software are installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.013 - System information backups are not created, updated, and protected according to DISA requirements.WindowsDISA Windows Vista STIG v6r41
1.016 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.WindowsDISA Windows Vista STIG v6r41
2.2.2 Ensure X11 Server components are not installed - rpmUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.2 Ensure X11 Server components are not installed - systemctlUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.22 Ensure TFTP daemon is configured to operate in secure mode - TFTP server is required, the TFTP daemon is configured to operate in secure mode.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.005 - Systems must be at supported service packs (SP) or releases levels.WindowsDISA Windows Vista STIG v6r41
2.014 - ACLs for disabled services do not conform to minimum standards.WindowsDISA Windows Vista STIG v6r41
2.019 - Security-related Software Patches are not applied.WindowsDISA Windows Vista STIG v6r41
2.021 - Remove Software Certificate Installation FilesWindowsDISA Windows Vista STIG v6r41