Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-000366
CCI
CCI|CCI-000366
Title
The organization implements the security configuration settings.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2009
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements.
Windows
DISA Windows Server 2008 DC STIG v6r47
1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements.
Windows
DISA Windows 7 STIG v1r32
1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements.
Windows
DISA Windows Vista STIG v6r41
1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements.
Windows
DISA Windows Server 2008 MS STIG v6r46
1.001 - The Automated Information System (AIS) will be physically secured in an access controlled area.
Windows
DISA Windows Server 2008 R2 DC STIG v1r34
1.001 - The Automated Information System (AIS) will be physically secured in an access controlled area.
Windows
DISA Windows Server 2008 R2 MS STIG v1r33
1.006 - Users with Administrative privilege are not documented or do not have separate accounts for administrative duties and normal operational tasks.
Windows
DISA Windows Server 2008 DC STIG v6r47
1.006 - Users with Administrative privilege are not documented or do not have separate accounts for administrative duties and normal operational tasks.
Windows
DISA Windows Server 2008 MS STIG v6r46
1.006 - Users with Administrative privilege are not documented or do not have separate accounts for administrative duties.
Windows
DISA Windows Vista STIG v6r41
1.006 - Users with administrative privilege must be documented and have separate accounts for administrative duties and normal operational tasks.
Windows
DISA Windows 7 STIG v1r32
1.006 - Users with Administrative privilege will be documented and have separate accounts for administrative duties and normal operational tasks.
Windows
DISA Windows Server 2008 R2 DC STIG v1r34
1.006 - Users with Administrative privilege will be documented and have separate accounts for administrative duties and normal operational tasks.
Windows
DISA Windows Server 2008 R2 MS STIG v1r33
1.006-01 - Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.
Windows
DISA Windows Server 2008 R2 DC STIG v1r34
1.006-01 - Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.
Windows
DISA Windows Server 2008 DC STIG v6r47
1.006-01 - Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.
Windows
DISA Windows Server 2008 MS STIG v6r46
1.006-01 - Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.
Windows
DISA Windows Server 2008 R2 MS STIG v1r33
1.006-01 - Policy must require that administrative user accounts not be used with applications that access the internet, such as web browsers, or with potential internet sources, such as email.
Windows
DISA Windows 7 STIG v1r32
1.006-01 - Policy must require that administrative user accounts not be used with applications that access the internet.
Windows
DISA Windows Vista STIG v6r41
1.007 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.
Windows
DISA Windows Vista STIG v6r41
1.007 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.
Windows
DISA Windows Server 2008 DC STIG v6r47
1.007 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.
Windows
DISA Windows 7 STIG v1r32
1.007 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.
Windows
DISA Windows Server 2008 MS STIG v6r46
1.007 - Members of the Backup Operators group will have separate accounts for backup duties and normal operational tasks.
Windows
DISA Windows Server 2008 R2 DC STIG v1r34
1.007 - Members of the Backup Operators group will have separate accounts for backup duties and normal operational tasks.
Windows
DISA Windows Server 2008 R2 MS STIG v1r33
1.013 - System information backups are not created, updated, and protected according to DISA requirements.
Windows
DISA Windows Vista STIG v6r41
1.013 - System information backups are not created, updated, and protected according to DISA requirements.
Windows
DISA Windows Server 2008 MS STIG v6r46
1.013 - System information backups are not created, updated, and protected according to DISA requirements.
Windows
DISA Windows Server 2008 DC STIG v6r47
1.013 - System information backups are not created, updated, and protected according to DISA requirements.
Windows
DISA Windows 7 STIG v1r32
1.013 - System information backups will be created, updated, and protected.
Windows
DISA Windows Server 2008 R2 MS STIG v1r33
1.013 - System information backups will be created, updated, and protected.
Windows
DISA Windows Server 2008 R2 DC STIG v1r34
1.016 - Security configuration tools are not being used to configure platforms for security compliance.
Windows
DISA Windows 7 STIG v1r32
1.016 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.
Windows
DISA Windows Server 2008 MS STIG v6r46
1.016 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.
Windows
DISA Windows Vista STIG v6r41
1.016 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.
Windows
DISA Windows Server 2008 DC STIG v6r47
1.016 - Security configuration tools or equivalent processes will be used to configure platforms for security compliance.
Windows
DISA Windows Server 2008 R2 DC STIG v1r34
1.016 - Security configuration tools or equivalent processes will be used to configure platforms for security compliance.
Windows
DISA Windows Server 2008 R2 MS STIG v1r33
1.024 - System files are not checked for unauthorized changes.
Windows
DISA Windows Server 2008 MS STIG v6r46
1.024 - System files are not checked for unauthorized changes.
Windows
DISA Windows Server 2008 DC STIG v6r47
1.024 - System files will be monitored for unauthorized changes.
Windows
DISA Windows Server 2008 R2 DC STIG v1r34
1.024 - System files will be monitored for unauthorized changes.
Windows
DISA Windows Server 2008 R2 MS STIG v1r33
1.025 - A Server does not have a host-based Intrusion Detection System.
Windows
DISA Windows Server 2008 DC STIG v6r47
1.025 - A Server does not have a host-based Intrusion Detection System.
Windows
DISA Windows Server 2008 MS STIG v6r46
1.025 - Servers will have a host-based Intrusion Detection System.
Windows
DISA Windows Server 2008 R2 DC STIG v1r34
1.025 - Servers will have a host-based Intrusion Detection System.
Windows
DISA Windows Server 2008 R2 MS STIG v1r33
1.029 - Audit logs will be reviewed on a daily basis.
Windows
DISA Windows Server 2008 R2 DC STIG v1r34
1.029 - Audit logs will be reviewed on a daily basis.
Windows
DISA Windows Server 2008 R2 MS STIG v1r33
1.029 - There is no local policy for reviewing audit logs.
Windows
DISA Windows Server 2008 MS STIG v6r46
1.029 - There is no local policy for reviewing audit logs.
Windows
DISA Windows Server 2008 DC STIG v6r47
1.032 - Audit data must be retained for at least one year.
Windows
DISA Windows Server 2008 DC STIG v6r47
1.032 - Audit data must be retained for at least one year.
Windows
DISA Windows Server 2008 R2 DC STIG v1r34
