CCI|CCI-000382

Title

The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2009

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
3.5.3.2.3 Ensure iptables rules exist for all open ports - PPSM CLSA and vulnerability assessments.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-003088 - If Stream Control Transmission Protocol (SCTP) must be disabled on AIX.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-003089 - The Reliable Datagram Sockets (RDS) protocol must be disabled on AIX.	Unix	DISA STIG AIX 7.x v2r9
AMLS-NM-000210 - The Arista Multilayer Switch must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r3
AOSX-13-000530 - The macOS system must be configured to disable sending diagnostic and usage data to Apple.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000975 - The macOS system must be configured to disable Remote Apple Events.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-002022 - The macOS system must be configured to disable Remote Apple Events.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-002022 - The macOS system must be configured to disable Remote Apple Events.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-002022 - The macOS system must be configured to disable Remote Apple Events.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-002022 - The macOS system must be configured to disable Remote Apple Events.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-12-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple.	Unix	DISA STIG Apple macOS 12 v1r8
APPL-12-002022 - The macOS system must be configured to disable Remote Apple Events.	Unix	DISA STIG Apple macOS 12 v1r8
APPL-13-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple.	Unix	DISA STIG Apple macOS 13 v1r3
APPL-13-002022 - The macOS system must be configured to disable Remote Apple Events.	Unix	DISA STIG Apple macOS 13 v1r3
ARST-ND-000340 - The Arista network device must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.	Arista	DISA STIG Arista MLS EOS 4.2x NDM v1r1
AS24-U1-000360 - The Apache web server must be configured to use a specified IP address and port	Unix	DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000360 - The Apache web server must be configured to use a specified IP address and port	Unix	DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U2-000360 - The Apache web server must be configured to use a specified IP address and port.	Unix	DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-U2-000360 - The Apache web server must be configured to use a specified IP address and port.	Unix	DISA STIG Apache Server 2.4 Unix Site v2r4
AS24-W1-000360 - The Apache web server must be configured to use a specified IP address and port - IP or Port Only	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000360 - The Apache web server must be configured to use a specified IP address and port - Zero IPs Only	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000360 - The Apache web server must be configured to use a specified IP address and port - IP or Port Only	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000360 - The Apache web server must be configured to use a specified IP address and port - Zero IPs Only	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Disable Remote Apple Events	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable Remote Apple Events	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable Remote Apple Events	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable Remote Apple Events	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable Remote Apple Events	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable Remote Apple Events	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable Remote Apple Events	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable Remote Apple Events	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable Remote Apple Events	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
BIND-9X-001053 - The BIND 9.x server implementation must be configured to use only approved ports and protocols.	Unix	DISA BIND 9.x STIG v2r2
CASA-ND-000430 - The Cisco ASA must be configured to prohibit the use of all unnecessary and/or non-secure functions, ports, protocols, and/or services - HTTP	Cisco	DISA STIG Cisco ASA NDM v1r6
CASA-ND-000430 - The Cisco ASA must be configured to prohibit the use of all unnecessary and/or non-secure functions, ports, protocols, and/or services - Telnet	Cisco	DISA STIG Cisco ASA NDM v1r6
CASA-VN-000160 - The Cisco ASA must be configured to use Internet Key Exchange v2 (IKEv2) for all IPsec security associations - Interface	Cisco	DISA STIG Cisco ASA VPN v1r3
CASA-VN-000160 - The Cisco ASA must be configured to use Internet Key Exchange v2 (IKEv2) for all IPsec security associations - IPsec Phase	Cisco	DISA STIG Cisco ASA VPN v1r3

Detections

Analytics

CCI|CCI-000382

Title

Reference Item Details

Audit Items