Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-001084
CCI
CCI|CCI-001084
Title
The information system isolates security functions from nonsecurity functions.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2009
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
3.130 - User Account Control - Behavior of elevation prompt for administrators
Windows
DISA Windows Vista STIG v6r41
3.132 - User Account Control - Detect Application Installations
Windows
DISA Windows Vista STIG v6r41
3.134 - User Account Control - Elevate UIAccess applications that are in secure locations
Windows
DISA Windows Vista STIG v6r41
3.135 - User Account Control - Switch to secure desktop
Windows
DISA Windows Vista STIG v6r41
3.136 - User Account Control - Non UAC Compliant Application Virtualization
Windows
DISA Windows Vista STIG v6r41
3.141 - User Account Control - Executable Elevation
Windows
DISA Windows Vista STIG v6r41
5.132 - Require username and password to elevate a running application.
Windows
DISA Windows Vista STIG v6r41
AS24-U2-000580 - The Apache web server document directory must be in a separate partition from the Apache web servers system files.
Unix
DISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000580 - The Apache web server document directory must be in a separate partition from the Apache web servers system files.
Unix
DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-W1-000580 - The Apache web server document directory must be in a separate partition from the Apache web servers system files.
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000580 - The Apache web server document directory must be in a separate partition from the Apache web servers system files.
Windows
DISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Configure the System to Separate User and System Functionality - isolate
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure the System to Separate User and System Functionality - isolate
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure the System to Separate User and System Functionality - isolate
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Configure the System to Separate User and System Functionality - isolate
Unix
NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure the System to Separate User and System Functionality - isolate
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure the System to Separate User and System Functionality - isolate
Unix
NIST macOS Catalina v1.5.0 - All Profiles
CNTR-K8-001620 - Kubernetes Kubelet must enable kernel protection.
Unix
DISA STIG Kubernetes v1r11
DB2X-00-005500 - DB2 must isolate security functions from non-security functions
IBM_DB2DB
DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DTBI356-IE11 - The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.
Windows
DISA STIG IE 11 v2r4
DTBI485-IE11 - Protected Mode must be enforced (Internet zone).
Windows
DISA STIG IE 11 v2r4
DTBI490-IE11 - Protected Mode must be enforced (Restricted Sites zone).
Windows
DISA STIG IE 11 v2r4
DTBI610-IE11 - Internet Explorer Processes for Zone Elevation must be enforced (Reserved).
Windows
DISA STIG IE 11 v2r4
DTBI612-IE11 - Internet Explorer Processes for Zone Elevation must be enforced (Explorer).
Windows
DISA STIG IE 11 v2r4
DTBI614-IE11 - Internet Explorer Processes for Zone Elevation must be enforced (iexplore).
Windows
DISA STIG IE 11 v2r4
EP11-00-005800 - The EDB Postgres Advanced Server must isolate security functions from non-security functions.
PostgreSQLDB
EDB PostgreSQL Advanced Server v11 DB Audit v2r3
IIST-SI-000224 - The IIS 10.0 website document directory must be in a separate partition from the IIS 10.0 websites system files.
Windows
DISA IIS 10.0 Site v2r9
IISW-SI-000224 - The IIS 8.5 website document directory must be in a separate partition from the IIS 8.5 websites system files.
Windows
DISA IIS 8.5 Site v2r9
MD3X-00-000390 - MongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).
MongoDB
DISA STIG MongoDB Enterprise Advanced 3.x v2r1 DB
Monterey - Configure the System to Separate User and System Functionality - isolate
Unix
NIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Configure the System to Separate User and System Functionality - isolate
Unix
NIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Configure the System to Separate User and System Functionality - isolate
Unix
NIST macOS Monterey v1.0.0 - All Profiles
MYS8-00-006500 - The MySQL Database Server 8.0 must isolate security functions from non-security functions.
MySQLDB
DISA Oracle MySQL 8.0 v1r5 DB
O112-C2-004100 - Administrators must utilize a separate, distinct administrative account when performing administrative activities, accessing database security functions, or accessing security-relevant information.
OracleDB
DISA STIG Oracle 11.2g v2r3 Database
O112-C2-018500 - The DBMS must isolate security functions from non-security functions by means of separate security domains.
OracleDB
DISA STIG Oracle 11.2g v2r3 Database
O121-C2-004100 - Administrators must utilize a separate, distinct administrative account when performing administrative activities, accessing database security functions, or accessing security-relevant information.
OracleDB
DISA STIG Oracle 12c v2r9 Database
O121-C2-018500 - The DBMS must isolate security functions from nonsecurity functions by means of separate security domains.
OracleDB
DISA STIG Oracle 12c v2r9 Database
OH12-1X-000281 - OHS must have the DocumentRoot directive set to a separate partition from the OHS system files.
Unix
DISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000282 - OHS must have the Directory directive accompanying the DocumentRoot directive set to a separate partition from the OHS system files.
Unix
DISA STIG Oracle HTTP Server 12.1.3 v2r2
OL08-00-010170 - OL 8 must use a Linux Security Module configured to enforce limits on system services.
Unix
DISA Oracle Linux 8 STIG v1r9
OL08-00-010171 - OL 8 must have the 'policycoreutils' package installed.
Unix
DISA Oracle Linux 8 STIG v1r9
OL08-00-010421 - OL 8 must clear the page allocator to prevent use-after-free attacks.
Unix
DISA Oracle Linux 8 STIG v1r9
OL08-00-010422 - OL 8 must disable virtual syscalls.
Unix
DISA Oracle Linux 8 STIG v1r9
OL08-00-010423 - OL 8 must clear SLUB/SLAB objects to prevent use-after-free attacks.
Unix
DISA Oracle Linux 8 STIG v1r9
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - df+ custom tables
Unix
DISA STIG PostgreSQL 9.x on RHEL OS v2r3
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - df+ information_schema
Unix
DISA STIG PostgreSQL 9.x on RHEL OS v2r3
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - df+ pg_catalog
Unix
DISA STIG PostgreSQL 9.x on RHEL OS v2r3
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - dp custom tables
Unix
DISA STIG PostgreSQL 9.x on RHEL OS v2r3
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - dp information_schema
Unix
DISA STIG PostgreSQL 9.x on RHEL OS v2r3
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - dp pg_catalog
Unix
DISA STIG PostgreSQL 9.x on RHEL OS v2r3
