CCI|CCI-001090

Title

The information system prevents unauthorized and unintended information transfer via shared system resources.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2009

Audit Items

Name	Plugin	Audit Name
2.015 - File share ACLs have not been reconfigured to remove the Everyone group.	Windows	DISA Windows Vista STIG v6r41
3.018 - Anonymous shares are not restricted. - RestrictAnonymous	Windows	DISA Windows Vista STIG v6r41
3.018 - Anonymous shares are not restricted. - RestrictAnonymousSAM	Windows	DISA Windows Vista STIG v6r41
3.063 - Unauthorized named pipes are accessible with anonymous credentials.	Windows	DISA Windows Vista STIG v6r41
3.064 - Unauthorized registry paths are remotely accessible.	Windows	DISA Windows Vista STIG v6r41
3.065 - Unauthorized shares can be accessed anonymously.	Windows	DISA Windows Vista STIG v6r41
3.068 - Solicited Remote Assistance is allowed.	Windows	DISA Windows Vista STIG v6r41
3.072 - The system is not configured to use the Classic security model.	Windows	DISA Windows Vista STIG v6r41
3.082 - The system is configured to allow unsolicited remote assistance offers.	Windows	DISA Windows Vista STIG v6r41
3.108 - Unauthorized registry paths and sub-paths are remotely accessible.	Windows	DISA Windows Vista STIG v6r41
3.116 - Named Pipes and Shares can be accessed anonymously.	Windows	DISA Windows Vista STIG v6r41
5.118 - Terminal Services / Remote Desktop Services - Local drives prevented from sharing with Terminal Servers.	Windows	DISA Windows Vista STIG v6r41
AOSX-13-000240 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
Big Sur - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
BIND-9X-000001 - A BIND 9.x server implementation must be running in a chroot(ed) directory structure.	Unix	DISA BIND 9.x STIG v2r2
Catalina - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources	Unix	NIST macOS Catalina v1.5.0 - 800-171
Catalina - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
DB2X-00-005600 - Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users	Unix	DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users	Windows	DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - repositoryAccess	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - team member access	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
EP11-00-005900 - Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.	PostgreSQLDB	EDB PostgreSQL Advanced Server v11 DB Audit v2r2
EP11-00-006100 - Access to database files must be limited to relevant processes and to authorized, administrative users.	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r2
GEN002280 - Device files and directories must only be writable by users with a system account or as configured by the vendor.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002300 - Device files used for backup must only be readable and/or writable by root or the backup user.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002320 - Audio devices must have mode 0660 or less permissive - '/dev/audio*'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002320 - Audio devices must have mode 0660 or less permissive - '/dev/snd/*'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002330 - Audio devices must not have extended ACLs - '/dev/audio*'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002330 - Audio devices must not have extended ACLs - '/dev/snd/*'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002340 - Audio devices must be owned by root - '/dev/audio*'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002340 - Audio devices must be owned by root - '/dev/snd/*'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002360 - Audio devices must be group-owned by root, sys, bin, or system - '/dev/audio*'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002360 - Audio devices must be group-owned by root, sys, bin, or system - '/dev/snd/*'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002420 - Removable media, remote file systems, and any file system not containing approved setuid files must be mounted with the nosuid option - nosuid option.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002520 - All public directories must be owned by root or an application account.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002540 - All public directories must be group-owned by root, sys, bin, or an application group.	Unix	DISA STIG for Oracle Linux 5 v2r1

Detections

Analytics

CCI|CCI-001090

Title

Reference Item Details

Audit Items