Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-001090
CCI
CCI|CCI-001090
Title
The information system prevents unauthorized and unintended information transfer via shared system resources.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2009
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
2.015 - File share ACLs have not been reconfigured to remove the Everyone group.
Windows
DISA Windows Vista STIG v6r41
3.018 - Anonymous shares are not restricted. - RestrictAnonymous
Windows
DISA Windows Vista STIG v6r41
3.018 - Anonymous shares are not restricted. - RestrictAnonymousSAM
Windows
DISA Windows Vista STIG v6r41
3.063 - Unauthorized named pipes are accessible with anonymous credentials.
Windows
DISA Windows Vista STIG v6r41
3.064 - Unauthorized registry paths are remotely accessible.
Windows
DISA Windows Vista STIG v6r41
3.065 - Unauthorized shares can be accessed anonymously.
Windows
DISA Windows Vista STIG v6r41
3.068 - Solicited Remote Assistance is allowed.
Windows
DISA Windows Vista STIG v6r41
3.072 - The system is not configured to use the Classic security model.
Windows
DISA Windows Vista STIG v6r41
3.082 - The system is configured to allow unsolicited remote assistance offers.
Windows
DISA Windows Vista STIG v6r41
3.108 - Unauthorized registry paths and sub-paths are remotely accessible.
Windows
DISA Windows Vista STIG v6r41
3.116 - Named Pipes and Shares can be accessed anonymously.
Windows
DISA Windows Vista STIG v6r41
5.118 - Terminal Services / Remote Desktop Services - Local drives prevented from sharing with Terminal Servers.
Windows
DISA Windows Vista STIG v6r41
AOSX-13-000240 - The macOS system must enable System Integrity Protection.
Unix
DISA STIG Apple Mac OSX 10.13 v2r5
Big Sur - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
Unix
NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
Unix
NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 High
BIND-9X-000001 - A BIND 9.x server implementation must be running in a chroot(ed) directory structure.
Unix
DISA BIND 9.x STIG v2r2
Catalina - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
Unix
NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
Unix
NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
Unix
NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
Unix
NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
Unix
NIST macOS Catalina v1.5.0 - 800-171
DB2X-00-005600 - Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.
IBM_DB2DB
DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users
IBM_DB2DB
DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users
Windows
DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users
Unix
DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - repositoryAccess
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - team member access
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
EP11-00-005900 - Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.
PostgreSQLDB
EDB PostgreSQL Advanced Server v11 DB Audit v2r2
EP11-00-006100 - Access to database files must be limited to relevant processes and to authorized, administrative users.
Windows
EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r2
GEN002280 - Device files and directories must only be writable by users with a system account or as configured by the vendor.
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002300 - Device files used for backup must only be readable and/or writable by root or the backup user.
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002320 - Audio devices must have mode 0660 or less permissive - '/dev/audio*'
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002320 - Audio devices must have mode 0660 or less permissive - '/dev/snd/*'
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002330 - Audio devices must not have extended ACLs - '/dev/audio*'
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002330 - Audio devices must not have extended ACLs - '/dev/snd/*'
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002340 - Audio devices must be owned by root - '/dev/audio*'
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002340 - Audio devices must be owned by root - '/dev/snd/*'
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002360 - Audio devices must be group-owned by root, sys, bin, or system - '/dev/audio*'
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002360 - Audio devices must be group-owned by root, sys, bin, or system - '/dev/snd/*'
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002420 - Removable media, remote file systems, and any file system not containing approved setuid files must be mounted with the nosuid option - nosuid option.
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002520 - All public directories must be owned by root or an application account.
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002540 - All public directories must be group-owned by root, sys, bin, or an application group.
Unix
DISA STIG for Oracle Linux 5 v2r1