CCI|CCI-001233

Title

The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AOSX-14-000015 - The macOS system must utilize an HBSS solution and implement all DoD required modules.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules.UnixDISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules.UnixDISA STIG Apple macOS 11 v1r6
APPL-12-000015 - The macOS system must utilize an ESS solution and implement all DoD required modules - ESS and implement all DoD required modules.UnixDISA STIG Apple macOS 12 v1r4
Big Sur - Configure Automated Flaw RemediationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure Automated Flaw RemediationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure Automated Flaw RemediationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Automated Flaw RemediationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure Automated Flaw RemediationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure Automated Flaw RemediationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Must Use Host Based Security SolutionUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Must Use HBSSUnixNIST macOS Catalina v1.5.0 - All Profiles
GEN006480 - The system must have a host-based intrusion detection tool installed.UnixDISA STIG Solaris 10 SPARC v2r2
GEN006480 - The system must have a host-based intrusion detection tool installed.UnixDISA STIG Solaris 10 X86 v2r2
GEN006480 - The system must have a host-based intrusion detection tool installed.UnixDISA STIG for Oracle Linux 5 v2r1
GEN008820 - The system package management tool must not automatically obtain updates - /var/spool/cron/atjobs/*UnixDISA STIG Solaris 10 SPARC v2r2
GEN008820 - The system package management tool must not automatically obtain updates - /var/spool/cron/atjobs/*UnixDISA STIG Solaris 10 X86 v2r2
GEN008820 - The system package management tool must not automatically obtain updates - /var/spool/cron/crontabs/*UnixDISA STIG Solaris 10 X86 v2r2
GEN008820 - The system package management tool must not automatically obtain updates - /var/spool/cron/crontabs/*UnixDISA STIG Solaris 10 SPARC v2r2
GEN008820 - The system package management tool must not automatically obtain updates.UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN008820 - The system package management tool must not automatically obtain updates.UnixDISA STIG for Oracle Linux 5 v2r1
Monterey - Configure Automated Flaw RemediationUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Configure Automated Flaw RemediationUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Configure Automated Flaw RemediationUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Configure Automated Flaw RemediationUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Configure Automated Flaw RemediationUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Configure Automated Flaw RemediationUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Must Use HBSSUnixNIST macOS Monterey v1.0.0 - All Profiles
OL6-00-000011 - System security patches and updates must be installed and up-to-date.UnixDISA STIG Oracle Linux 6 v2r6
OL6-00-000285 - The Oracle Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool - mcafeetp packageUnixDISA STIG Oracle Linux 6 v2r6
OL6-00-000285 - The Oracle Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool - mcafeetp processUnixDISA STIG Oracle Linux 6 v2r6
OL07-00-020019 - The Oracle Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool - mcafeetp packageUnixDISA Oracle Linux 7 STIG v2r9
OL07-00-020019 - The Oracle Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool - mfetpd processUnixDISA Oracle Linux 7 STIG v2r9
OL08-00-010001 - The OL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.UnixDISA Oracle Linux 8 STIG v1r4
OL08-00-010001 - The OL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.UnixDISA Oracle Linux 8 STIG v1r2
RHEL-06-000011 - System security patches and updates must be installed and up-to-date.UnixDISA Red Hat Enterprise Linux 6 STIG v2r2
RHEL-08-010001 - The RHEL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.UnixDISA Red Hat Enterprise Linux 8 STIG v1r8
SLES-12-010599 - The SUSE operating system must implement the Endpoint Security for Linux Threat Prevention tool - mcafeetp packageUnixDISA SLES 12 STIG v2r7
SLES-12-010599 - The SUSE operating system must implement the Endpoint Security for Linux Threat Prevention tool - mfetpd processUnixDISA SLES 12 STIG v2r7
SLES-15-010001 - The SUSE operating system must implement the Endpoint Security for Linux Threat Prevention tool - installedUnixDISA SLES 15 STIG v1r6
SLES-15-010001 - The SUSE operating system must implement the Endpoint Security for Linux Threat Prevention tool - runningUnixDISA SLES 15 STIG v1r6
UBTU-18-010021 - The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP) - packageUnixDISA STIG Ubuntu 18.04 LTS v2r8
UBTU-18-010021 - The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP) - serviceUnixDISA STIG Ubuntu 18.04 LTS v2r8
UBTU-20-010415 - The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP) - installedUnixDISA STIG Ubuntu 20.04 LTS v1r5
UBTU-20-010415 - The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP) - runningUnixDISA STIG Ubuntu 20.04 LTS v1r5
WN11-00-000025 - Windows 11 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).WindowsDISA Windows 11 STIG v1r2
WN12-GE-000023 - Windows Server 2012 / 2012 R2 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP) - CNDSP.WindowsDISA Windows Server 2012 and 2012 R2 MS STIG v3r5
WN19-00-000290 - Windows Server 2019 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP) - CNDSP.WindowsDISA Windows Server 2019 STIG v2r5
WN22-00-000290 - Windows Server 2022 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).WindowsDISA Windows Server 2022 STIG v1r1