Theme

CCI|CCI-001233

Title

The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2009

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AOSX-14-000015 - The macOS system must utilize an HBSS solution and implement all DoD required modules.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules.	Unix	DISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules.	Unix	DISA STIG Apple macOS 11 v1r6
APPL-12-000015 - The macOS system must utilize an ESS solution and implement all DoD required modules - ESS and implement all DoD required modules.	Unix	DISA STIG Apple macOS 12 v1r4
Big Sur - Configure Automated Flaw Remediation	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure Automated Flaw Remediation	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure Automated Flaw Remediation	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Automated Flaw Remediation	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure Automated Flaw Remediation	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure Automated Flaw Remediation	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Must Use Host Based Security Solution	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Must Use HBSS	Unix	NIST macOS Catalina v1.5.0 - All Profiles
GEN006480 - The system must have a host-based intrusion detection tool installed.	Unix	DISA STIG Solaris 10 SPARC v2r2
GEN006480 - The system must have a host-based intrusion detection tool installed.	Unix	DISA STIG Solaris 10 X86 v2r2
GEN006480 - The system must have a host-based intrusion detection tool installed.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN008820 - The system package management tool must not automatically obtain updates - /var/spool/cron/atjobs/*	Unix	DISA STIG Solaris 10 SPARC v2r2
GEN008820 - The system package management tool must not automatically obtain updates - /var/spool/cron/atjobs/*	Unix	DISA STIG Solaris 10 X86 v2r2
GEN008820 - The system package management tool must not automatically obtain updates - /var/spool/cron/crontabs/*	Unix	DISA STIG Solaris 10 X86 v2r2
GEN008820 - The system package management tool must not automatically obtain updates - /var/spool/cron/crontabs/*	Unix	DISA STIG Solaris 10 SPARC v2r2
GEN008820 - The system package management tool must not automatically obtain updates.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN008820 - The system package management tool must not automatically obtain updates.	Unix	DISA STIG for Oracle Linux 5 v2r1
Monterey - Configure Automated Flaw Remediation	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Configure Automated Flaw Remediation	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Configure Automated Flaw Remediation	Unix	NIST macOS Monterey v1.0.0 - All Profiles
Monterey - Configure Automated Flaw Remediation	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Configure Automated Flaw Remediation	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Configure Automated Flaw Remediation	Unix	NIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Must Use HBSS	Unix	NIST macOS Monterey v1.0.0 - All Profiles
OL6-00-000011 - System security patches and updates must be installed and up-to-date.	Unix	DISA STIG Oracle Linux 6 v2r6
OL6-00-000285 - The Oracle Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool - mcafeetp package	Unix	DISA STIG Oracle Linux 6 v2r6
OL6-00-000285 - The Oracle Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool - mcafeetp process	Unix	DISA STIG Oracle Linux 6 v2r6
OL07-00-020019 - The Oracle Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool - mcafeetp package	Unix	DISA Oracle Linux 7 STIG v2r9
OL07-00-020019 - The Oracle Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool - mfetpd process	Unix	DISA Oracle Linux 7 STIG v2r9
OL08-00-010001 - The OL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.	Unix	DISA Oracle Linux 8 STIG v1r4
OL08-00-010001 - The OL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.	Unix	DISA Oracle Linux 8 STIG v1r2
RHEL-06-000011 - System security patches and updates must be installed and up-to-date.	Unix	DISA Red Hat Enterprise Linux 6 STIG v2r2
RHEL-08-010001 - The RHEL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.	Unix	DISA Red Hat Enterprise Linux 8 STIG v1r8
SLES-12-010599 - The SUSE operating system must implement the Endpoint Security for Linux Threat Prevention tool - mcafeetp package	Unix	DISA SLES 12 STIG v2r7
SLES-12-010599 - The SUSE operating system must implement the Endpoint Security for Linux Threat Prevention tool - mfetpd process	Unix	DISA SLES 12 STIG v2r7
SLES-15-010001 - The SUSE operating system must implement the Endpoint Security for Linux Threat Prevention tool - installed	Unix	DISA SLES 15 STIG v1r6
SLES-15-010001 - The SUSE operating system must implement the Endpoint Security for Linux Threat Prevention tool - running	Unix	DISA SLES 15 STIG v1r6
UBTU-18-010021 - The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP) - package	Unix	DISA STIG Ubuntu 18.04 LTS v2r8
UBTU-18-010021 - The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP) - service	Unix	DISA STIG Ubuntu 18.04 LTS v2r8
UBTU-20-010415 - The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP) - installed	Unix	DISA STIG Ubuntu 20.04 LTS v1r5
UBTU-20-010415 - The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP) - running	Unix	DISA STIG Ubuntu 20.04 LTS v1r5
WN11-00-000025 - Windows 11 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).	Windows	DISA Windows 11 STIG v1r2
WN12-GE-000023 - Windows Server 2012 / 2012 R2 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP) - CNDSP.	Windows	DISA Windows Server 2012 and 2012 R2 MS STIG v3r5
WN19-00-000290 - Windows Server 2019 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP) - CNDSP.	Windows	DISA Windows Server 2019 STIG v2r5
WN22-00-000290 - Windows Server 2022 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).	Windows	DISA Windows Server 2022 STIG v1r1