CCI|CCI-001762

Title

The organization disables organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
APPNET0075 - Disable TLS RC4 cipher in .NetWindowsDISA STIG for Microsoft Dot Net Framework 4.0 v2r2
APPNET0075 - Disable TLS RC4 cipher in .Net - Wow6432NodeWindowsDISA STIG for Microsoft Dot Net Framework 4.0 v2r2
AS24-U1-000780 - The Apache web server must prohibit or restrict the use of nonsecure or unnecessary ports, protocols, modules, and/or services.UnixDISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000780 - The Apache web server must prohibit or restrict the use of nonsecure or unnecessary ports, protocols, modules, and/or services.UnixDISA STIG Apache Server 2.4 Unix Server v2r6
AS24-W2-000780 - The Apache web server must prohibit or restrict the use of nonsecure or unnecessary ports, protocols, modules, and/or services.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
DB2X-00-008300 - DB2 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidanceWindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-008300 - DB2 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidanceUnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DKER-EE-001050 - TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r1
DKER-EE-003560 - Docker Enterprise network ports on all running containers must be limited to what is needed.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r1
DTBC-0074 - Use of the QUIC protocol must be disabled.WindowsDISA STIG Google Chrome v2r9
EP11-00-008700 - The EDB Postgres Advanced Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r2
EX13-CA-000130 - Exchange services must be documented and unnecessary services must be removed or disabled.WindowsDISA Microsoft Exchange 2013 Client Access Server STIG v2r1
EX13-EG-000305 - Exchange services must be documented and unnecessary services must be removed or disabled.WindowsDISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5
EX13-MB-000300 - Exchange services must be documented and unnecessary services must be removed or disabled.WindowsDISA Microsoft Exchange 2013 Mailbox Server STIG v2r2
EX16-ED-000610 - Exchange services must be documented and unnecessary services must be removed or disabled.WindowsDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5
EX16-MB-000600 - Exchange services must be documented and unnecessary services must be removed or disabled.WindowsDISA Microsoft Exchange 2016 Mailbox Server STIG v2r6
IIST-SI-000239 - The IIS 10.0 websites must use ports, protocols, and services according to Ports, Protocols, and Services Management (PPSM) guidelines.WindowsDISA IIS 10.0 Site v2r9
IIST-SV-000148 - The IIS 10.0 web server must not be running on a system providing any other role.WindowsDISA IIS 10.0 Server v2r10
IIST-SV-000149 - The Internet Printing Protocol (IPP) must be disabled on the IIS 10.0 web serverWindowsDISA IIS 10.0 Server v2r10
IISW-SI-000239 - The IIS 8.5 websites must utilize ports, protocols, and services according to PPSM guidelines.WindowsDISA IIS 8.5 Site v2r9
IISW-SV-000148 - The IIS 8.5 web server must not be running on a system providing any other role.WindowsDISA IIS 8.5 Server v2r7
IISW-SV-000149 - The Internet Printing Protocol (IPP) must be disabled on the IIS 8.5 web server - IPP must be disabled on the IIS 8.5 web serverWindowsDISA IIS 8.5 Server v2r7
MADB-10-008100 - MariaDB must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.MySQLDBDISA MariaDB Enterprise 10.x v1r2 DB
MYS8-00-009000 - The MySQL Database Server 8.0 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidanceMySQLDBDISA Oracle MySQL 8.0 v1r4 DB
PGS9-00-000100 - PostgreSQL must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.PostgreSQLDBDISA STIG PostgreSQL 9.x on RHEL DB v2r3
PPS9-00-008700 - The EDB Postgres Advanced Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance - PortUnixEDB PostgreSQL Advanced Server OS Linux Audit v2r2
PPS9-00-008700 - The EDB Postgres Advanced Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance - SSLUnixEDB PostgreSQL Advanced Server OS Linux Audit v2r2
SQL4-00-034200 - SQL Server must disable communication protocols not required for operation.WindowsDISA STIG SQL Server 2014 Instance OS Audit v2r3
SQL6-D0-011900 - SQL Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.MS_SQLDBDISA STIG SQL Server 2016 Instance DB Audit v2r11
VCEM-67-000029 - ESX Agent Manager must be configured with the appropriate ports.UnixDISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-70-000031 - ESX Agent Manager must be configured with the appropriate ports.UnixDISA STIG VMware vSphere 7.0 EAM Tomcat v1r2
VCFL-67-000028 - vSphere Client must be configured with the appropriate ports.UnixDISA STIG VMware vSphere 6.7 Virgo Client v1r2
VCLU-70-000029 - Lookup Service must be configured with the appropriate ports.UnixDISA STIG VMware vSphere 7.0 Lookup Service v1r2
VCPF-67-000028 - Performance Charts must be configured with the appropriate ports - httpUnixDISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3
VCPF-67-000028 - Performance Charts must be configured with the appropriate ports - httpsUnixDISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3
VCPF-70-000031 - Performance Charts must be configured with the appropriate ports.UnixDISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1
VCPG-70-000008 - VMware Postgres must be configured to use the correct port.UnixDISA STIG VMware vSphere 7.0 PostgreSQL v1r2
VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - httpUnixDISA STIG VMware vSphere 6.7 STS Tomcat v1r3
VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - httpsUnixDISA STIG VMware vSphere 6.7 STS Tomcat v1r3
VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - localhost.httpsUnixDISA STIG VMware vSphere 6.7 STS Tomcat v1r3
VCST-70-000028 - The Security Token Service must be configured with the appropriate ports. - ssl-clientauth.httpsUnixDISA STIG VMware vSphere 7.0 STS Tomcat v1r2
VCUI-67-000028 - vSphere UI must be configured with the appropriate ports - httpUnixDISA STIG VMware vSphere 6.7 UI Tomcat v1r3
VCUI-67-000028 - vSphere UI must be configured with the appropriate ports - httpsUnixDISA STIG VMware vSphere 6.7 UI Tomcat v1r3
VCUI-67-000028 - vSphere UI must be configured with the appropriate ports - proxyUnixDISA STIG VMware vSphere 6.7 UI Tomcat v1r3
VCUI-70-000030 - vSphere UI must be configured with the appropriate ports.UnixDISA STIG VMware vSphere 7.0 vCA UI v1r2