CCI|CCI-001764

Title

The information system prevents program execution in accordance with organization-defined policies regarding software program usage and restrictions, and/or rules authorizing the terms and conditions of software program usage.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.7 Ensure noexec option set on /dev/shm partition - fstabUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.7 Ensure noexec option set on /dev/shm partition - mountUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.8 Ensure nodev option set on /dev/shm partition - fstabUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.8 Ensure nodev option set on /dev/shm partition - mountUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.9 Ensure nosuid option set on /dev/shm partition - fstabUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.9 Ensure nosuid option set on /dev/shm partition - mountUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.022 - Disallow AutoPlay/Autorun from Autorun.infWindowsDISA Windows Vista STIG v6r41
3.059 - The system is configured to autoplay removable media.WindowsDISA Windows Vista STIG v6r41
AIOS-12-003600 - Apple iOS must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-003600 - Apple iOS must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-13-003600 - Apple iOS/iPadOS must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-003600 - Apple iOS/iPadOS must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIX7-00-003025 - AIX must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.UnixDISA STIG AIX 7.x v2r9
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-171
DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - repositoryAccessUnixDISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - team member accessUnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DTOO210 - Excel - Pre-release versions of file formats new to Office Products must be blocked.WindowsDISA STIG Office 2010 Excel v1r11
DTOO210 - PowerPoint - Pre-release versions of file formats new to Office Products must be blocked.WindowsDISA STIG Office 2010 PowerPoint v1r10
DTOO210 - The opening of pre-release versions of file formats new to Excel 2013 must be blocked.WindowsDISA STIG Microsoft Excel 2013 v1r7
DTOO210 - The opening of pre-release versions of file formats new to PowerPoint 2013 through the Compatibility Pack must be blocked.WindowsDISA STIG Microsoft PowerPoint 2013 v1r6
DTOO210 - Word - Pre-release versions of file formats new to Office Products must be blocked.WindowsDISA STIG Office 2010 Word v1r11
GEN002420 - Removable media, remote file systems, and any file system that does not contain approved setuid files must be mounted with the 'nosuid' option - /etc/vfstabUnixDISA STIG Solaris 10 SPARC v2r4
GEN002420 - Removable media, remote file systems, and any file system that does not contain approved setuid files must be mounted with the 'nosuid' option - /etc/vfstabUnixDISA STIG Solaris 10 X86 v2r4
GEN002420 - Removable media, remote file systems, and any file system that does not contain approved setuid files must be mounted with the 'nosuid' option - zfs getUnixDISA STIG Solaris 10 SPARC v2r4
GEN002420 - Removable media, remote file systems, and any file system that does not contain approved setuid files must be mounted with the 'nosuid' option - zfs getUnixDISA STIG Solaris 10 X86 v2r4
Monterey - Enable Parental ControlsUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Enable Parental ControlsUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Enable Parental ControlsUnixNIST macOS Monterey v1.0.0 - 800-171
Monterey - Enable Parental ControlsUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Enable Parental ControlsUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Enable Parental ControlsUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Enable Parental ControlsUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
OL07-00-021024 - The Oracle Linux operating system must mount /dev/shm with secure options.UnixDISA Oracle Linux 7 STIG v2r13
OL08-00-040120 - OL 8 must mount '/dev/shm' with the 'nodev' optionUnixDISA Oracle Linux 8 STIG v1r8
OL08-00-040121 - OL 8 must mount '/dev/shm' with the 'nosuid' optionUnixDISA Oracle Linux 8 STIG v1r8
OL08-00-040122 - OL 8 must mount '/dev/shm' with the 'noexec' optionUnixDISA Oracle Linux 8 STIG v1r8