Detections
Analytics

CCI|CCI-001812

Title

The information system prohibits user installation of software without explicit privileged status.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.4.4 Ensure boot loader does not allow removable mediaUnixCIS Amazon Linux 2 STIG v2.0.0 STIG
1.4.4 Ensure boot loader does not allow removable mediaUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.10 Ensure system device files are labeled - device_tUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.10 Ensure system device files are labeled - unlabeled_tUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.10 Ensure system device files are labeled.UnixCIS Amazon Linux 2 STIG v2.0.0 STIG
1.150 APPL-14-005080UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
2.2.21 Ensure the TFTP server has not been installedUnixCIS Amazon Linux 2 STIG v2.0.0 STIG
2.2.21 Ensure the TFTP server has not been installed - TFTP server package installed if not required for operational support.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.029 - Print driver installation privilege is not restricted to administrators.WindowsDISA Windows Vista STIG v6r41
4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts.UnixCIS Amazon Linux 2 STIG v2.0.0 L1 Server
4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts.UnixCIS Amazon Linux 2 STIG v2.0.0 STIG
4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts.UnixCIS Amazon Linux 2 STIG v2.0.0 L1 Workstation
5.3.30 Ensure SSH does not permit GSSAPIUnixCIS Amazon Linux 2 STIG v2.0.0 STIG
5.3.30 Ensure SSH does not permit GSSAPI - GSSAPI authentication unless needed.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.31 Ensure SSH does not permit Kerberos authenticationUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.31 Ensure SSH does not permit Kerberos authenticationUnixCIS Amazon Linux 2 STIG v2.0.0 STIG
5.5.9 Ensure local interactive user accounts umask is 077UnixCIS Amazon Linux 2 STIG v2.0.0 STIG
5.5.9 Ensure local interactive user accounts umask is 077UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.060 - Media Player must be configured to prevent automatic checking for updates.WindowsDISA Windows Vista STIG v6r41
5.128 - Search Companion prevented from automatically downloading content updates.WindowsDISA Windows Vista STIG v6r41
5.131 - Windows is prevented from using Windows Update to search for drivers.WindowsDISA Windows Vista STIG v6r41
5.211 - Driver Install - Device Driver Search PromptWindowsDISA Windows Vista STIG v6r41
5.242 - Windows Installer - User ControlWindowsDISA Windows Vista STIG v6r41
5.243 - Windows Installer - Vendor Signed UpdatesWindowsDISA Windows Vista STIG v6r41
5.250 - Unsigned gadgets must not be installed. - TurnOffUnsignedGadgetsWindowsDISA Windows Vista STIG v6r41
5.251 - The More Gadgets link must be disabled.WindowsDISA Windows Vista STIG v6r41
5.252 - User-installed gadgets must be turned off.WindowsDISA Windows Vista STIG v6r41
AOSX-13-362149 - The macOS system must prohibit user installation of software without explicit privileged status.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-002067 - The macOS system must prohibit user installation of software without explicit privileged status.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-002067 - The macOS system must prohibit user installation of software without explicit privileged status.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-002067 - The macOS system must prohibit user installation of software without explicit privileged status.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-002067 - The macOS system must prohibit user installation of software without explicit privileged status.UnixDISA STIG Apple macOS 11 v1r8
APPL-14-005080 - The macOS system must prohibit user installation of software into /users/.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Prohibit User Installation of Software into /Users/UnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - All Profiles
CNTR-R2-001270 - Rancher RKE2 must prohibit the installation of patches, updates, and instantiation of container images without explicit privileged status.UnixDISA Rancher Government Solutions RKE2 STIG v2r3