CCI|CCI-002165

Title

The information system enforces organization-defined discretionary access control policies over defined subjects and objects.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.6.1.3 Ensure SELinux policy is configuredUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.5 Ensure the SELinux mode is enforcingUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.9 Ensure non-privileged users are prevented from executing privileged functionsUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.006 - ACLs for system files and directories do not conform to minimum requirements. - 'C:'WindowsDISA Windows Vista STIG v6r41
2.006 - ACLS FOR SYSTEM FILES AND DIRECTORIES DO NOT CONFORM TO MINIMUM REQUIREMENTS. - 'C:\Program Files'WindowsDISA Windows Vista STIG v6r41
2.006 - ACLS FOR SYSTEM FILES AND DIRECTORIES DO NOT CONFORM TO MINIMUM REQUIREMENTS. - 'C:\Windows'WindowsDISA Windows Vista STIG v6r41
6.1.11 Ensure no unowned files or directories existUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
6.1.12 Ensure no ungrouped files or directories existUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
6.1.15 Ensure the file permissions ownership and group membership of system files and commands match the vendor valuesUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-003020 - AIX must use Trusted Execution (TE) Check policy - CHKEXECUnixDISA STIG AIX 7.x v2r5
AIX7-00-003020 - AIX must use Trusted Execution (TE) Check policy - CHKKERNEXTUnixDISA STIG AIX 7.x v2r5
AIX7-00-003020 - AIX must use Trusted Execution (TE) Check policy - Trusted ExecutionUnixDISA STIG AIX 7.x v2r5
AIX7-00-003098 - AIX must allow admins to send a message to all the users who logged in currently.UnixDISA STIG AIX 7.x v2r5
AIX7-00-003099 - AIX must allow admins to send a message to a user who logged in currently.UnixDISA STIG AIX 7.x v2r5
Big Sur - Allow Administrators to Modify Security Settings and System AttributesUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Allow Administrators to Promote Other Users to Administrator StatusUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Allow Information Transfer with Other Operating SystemsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Allow Administrators to Modify Security Settings and System AttributesUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Allow Administrators to Promote Other Users to Administrator StatusUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Allow Information Transfer with Other Operating SystemsUnixNIST macOS Catalina v1.5.0 - All Profiles
DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - repositoryAccessUnixDISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - team member accessUnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DTOO199 - Changing permissions on rights managed content for users must be enforced.WindowsDISA STIG Microsoft Office System 2013 v2r1
DTOO199 - Office System - Changing permissions on rights managed content for users must be enforced.WindowsDISA STIG Office System 2010 v1r12
DTOO200 - Office must be configured to not allow read with browsers.WindowsDISA STIG Microsoft Office System 2013 v2r1
DTOO200 - Office System - Office must be configured to not allow read with browsers.WindowsDISA STIG Office System 2010 v1r12
GEN000252 - The time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive.UnixDISA STIG Solaris 10 X86 v2r2
GEN000252 - The time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive.UnixDISA STIG Solaris 10 SPARC v2r2
GEN001140 - System files and directories must not have uneven access permissions - /bin/*UnixDISA STIG Solaris 10 SPARC v2r2
GEN001140 - System files and directories must not have uneven access permissions - /bin/*UnixDISA STIG Solaris 10 X86 v2r2
GEN001140 - System files and directories must not have uneven access permissions - /etc/*UnixDISA STIG Solaris 10 SPARC v2r2
GEN001140 - System files and directories must not have uneven access permissions - /etc/*UnixDISA STIG Solaris 10 X86 v2r2
GEN001140 - System files and directories must not have uneven access permissions - /sbin/*UnixDISA STIG Solaris 10 SPARC v2r2
GEN001140 - System files and directories must not have uneven access permissions - /sbin/*UnixDISA STIG Solaris 10 X86 v2r2
GEN001140 - System files and directories must not have uneven access permissions - /usr/bin/*UnixDISA STIG Solaris 10 X86 v2r2
GEN001140 - System files and directories must not have uneven access permissions - /usr/bin/*UnixDISA STIG Solaris 10 SPARC v2r2
GEN001140 - System files and directories must not have uneven access permissions - /usr/sbin/*UnixDISA STIG Solaris 10 X86 v2r2
GEN001140 - System files and directories must not have uneven access permissions - /usr/sbin/*UnixDISA STIG Solaris 10 SPARC v2r2
GEN001140 - System files and directories must not have uneven access permissions - /usr/ucb/*UnixDISA STIG Solaris 10 SPARC v2r2
GEN001140 - System files and directories must not have uneven access permissions - /usr/ucb/*UnixDISA STIG Solaris 10 X86 v2r2
GEN001180 - All network services daemon files must have mode 0755 or less permissive - /usr/sbin/*UnixDISA STIG Solaris 10 SPARC v2r2
GEN001180 - All network services daemon files must have mode 0755 or less permissive - /usr/sbin/*UnixDISA STIG Solaris 10 X86 v2r2
GEN001180 - All network services daemon files must have mode 0755 or less permissive - httpdUnixDISA STIG Solaris 10 X86 v2r2
GEN001180 - All network services daemon files must have mode 0755 or less permissive - httpdUnixDISA STIG Solaris 10 SPARC v2r2
GEN001180 - All network services daemon files must have mode 0755 or less permissive - sshdUnixDISA STIG Solaris 10 SPARC v2r2
GEN001180 - All network services daemon files must have mode 0755 or less permissive - sshdUnixDISA STIG Solaris 10 X86 v2r2
GEN001280 - Manual page files must have mode 0655 or less permissive - /usr/sfw/man/*UnixDISA STIG Solaris 10 SPARC v2r2
GEN001280 - Manual page files must have mode 0655 or less permissive - /usr/sfw/man/*UnixDISA STIG Solaris 10 X86 v2r2
GEN001280 - Manual page files must have mode 0655 or less permissive - /usr/sfw/share/man/*UnixDISA STIG Solaris 10 SPARC v2r2