CCI|CCI-002233

Title

Prevent the organization-defined software from executing at higher privilege levels than users executing the software.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r4
AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r4
AIOS-16-009700 - Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data.MDMAirWatch - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-009700 - Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data.MDMMobileIron - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1
AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1
AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1
AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1
AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIOS-18-009700 - Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-009700 - Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 18 v1r1
Big Sur - Prevent Software From Executing at Higher Privilege Levels than Users Executing The SoftwareUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Prevent Software From Executing at Higher Privilege Levels than Users Executing The SoftwareUnixNIST macOS Catalina v1.5.0 - All Profiles
DKER-EE-003200 - Docker Enterprise images must be built with the USER instruction to prevent containers from running as root.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r2
GEN000920 - The root account's home directory (other than /) must have mode 0700.UnixDISA STIG Solaris 10 X86 v2r4
GEN000920 - The root account's home directory (other than /) must have mode 0700.UnixDISA STIG Solaris 10 SPARC v2r4
Monterey - Prevent Software From Executing at Higher Privilege Levels than Users Executing The SoftwareUnixNIST macOS Monterey v1.0.0 - All Profiles
MYS8-00-010600 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.MySQLDBDISA Oracle MySQL 8.0 v2r2 DB
SQL6-D0-002900 - Execution of stored procedures and functions that utilize execute as must be restricted to necessary cases only.MS_SQLDBDISA STIG SQL Server 2016 Database Audit v3r2
SQL6-D0-010500 - Use of credentials and proxies must be restricted to necessary cases only.MS_SQLDBDISA STIG SQL Server 2016 Instance DB Audit v3r2
SQL6-D0-016400 - Execution of startup stored procedures must be restricted to necessary cases only.MS_SQLDBDISA STIG SQL Server 2016 Instance DB Audit v3r2