CCI|CCI-002235

Title

The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.6.1.9 Ensure non-privileged users are prevented from executing privileged functionsUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.023 - Standard user accounts must only have Read permissions to the Winlogon registry key.WindowsDISA Windows Vista STIG v6r41
3.030 - Anonymous access to the registry must be restricted.WindowsDISA Windows Vista STIG v6r41
4.005 - Unapproved Users have access to Debug programs.WindowsDISA Windows Vista STIG v6r41
4.009 - Unauthorized users are granted right to Act as part of the operating system.WindowsDISA Windows Vista STIG v6r41
4.027 - Only administrators responsible for the system must have Administrator rights on the system.WindowsDISA Windows Vista STIG v6r41
6.1.15 Ensure the file permissions ownership and group membership of system files and commands match the vendor valuesUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AS24-U1-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.UnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.UnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U2-000700 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.UnixDISA STIG Apache Server 2.4 Unix Site v2r2
AS24-U2-000700 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.UnixDISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-W1-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.WindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W2-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Catalina - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Catalina v1.5.0 - All Profiles
CNTR-K8-001990 - Kubernetes must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures or the installation of patches and updates.UnixDISA STIG Kubernetes v1r6
DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - repositoryAccessUnixDISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - team member accessUnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DTAVSEL-202 - The nails user and nailsgroup group must be restricted to the least privilege access required for the intended role - groupUnixMcAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6
DTAVSEL-202 - The nails user and nailsgroup group must be restricted to the least privilege access required for the intended role - groupUnixMcAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5
DTAVSEL-202 - The nails user and nailsgroup group must be restricted to the least privilege access required for the intended role - userUnixMcAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5
DTAVSEL-202 - The nails user and nailsgroup group must be restricted to the least privilege access required for the intended role - userUnixMcAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6
DTOO201 - Connection verification of permissions must be enforced.WindowsDISA STIG Microsoft Office System 2013 v2r1
DTOO201 - Connection verification of permissions must be enforced.WindowsDISA STIG Microsoft Office System 2016 v2r2
DTOO201 - Office System - Connection verification of permissions must be enforced.WindowsDISA STIG Office System 2010 v1r12
GOOG-12-012200 - Google Android 12 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)].MDMMobileIron - DISA Google Android 12 COBO v1r1
GOOG-12-012200 - Google Android 12 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)].MDMAirWatch - DISA Google Android 12 COBO v1r1
GOOG-12-012200 - Google Android 12 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)].MDMAirWatch - DISA Google Android 12 COPE v1r1
GOOG-12-012200 - Google Android 12 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)].MDMMobileIron - DISA Google Android 12 COPE v1r1
IIST-SV-000144 - IIS 10.0 web server system files must conform to minimum file permission requirements.WindowsDISA IIS 10.0 Server v2r5
IISW-SV-000144 - IIS 8.5 web server system files must conform to minimum file permission requirements.WindowsDISA IIS 8.5 Server v2r3
JBOS-AS-000475 - The application server must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.UnixDISA RedHat JBoss EAP 6.3 STIG v2r3
MD3X-00-000570 - MongoDB must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.MongoDBDISA STIG MongoDB Enterprise Advanced 3.x v2r1 DB
MD4X-00-001200 - MongoDB must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.MongoDBDISA STIG MongoDB Enterprise Advanced 4.x v1r1 DB
Monterey - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Configure the System to Block Non-Privileged Users from Executing Privileged FunctionsUnixNIST macOS Monterey v1.0.0 - 800-53r4 High