Detections
Analytics

CCI|CCI-003992

Title

Prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3 OL08-00-010019UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.8 UBTU-22-214010UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III
1.23 RHEL-09-213020UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.43 RHEL-09-214010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.44 RHEL-09-214015UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I
1.45 RHEL-09-214020UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I
1.46 RHEL-09-214025UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I
1.49 RHEL-09-215010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.52 UBTU-24-300001UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III
1.58 OL08-00-010370UnixCIS Oracle Linux 8 STIG v1.0.0 CAT I
1.59 OL08-00-010371UnixCIS Oracle Linux 8 STIG v1.0.0 CAT I
1.60 OL08-00-010372UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.89 APPL-14-002060UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT I
1.92 APPL-14-002064UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT I
ALMA-09-009590 - AlmaLinux OS 9 must check the GPG signature of software packages originating from external software repositories before installation.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r3
ALMA-09-009700 - AlmaLinux OS 9 must ensure cryptographic verification of vendor software packages.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r3
ALMA-09-009810 - AlmaLinux OS 9 must check the GPG signature of locally installed software packages before installation.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r3
ALMA-09-009920 - AlmaLinux OS 9 must check the GPG signature of repository metadata before package installation.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r3
ALMA-09-010030 - AlmaLinux OS 9 must have GPG signature verification enabled for all software repositories.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r3
ALMA-09-010140 - AlmaLinux OS 9 must prevent the loading of a new kernel for later execution.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r3
APPL-14-002060 - The macOS system must apply gatekeeper settings to block applications from unidentified developers.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-002064 - The macOS system must enable Gatekeeper.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-15-002060 - The macOS system must apply gatekeeper settings to block applications from unidentified developers.UnixDISA Apple macOS 15 (Sequoia) STIG v1r4
APPL-15-002064 - The macOS system must enable gatekeeper.UnixDISA Apple macOS 15 (Sequoia) STIG v1r4
AS24-U1-000230 - Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Apache web server.UnixDISA STIG Apache Server 2.4 Unix Server v3r2 Middleware
AS24-U1-000230 - Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Apache web server.UnixDISA STIG Apache Server 2.4 Unix Server v3r2
ESXI-80-000133 - The ESXi Image Profile and vSphere Installation Bundle (VIB) acceptance level must be verified.UnixDISA VMware vSphere 8.0 ESXi STIG v2r3 Unix
ESXi: esxi-8.vib-acceptance-level-supportedUnixVMware vSphere Security Configuration and Hardening Guide 8.0 - Bare Metal Host
EX19-ED-000053 - Exchange local machine policy must require signed scripts.WindowsDISA Microsoft Exchange 2019 Edge Server STIG v2r2
EX19-MB-000061 - Exchange local machine policy must require signed scripts.WindowsDISA Microsoft Exchange 2019 Mailbox Server STIG v2r2
O365-AC-000002 - Trust Bar Notifications for unsigned application add-ins in Access must be disabled and blocked.WindowsDISA STIG Microsoft Office 365 ProPlus v3r3
O365-CO-000007 - Trust Bar notifications must be configured to display information in the Message Bar about the content that has been automatically blocked.WindowsDISA STIG Microsoft Office 365 ProPlus v3r3
O365-EX-000028 - Trust Bar notification must be enabled for unsigned application add-ins in Excel and blocked.WindowsDISA STIG Microsoft Office 365 ProPlus v3r3
O365-PR-000002 - Project must automatically disable unsigned add-ins without informing users.WindowsDISA STIG Microsoft Office 365 ProPlus v3r3
O365-PT-000008 - Unsigned add-ins in PowerPoint must be blocked with no Trust Bar Notification to the user.WindowsDISA STIG Microsoft Office 365 ProPlus v3r3
O365-PU-000002 - Publisher must automatically disable unsigned add-ins without informing users.WindowsDISA STIG Microsoft Office 365 ProPlus v3r3
O365-PU-000003 - Publisher must disable all unsigned VBA macros.WindowsDISA STIG Microsoft Office 365 ProPlus v3r3
O365-VI-000003 - Visio must automatically disable unsigned add-ins without informing users.WindowsDISA STIG Microsoft Office 365 ProPlus v3r3
O365-WD-000001 - Word must automatically disable unsigned add-ins without informing users.WindowsDISA STIG Microsoft Office 365 ProPlus v3r3
OL07-00-010019 - The Oracle Linux operating system must ensure cryptographic verification of vendor software packages.UnixDISA Oracle Linux 7 STIG v3r3
OL07-00-010020 - The Oracle Linux operating system must be configured so that the cryptographic hash of system files and commands matches vendor values.UnixDISA Oracle Linux 7 STIG v3r3
OL08-00-010019 - OL 8 must ensure cryptographic verification of vendor software packages.UnixDISA Oracle Linux 8 STIG v2r5
OL08-00-010370 - YUM must be configured to prevent the installation of patches, service packs, device drivers, or OL 8 system components that have not been digitally signed using a certificate that is recognized and approved by the organization.UnixDISA Oracle Linux 8 STIG v2r5
OL08-00-010372 - OL 8 must prevent the loading of a new kernel for later execution.UnixDISA Oracle Linux 8 STIG v2r5
OL09-00-000330 - OL 9 must have the subscription-manager package installed.UnixDISA Oracle Linux 9 STIG v1r2
OL09-00-000496 - OL 9 must check the GPG signature of locally installed software packages before installation.UnixDISA Oracle Linux 9 STIG v1r2
OL09-00-000497 - OL 9 must check the GPG signature of software packages originating from external software repositories before installation.UnixDISA Oracle Linux 9 STIG v1r2
OL09-00-000498 - OL 9 must have GPG signature verification enabled for all software repositories.UnixDISA Oracle Linux 9 STIG v1r2
OL09-00-000499 - OL 9 must ensure cryptographic verification of vendor software packages.UnixDISA Oracle Linux 9 STIG v1r2
OL09-00-002428 - OL 9 must prevent the loading of a new kernel for later execution.UnixDISA Oracle Linux 9 STIG v1r2