Detections
Analytics

CCI|CCI-003992

Title

Prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3 OL08-00-010019UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.8 UBTU-22-214010UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III
1.23 RHEL-09-213020UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.43 RHEL-09-214010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.44 RHEL-09-214015UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I
1.45 RHEL-09-214020UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I
1.46 RHEL-09-214025UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I
1.49 RHEL-09-215010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.52 UBTU-24-300001UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III
1.58 OL08-00-010370UnixCIS Oracle Linux 8 STIG v1.0.0 CAT I
1.59 OL08-00-010371UnixCIS Oracle Linux 8 STIG v1.0.0 CAT I
1.60 OL08-00-010372UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.89 APPL-14-002060UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT I
1.92 APPL-14-002064UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT I
ALMA-09-009590 - AlmaLinux OS 9 must check the GPG signature of software packages originating from external software repositories before installation.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
ALMA-09-009700 - AlmaLinux OS 9 must ensure cryptographic verification of vendor software packages.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
ALMA-09-009810 - AlmaLinux OS 9 must check the GPG signature of locally installed software packages before installation.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
ALMA-09-009920 - AlmaLinux OS 9 must check the GPG signature of repository metadata before package installation.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
ALMA-09-010030 - AlmaLinux OS 9 must have GPG signature verification enabled for all software repositories.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
ALMA-09-010140 - AlmaLinux OS 9 must prevent the loading of a new kernel for later execution.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
APPL-14-002060 - The macOS system must apply gatekeeper settings to block applications from unidentified developers.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-14-002064 - The macOS system must enable Gatekeeper.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-15-002060 - The macOS system must apply gatekeeper settings to block applications from unidentified developers.UnixDISA Apple macOS 15 Sequoia STIG v1r5
APPL-15-002064 - The macOS system must enable gatekeeper.UnixDISA Apple macOS 15 Sequoia STIG v1r5
APPL-26-002060 - The macOS system must apply gatekeeper settings to block applications from unidentified developers.UnixDISA Apple macOS 26 Tahoe STIG v1r1
APPL-26-002064 - The macOS system must enable gatekeeper.UnixDISA Apple macOS 26 Tahoe STIG v1r1
AS24-U1-000230 - Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Apache web server.UnixDISA STIG Apache Server 2.4 Unix Server v3r2 Middleware
AS24-U1-000230 - Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Apache web server.UnixDISA STIG Apache Server 2.4 Unix Server v3r2
AZLX-23-000110 - Amazon Linux 2023 must ensure cryptographic verification of vendor software packages.UnixDISA Amazon Linux 2023 STIG v1r1
AZLX-23-000115 - Amazon Linux 2023 must check the GPG signature of locally installed software packages before installation.UnixDISA Amazon Linux 2023 STIG v1r1
AZLX-23-000120 - Amazon Linux 2023 must check the GPG signature of software packages originating from external software repositories before installation.UnixDISA Amazon Linux 2023 STIG v1r1
AZLX-23-000125 - Amazon Linux 2023 must have GPG signature verification enabled for all software repositories.UnixDISA Amazon Linux 2023 STIG v1r1
AZLX-23-002575 - Amazon Linux 2023 must prevent the loading of a new kernel for later execution.UnixDISA Amazon Linux 2023 STIG v1r1
ESXI-80-000133 - The ESXi Image Profile and vSphere Installation Bundle (VIB) acceptance level must be verified.UnixDISA VMware vSphere 8.0 ESXi STIG v2r3 Unix
ESXi: esxi-8.vib-acceptance-level-supportedUnixVMware vSphere Security Configuration and Hardening Guide 8.0 - Bare Metal Host
EX19-ED-000053 - Exchange local machine policy must require signed scripts.WindowsDISA Microsoft Exchange 2019 Edge Server STIG v2r2
EX19-MB-000061 - Exchange local machine policy must require signed scripts.WindowsDISA Microsoft Exchange 2019 Mailbox Server STIG v2r3
O365-AC-000002 - Trust Bar Notifications for unsigned application add-ins in Access must be disabled and blocked.WindowsDISA STIG Microsoft Office 365 ProPlus v3r4
O365-CO-000007 - Trust Bar notifications must be configured to display information in the Message Bar about the content that has been automatically blocked.WindowsDISA STIG Microsoft Office 365 ProPlus v3r4
O365-EX-000028 - Trust Bar notification must be enabled for unsigned application add-ins in Excel and blocked.WindowsDISA STIG Microsoft Office 365 ProPlus v3r4
O365-PR-000002 - Project must automatically disable unsigned add-ins without informing users.WindowsDISA STIG Microsoft Office 365 ProPlus v3r4
O365-PT-000008 - Unsigned add-ins in PowerPoint must be blocked with no Trust Bar Notification to the user.WindowsDISA STIG Microsoft Office 365 ProPlus v3r4
O365-PU-000002 - Publisher must automatically disable unsigned add-ins without informing users.WindowsDISA STIG Microsoft Office 365 ProPlus v3r4
O365-PU-000003 - Publisher must disable all unsigned VBA macros.WindowsDISA STIG Microsoft Office 365 ProPlus v3r4
O365-VI-000003 - Visio must automatically disable unsigned add-ins without informing users.WindowsDISA STIG Microsoft Office 365 ProPlus v3r4
O365-WD-000001 - Word must automatically disable unsigned add-ins without informing users.WindowsDISA STIG Microsoft Office 365 ProPlus v3r4
OL07-00-010019 - The Oracle Linux operating system must ensure cryptographic verification of vendor software packages.UnixDISA Oracle Linux 7 STIG v3r5
OL07-00-010019 - The Oracle Linux operating system must ensure cryptographic verification of vendor software packages.UnixDISA Oracle Linux 7 STIG v3r3
OL07-00-010020 - The Oracle Linux operating system must be configured so that the cryptographic hash of system files and commands matches vendor values.UnixDISA Oracle Linux 7 STIG v3r5
OL07-00-010020 - The Oracle Linux operating system must be configured so that the cryptographic hash of system files and commands matches vendor values.UnixDISA Oracle Linux 7 STIG v3r3