Detections
Analytics

CSCv6|2.2

Title

Deploy application whitelisting technology that allows systems to run software only if it is included on the whitelist.

Description

Deploy application whitelisting technology that allows systems to run software only if it is included on the whitelist and prevents execution of all other software on the system. The whitelist may be very extensive (as is available from commercial whitelist vendors), so that users are not inconvenienced when using common software. Or, for some special-purpose systems (which require only a small number of programs to achieve their needed business functionality), the whitelist may be quite narrow.

Reference Item Details

Category: Inventory of Authorized and Unauthorized Software

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.3.1.5 Set 'Turn off the Windows Messenger Customer Experience Improvement Program' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.1.6 Set 'Turn off Search Companion content file updates' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.1.9 Set 'Turn off printing over HTTP' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.13 Configure 'Allow all trusted apps to install'WindowsCIS Windows 8 L1 v1.0.0
1.3.1 Ensure AIDE is installedUnixCIS Aliyun Linux 2 L1 v1.0.0
1.3.1 Ensure AIDE is installedUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.3.1 Ensure AIDE is installedUnixCIS Debian 9 Server L1 v1.0.1
1.3.1 Ensure AIDE is installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.1 Ensure AIDE is installedUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.3.1 Ensure AIDE is installedUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.3.1 Ensure AIDE is installedUnixCIS CentOS 6 Workstation L1 v3.0.0
1.3.1 Ensure AIDE is installedUnixCIS Debian 9 Workstation L1 v1.0.1
1.3.1 Ensure AIDE is installedUnixCIS CentOS 6 Server L1 v3.0.0
1.3.1 Ensure AIDE is installedUnixCIS Red Hat 6 Server L1 v3.0.0
1.3.1 Ensure AIDE is installedUnixCIS Amazon Linux v2.1.0 L1
1.3.1 Install AIDEUnixCIS Red Hat Enterprise Linux 5 L2 v2.2.1
1.3.2 Ensure filesystem integrity is regularly checked - aideUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.3 Ensure AIDE is configured to verify ACLs - installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.4 Ensure AIDE is configured to verify XATTRS - installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.5 Ensure AIDE is configured to use FIPS 140-2 - installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure AIDE is installed - aideUnixCIS Debian Family Workstation L1 v1.0.0
1.4.1 Ensure AIDE is installed - aideUnixCIS Debian Family Server L1 v1.0.0
1.4.1 Ensure AIDE is installed - aide-commonUnixCIS Debian Family Server L1 v1.0.0
1.4.1 Ensure AIDE is installed - aide-commonUnixCIS Debian Family Workstation L1 v1.0.0
1.5.9 Ensure NIST FIPS-validated cryptography is configured - rpmUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.1 Ensure SELinux is installedUnixCIS CentOS 6 Server L1 v3.0.0
1.6.1.1 Ensure SELinux is installedUnixCIS Red Hat 6 Server L1 v3.0.0
1.6.1.1 Ensure SELinux is installedUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.6.1.1 Ensure SELinux is installedUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.6.1.1 Ensure SELinux is installedUnixCIS CentOS 6 Workstation L1 v3.0.0
1.6.1.1 Ensure SELinux is installedUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.6.2 Ensure SELinux is installedUnixCIS Aliyun Linux 2 L2 v1.0.0
1.6.4 Enable XD/NX Support on 32-bit x86 Systems - kernel-PAEUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.10 Ensure required packages for multifactor authentication are installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.12 Ensure host-based intrusion detection tool is used - mcafeetp packageUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.2 Ensure X11 Server components are not installed - rpmUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.2 Ensure X11 Server components are not installed - systemctlUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.3.1 Ensure TCP Wrappers is installedUnixCIS Aliyun Linux 2 L1 v1.0.0
3.3.5 Secure the JDK 32-bit runtime libraryUnixCIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Linux
3.3.5 Secure the JDK 32-bit runtime libraryWindowsCIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Windows
12.1 Ensure the AppArmor Framework Is EnabledUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
12.1 Ensure the AppArmor Framework Is EnabledUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
12.3 Ensure the Apache AppArmor Profile Is in Enforce ModeUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
12.3 Ensure the Apache AppArmor Profile Is in Enforce ModeUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
18.8.22.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.8.22.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
18.8.22.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
18.8.22.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
19.1.3.2 Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
19.1.3.2 Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0