CSCv6|2.2

Title

Deploy application whitelisting technology that allows systems to run software only if it is included on the whitelist.

Description

Deploy application whitelisting technology that allows systems to run software only if it is included on the whitelist and prevents execution of all other software on the system. The whitelist may be very extensive (as is available from commercial whitelist vendors), so that users are not inconvenienced when using common software. Or, for some special-purpose systems (which require only a small number of programs to achieve their needed business functionality), the whitelist may be quite narrow.

Reference Item Details

Category: Inventory of Authorized and Unauthorized Software

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.3.1.5 Set 'Turn off the Windows Messenger Customer Experience Improvement Program' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.1.6 Set 'Turn off Search Companion content file updates' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.1.9 Set 'Turn off printing over HTTP' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.13 Configure 'Allow all trusted apps to install'WindowsCIS Windows 8 L1 v1.0.0
1.3.1 Ensure AIDE is installedUnixCIS Aliyun Linux 2 L1 v1.0.0
1.3.1 Ensure AIDE is installedUnixCIS Amazon Linux v2.1.0 L1
1.3.1 Install AIDEUnixCIS Red Hat Enterprise Linux 5 L2 v2.2.1
1.3.2 Ensure filesystem integrity is regularly checked - aideUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.4 Ensure AIDE is configured to verify XATTRS - installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.1 Ensure SELinux is installedUnixCIS CentOS 6 Server L1 v3.0.0
1.6.1.1 Ensure SELinux is installedUnixCIS Red Hat 6 Server L1 v3.0.0
1.6.1.1 Ensure SELinux is installedUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.6.1.1 Ensure SELinux is installedUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.6.1.1 Ensure SELinux is installedUnixCIS CentOS 6 Workstation L1 v3.0.0
1.6.1.1 Ensure SELinux is installedUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.6.2 Ensure SELinux is installedUnixCIS Aliyun Linux 2 L2 v1.0.0
1.6.4 Enable XD/NX Support on 32-bit x86 Systems - kernel-PAEUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.10 Ensure required packages for multifactor authentication are installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.2 Ensure X11 Server components are not installed - rpmUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.2 Ensure X11 Server components are not installed - systemctlUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.3.1 Ensure TCP Wrappers is installedUnixCIS Aliyun Linux 2 L1 v1.0.0
3.3.5 Secure the JDK runtime library - 'jdk_path value'UnixCIS IBM DB2 OS L2 v1.2.0
3.3.6 Secure the JDK 64-bit runtime library - 'jdk_64_path value'UnixCIS IBM DB2 OS L2 v1.2.0
3.4.1 Ensure TCP Wrappers is installedUnixCIS Amazon Linux v2.1.0 L1
3.5.1.4 Ensure firewalld service enabled and running - installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.5.3 Ensure iptables is installedUnixCIS Aliyun Linux 2 L1 v1.0.0
3.6.1 Ensure iptables is installedUnixCIS Amazon Linux v2.1.0 L1
3.6.1.1 Ensure iptables is installedUnixCIS Red Hat 6 Workstation L1 v3.0.0
3.6.1.1 Ensure iptables is installedUnixCIS Oracle Linux 6 Server L1 v2.0.0
3.6.1.1 Ensure iptables is installedUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
3.6.1.1 Ensure iptables is installedUnixCIS Red Hat 6 Server L1 v3.0.0
3.6.1.1 Ensure iptables is installedUnixCIS CentOS 6 Server L1 v3.0.0
3.6.1.1 Ensure iptables is installedUnixCIS CentOS 6 Workstation L1 v3.0.0
4.1.1.1 Ensure auditd is installedUnixCIS Debian Family Server L2 v1.0.0
4.1.1.1 Ensure auditd is installedUnixCIS Debian Family Workstation L2 v1.0.0
4.1.1.1 Ensure auditd is installed - auditUnixCIS CentOS 6 Server L2 v3.0.0
4.1.1.1 Ensure auditd is installed - auditUnixCIS Oracle Linux 6 Server L2 v2.0.0
4.1.1.1 Ensure auditd is installed - auditUnixCIS Oracle Linux 6 Workstation L2 v2.0.0
4.1.1.1 Ensure auditd is installed - auditUnixCIS CentOS 6 Workstation L2 v3.0.0
4.1.1.1 Ensure auditd is installed - audit-libsUnixCIS CentOS 6 Workstation L2 v3.0.0
4.1.1.1 Ensure auditd is installed - audit-libsUnixCIS Oracle Linux 6 Workstation L2 v2.0.0
4.1.1.1 Ensure auditd is installed - audit-libsUnixCIS Oracle Linux 6 Server L2 v2.0.0
4.1.1.1 Ensure auditd is installed - audit-libsUnixCIS CentOS 6 Server L2 v3.0.0
4.2.1.1 Ensure rsyslog is installedUnixCIS Oracle Linux 6 Server L1 v2.0.0
4.2.1.1 Ensure rsyslog is installedUnixCIS CentOS 6 Server L1 v3.0.0
4.2.1.1 Ensure rsyslog is installedUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
4.2.1.1 Ensure rsyslog is installedUnixCIS CentOS 6 Workstation L1 v3.0.0
4.2.2 Ensure rsyslog is installedUnixCIS Aliyun Linux 2 L1 v1.0.0
4.27 sqlnet.ora - 'sqlnet.allowed_logon_version = 11'UnixCIS v1.1.0 Oracle 11g OS L2
4.27 sqlnet.ora - 'sqlnet.allowed_logon_version = 11'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 2