CSCv6|3.1

Title

Establish standard secure configurations of operating systems and software applications.

Description

Establish standard secure configurations of operating systems and software applications. Standardized images should represent hardened versions of the underlying operating system and the applications installed on the system. These images should be validated and refreshed on a regular basis to update their security configuration in light of recent vulnerabilities and attack vectors.

Reference Item Details

Category: Secure Configurations for Hardware and Software

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.0.2 Use IP address rather than hostname - 'db2system = IP'UnixCIS IBM DB2 OS L1 v1.2.0
1.1 Create a separate partition for containersUnixCIS Docker 1.6 v1.0.0 L1 Linux
1.1 Ensure Web Content Is on Non-System PartitionWindowsCIS IIS 7 L1 v1.8.0
1.1.1 Create Separate Partition for /tmpUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.1 Ensure mounting of squashfs filesystems is disabled - modprobeUnixCIS Aliyun Linux 2 L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - /etc/modprobe.d/CIS.confUnixCIS Amazon Linux v2.1.0 L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat 6 Server L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS CentOS 6 Workstation L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Debian Family Workstation L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS CentOS 6 Server L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Debian Family Server L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.1.1.1 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Debian 9 Server L1 v1.0.1
1.1.1.1 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Debian 9 Workstation L1 v1.0.1
1.1.1.1 Ensure mounting of squashfs filesystems is disabledUnixCIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.1 Ensure mounting of squashfs filesystems is disabledUnixCIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.2 Ensure mounting of freevxfs filesystems is disabledUnixCIS Amazon Linux v2.1.0 L2
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - /etc/modprobe.d/CIS.confUnixCIS Amazon Linux v2.1.0 L1
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS CentOS 6 Workstation L1 v3.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS CentOS 6 Server L1 v3.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Red Hat 6 Server L1 v3.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Debian Family Server L1 v1.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Debian Family Workstation L1 v1.0.0
1.1.1.2 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS Debian 9 Workstation L1 v1.0.1
1.1.1.2 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS Debian 9 Server L1 v1.0.1
1.1.1.2 Ensure mounting of udf filesystems is disabledUnixCIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.1.1.2 Ensure mounting of udf filesystems is disabledUnixCIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
1.1.1.3 Ensure mounting of hfs filesystems is disabled - modprobeUnixCIS Debian 9 Workstation L1 v1.0.1
1.1.1.3 Ensure mounting of hfs filesystems is disabled - modprobeUnixCIS Debian 9 Server L1 v1.0.1
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - /etc/modprobe.d/CIS.confUnixCIS Amazon Linux v2.1.0 L1
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS CentOS 6 Workstation L1 v3.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS Red Hat 6 Server L1 v3.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS CentOS 6 Server L1 v3.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS Debian Family Server L1 v1.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS Debian Family Workstation L1 v1.0.0
1.09 Windows Program Folder Permissions - 'Verify and set permissions'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 1