Detections
Analytics

CSCv6|8.4

Title

Enable anti-exploitation features such as Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), virtualization/containerization, etc.

Description

Enable anti-exploitation features such as Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), virtualization/containerization, etc. For increased protection, deploy capabilities such as Enhanced Mitigation Experience Toolkit (EMET) that can be configured to apply these protections to a broader set of applications and executables.

Reference Item Details

Category: Malware Defenses

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.35 Ensure that the admission control policy is set to EventRateLimitUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.36 Ensure that the admission control plugin EventRateLimit is setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.36 Ensure that the admission control plugin EventRateLimit is setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.3.1.7 Configure 'Turn off Event Viewer 'Events.asp' links'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.2.2 Configure 'Do not process the run once list'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.2.3 Configure 'Do not process the legacy run list'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.25 Set 'Allow enhanced PINs for startup' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.9 Set 'Turn off Data Execution Prevention for Explorer' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.5.1 Ensure XD/NX support is enabledUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.5.1 Ensure XD/NX support is enabledUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - configUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - configUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.5.2 Ensure XD/NX support is enabledUnixCIS Amazon Linux v2.1.0 L1
1.5.2 Ensure XD/NX support is enabledUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.5.2 Ensure XD/NX support is enabledUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.5.2 Ensure XD/NX support is enabledUnixCIS Distribution Independent Linux Server L1 v2.0.0
1.5.2 Ensure XD/NX support is enabledUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Distribution Independent Linux Server L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Debian 8 Workstation L1 v2.0.2
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Debian 8 Server L1 v2.0.2
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS Red Hat 6 Server L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS CentOS 6 Server L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS Red Hat 6 Workstation L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS Oracle Linux 6 Server L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS CentOS 6 Workstation L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS Amazon Linux v2.1.0 L1
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Debian 8 Server L1 v2.0.2
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Debian 8 Workstation L1 v2.0.2
1.5.3 Ensure address space layout randomization (ASLR) is enabled (sysctl.conf/sysctl.d)UnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled (sysctl.conf/sysctl.d)UnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.6.1 Ensure XD/NX support is enabledUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.6.1 Ensure XD/NX support is enabledUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.6.2 Configure ExecShield - kernel.exec-shield = 1UnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.6.2 Ensure address space layout randomization (ASLR) is enabled - configUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - configUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
13.6 Ensure root PATH Integrity - dot or empty in pathUnixCIS Debian Linux 7 L1 v1.0.0
13.6 Ensure root PATH Integrity - other writable directories in patUnixCIS Debian Linux 7 L1 v1.0.0
18.3.4 (L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.24.1 (L1) Ensure 'EMET 5.52' or higher is installedWindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker