Detections
Analytics

CSCv7|2.7

Title

Utilize Application Whitelisting

Description

Utilize application whitelisting technology on all assets to ensure that only authorized software executes and all unauthorized software is blocked from executing on assets.

Reference Item Details

Category: Inventory and Control of Software Assets

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.29 (L2) Ensure 'Allow features to download assets from the Asset Delivery Service' is set to 'Disabled'WindowsCIS Microsoft Edge v3.0.0 L2
1.30 (L2) Ensure 'Allow file selection dialogs' is set to 'Disabled'WindowsCIS Microsoft Edge v3.0.0 L2
1.73 (L1) Ensure 'Control communication with the Experimentation and Configuration Service' is set to 'Enabled: Disable communication with the Experimentation and Configuration Service'WindowsCIS Microsoft Edge v3.0.0 L1
11.3 Ensure the httpd_t Type is Not in Permissive ModeUnixCIS Apache HTTP Server 2.4 v2.2.0 L2
12.1 Ensure the AppArmor Framework Is EnabledUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
12.1 Ensure the AppArmor Framework Is EnabledUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
12.1 Ensure the AppArmor Framework Is EnabledUnixCIS Apache HTTP Server 2.4 v2.2.0 L2
12.2 Ensure the Apache AppArmor Profile Is Configured ProperlyUnixCIS Apache HTTP Server 2.4 v2.2.0 L2
12.3 Ensure Apache AppArmor Profile is in Enforce ModeUnixCIS Apache HTTP Server 2.4 v2.2.0 L2
12.3 Ensure the Apache AppArmor Profile Is in Enforce ModeUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
12.3 Ensure the Apache AppArmor Profile Is in Enforce ModeUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
18.8.22.1.1 (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.8.22.1.1 (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.8.22.1.1 (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.8.22.1.1 (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.8.22.1.1 (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.8.22.1.1 (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.8.22.1.2 (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.42.16 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server
18.10.42.16 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
18.10.42.16 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC
18.10.42.16 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS
18.10.42.16 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
18.10.42.16 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller
18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L2
18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L1
18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2025 v1.0.0 L1 MS
18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2025 v1.0.0 L1 DC