Theme

CSCv7|2.7

Title

Utilize Application Whitelisting

Description

Utilize application whitelisting technology on all assets to ensure that only authorized software executes and all unauthorized software is blocked from executing on assets.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Inventory and Control of Software Assets

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.11 Ensure That 'Users Can Consent to Apps Accessing Company Data on Their Behalf' Is Set To 'Allow for Verified Publishers'	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L2
1.25 Ensure 'Allow features to download assets from the Asset Delivery Service' is set to 'Disabled'	Windows	CIS Microsoft Edge L2 v1.1.0
1.26 Ensure 'Allow file selection dialog' is set to 'Disabled'	Windows	CIS Microsoft Edge L2 v1.1.0
1.65 Ensure 'Control communication with the Experimentation and Configuration Service' is set to 'Enabled: Disable communication with the Experimentation and Configuration Service'	Windows	CIS Microsoft Edge L1 v1.1.0
12.1 Ensure the AppArmor Framework Is Enabled	Unix	CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
12.1 Ensure the AppArmor Framework Is Enabled	Unix	CIS Apache HTTP Server 2.2 L2 v3.6.0
12.1 Ensure the AppArmor Framework Is Enabled	Unix	CIS Apache HTTP Server 2.4 L2 v2.0.0
12.1 Ensure the AppArmor Framework Is Enabled	Unix	CIS Apache HTTP Server 2.4 L2 v2.0.0 Middleware
12.3 Ensure Apache AppArmor Profile is in Enforce Mode	Unix	CIS Apache HTTP Server 2.4 L2 v2.0.0 Middleware
12.3 Ensure Apache AppArmor Profile is in Enforce Mode	Unix	CIS Apache HTTP Server 2.4 L2 v2.0.0
12.3 Ensure the Apache AppArmor Profile Is in Enforce Mode	Unix	CIS Apache HTTP Server 2.2 L2 v3.6.0
12.3 Ensure the Apache AppArmor Profile Is in Enforce Mode	Unix	CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 MS L1 v2.6.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 DC L1 v1.3.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v1.0.0 L1 MS
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v1.0.0 L1 DC
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Windows Server 2012 DC L1 v2.4.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.4.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Windows Server 2012 MS L1 v2.4.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 MS L1 v1.3.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.4.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 DC L1 v2.6.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
18.8.22.1.2 (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
18.8.22.1.2 (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v1.12.0 L1 + NG
18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v1.0.0 L1 + NG
18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v1.0.0 L1
18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v1.0.1 L1 + BL
18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v1.0.0 L1 + BL
18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v1.0.0 L1 + BL
18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1
18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v1.0.0 L1 + BL + NG
18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v1.0.1 L1 + BL + NG