800-53|CA-9

Title

INTERNAL SYSTEM CONNECTIONS

Description

The organization:

Supplemental

This control applies to connections between organizational information systems and (separate) constituent system components (i.e., intra-system connections) including, for example, system connections with mobile devices, notebook/desktop computers, printers, copiers, facsimile machines, scanners, sensors, and servers. Instead of authorizing each individual internal connection, organizations can authorize internal connections for a class of components with common characteristics and/or configurations, for example, all digital printers, scanners, and copiers with a specified processing, storage, and transmission capability or all smart phones with a specific baseline configuration.

Reference Item Details

Related: AC-18,AC-19,AC-3,AC-4,AU-12,AU-2,CA-7,CM-2,IA-3,SC-7,SI-4

Category: SECURITY ASSESSMENT AND AUTHORIZATION

Family: SECURITY ASSESSMENT AND AUTHORIZATION

Priority: P2

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3.1 Disable CDPCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.3.2 Disable TCP and UDP small serversCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.5.1 Unset 'private' for 'snmp-server community'CiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.5.2 Unset 'public' for 'snmp-server community'CiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.5.3 Do not set 'RW' for any 'snmp-server community'CiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.6.3 Create network segmentation using Network PoliciesUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L2
2.1 Configure TCP WrappersUnixCIS Oracle Solaris 11.4 L1 v1.1.0
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2016 Database L1 AWS RDS v1.4.0
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2017 Database L1 DB v1.3.0
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS Microsoft SQL Server 2019 v1.4.0 L1 AWS RDS
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2022 Database L1 AWS RDS v1.1.0
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2017 Database L1 AWS RDS v1.3.0
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS Microsoft SQL Server 2019 v1.4.0 L1 Database Engine
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2022 Database L1 DB v1.1.0
2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2016 Database L1 DB v1.4.0
2.1.1 Ensure 'extproc' Is Not Present in 'listener.ora'UnixCIS Oracle Server 19c Linux v1.2.0
2.1.1 Ensure 'extproc' Is Not Present in 'listener.ora'WindowsCIS Oracle Server 19c Windows v1.2.0
2.1.2 Ensure 'extproc' Is Not Present in 'listener.ora'UnixCIS Oracle Server 18c Linux v1.1.0
2.1.2 Ensure 'extproc' Is Not Present in 'listener.ora'WindowsCIS Oracle Server 18c Windows v1.1.0
2.1.3 Ensure NFS and RPC are not enabledUnixCIS Google Container-Optimized OS v1.2.0 L1 Server
2.1.4 Ensure rsync service is not enabledUnixCIS Google Container-Optimized OS v1.2.0 L1 Server
2.2 (L1) Ensure the ESXi host firewall is configured to restrict access to services running on the hostVMwareCIS VMware ESXi 7.0 v1.4.0 L1
2.2 Disable Local-only Graphical Login EnvironmentUnixCIS Oracle Solaris 11.4 L1 v1.1.0
2.2 Ensure the ESXi host firewall is configured to restrict access to services running on the hostUnixCIS VMware ESXi 6.7 v1.3.0 Level 1 Bare Metal
2.10 Disable Removable Volume ManagerUnixCIS Oracle Solaris 11.4 L1 v1.1.0
2.10 Ensure Unnecessary SQL Server Protocols are set to 'Disabled'WindowsCIS SQL Server 2016 Database L1 OS v1.4.0
2.10 Ensure Unnecessary SQL Server Protocols are set to 'Disabled'WindowsCIS SQL Server 2022 Database L1 OS v1.1.0
2.10 Ensure Unnecessary SQL Server Protocols are set to 'Disabled'WindowsCIS SQL Server 2017 Database L1 OS v1.3.0
2.10 Ensure Unnecessary SQL Server Protocols are set to 'Disabled'MS_SQLDBCIS Microsoft SQL Server 2019 v1.4.0 L1 Database Engine
2.11 Disable automount ServiceUnixCIS Oracle Solaris 11.4 L1 v1.1.0
2.11 Ensure SQL Server is configured to use non-standard portsMS_SQLDBCIS SQL Server 2017 Database L1 DB v1.3.0
2.11 Ensure SQL Server is configured to use non-standard portsMS_SQLDBCIS SQL Server 2016 Database L1 DB v1.4.0
2.11 Ensure SQL Server is configured to use non-standard portsMS_SQLDBCIS Microsoft SQL Server 2019 v1.4.0 L1 AWS RDS
2.11 Ensure SQL Server is configured to use non-standard portsMS_SQLDBCIS SQL Server 2022 Database L1 AWS RDS v1.1.0
2.11 Ensure SQL Server is configured to use non-standard portsMS_SQLDBCIS SQL Server 2022 Database L1 DB v1.1.0
2.11 Ensure SQL Server is configured to use non-standard portsMS_SQLDBCIS SQL Server 2016 Database L1 AWS RDS v1.4.0
2.11 Ensure SQL Server is configured to use non-standard portsMS_SQLDBCIS Microsoft SQL Server 2019 v1.4.0 L1 Database Engine
2.11 Ensure SQL Server is configured to use non-standard portsMS_SQLDBCIS SQL Server 2017 Database L1 AWS RDS v1.3.0
2.12 Disable Telnet ServiceUnixCIS Oracle Solaris 11.4 L1 v1.1.0
2.12 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instancesMS_SQLDBCIS SQL Server 2016 Database L1 DB v1.4.0
2.12 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instancesMS_SQLDBCIS SQL Server 2017 Database L1 DB v1.3.0
2.12 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instancesMS_SQLDBCIS Microsoft SQL Server 2019 v1.4.0 L1 Database Engine
2.12 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instancesMS_SQLDBCIS SQL Server 2022 Database L1 DB v1.1.0
2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2016 Database L1 AWS RDS v1.4.0
2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2016 Database L1 DB v1.4.0
2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2017 Database L1 DB v1.3.0
2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2017 Database L1 AWS RDS v1.3.0
10.2 SN.2 Remove Support for Internet Services (inetd)UnixCIS Oracle Solaris 11.4 L2 v1.1.0
18.9.35.1 (L1) Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.35.1 Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1