800-53|CM-10

Title

SOFTWARE USAGE RESTRICTIONS

Description

The organization:

Supplemental

Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-17,CM-8,SC-7

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Priority: P2

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.3.4.5 Configure 'Devices: Prevent users from installing printer drivers'	Windows	CIS Windows 8 L1 v1.0.0
1.1.5 Ensure noexec option set on /tmp partition	Unix	CIS Google Container-Optimized OS v1.2.0 L1 Server
1.1.7 Ensure noexec option set on /var partition	Unix	CIS Google Container-Optimized OS v1.2.0 L2 Server
1.1.9 Ensure noexec option set on /var/tmp partition	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.9 Ensure noexec option set on /var/tmp partition	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.16 Ensure noexec option set on /dev/shm partition	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.16 Ensure noexec option set on /dev/shm partition	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Debian 8 Server L1 v2.0.2
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'	MDM	AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'	MDM	MobileIron - CIS Apple iOS 18 v1.0.0 L1 End User Owned
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'	MDM	MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'	MDM	AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'	MDM	MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'	MDM	AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'	MDM	AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'	MDM	MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1
2.5 (L1) Host must only run binaries delivered via signed VIB	VMware	CIS VMware ESXi 8.0 v1.1.0 L1
2.5 Ensure insecure registries are not used	Unix	CIS Docker v1.7.0 L1 Docker - Linux
2.6.1.1 Audit iCloud Configuration	Unix	CIS Apple macOS 10.14 v2.0.0 L2
3.22 (L1) Host must deny shell access for the dcui account	VMware	CIS VMware ESXi 8.0 v1.1.0 L1
5.1.2 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	Unix	CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	Unix	CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	Unix	CIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	Unix	CIS Apple macOS 15.0 Sequoia v1.0.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	Unix	CIS Apple macOS 12.0 Monterey v3.1.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	Unix	CIS Apple macOS 14.0 Sonoma v2.0.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	Unix	CIS Apple macOS 13.0 Ventura v3.0.0 L1
5.1.3 Ensure Apple Mobile File Integrity Is Enabled	Unix	CIS Apple macOS 10.14 v2.0.0 L1
7.1.1 Ensure Protect Mail Activity in Mail Is Enabled	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L2
7.1.1 Ensure Protect Mail Activity in Mail Is Enabled	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L2
7.2.4 Ensure Warn When Visiting A Fradulent Website in Safari Is Enabled	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
7.2.10 Ensure Pop-up Windows Are Blocked	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
7.2.12 Ensure Show Status Bar Is Enabled	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
7.4 Disable Popups Initiated by Plugins	Windows	CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
7.4 Disable Popups Initiated by Plugins	Unix	CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
9.8 Ensure root PATH Integrity	Unix	CIS Oracle Solaris 11.4 L1 v1.1.0
9.20 Check for Presence of User .forward Files	Unix	CIS Oracle Solaris 11.4 L1 v1.1.0

Detections

Analytics