800-53|CM-10

Title

SOFTWARE USAGE RESTRICTIONS

Description

The organization:

Supplemental

Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs.

Reference Item Details

Related: AC-17,CM-8,SC-7

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Priority: P2

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 5 L1 DB v1.2.0
1.1 Ensure the appropriate MongoDB software version/patches are installedWindowsCIS MongoDB 6 v1.2.0 L1 MongoDB
1.1 Ensure the appropriate MongoDB software version/patches are installedUnixCIS MongoDB 7 v1.1.0 L1 MongoDB
1.1 Ensure the appropriate MongoDB software version/patches are installedUnixCIS MongoDB 6 v1.2.0 L1 MongoDB
1.1 Ensure the appropriate MongoDB software version/patches are installedWindowsCIS MongoDB 7 v1.1.0 L1 MongoDB
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmodUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmodUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobeUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobeUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.3.4.5 Configure 'Devices: Prevent users from installing printer drivers'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.1.1 Ensure 'Add-on Management' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.1.4.1.2 Ensure 'Bind to object' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.1.4.1.5 Ensure 'Information Bar' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.1.4.1.11 Ensure 'Restrict ActiveX Install' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.1.4.1.14 Ensure 'Scripted Window Security Restrictions' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.1.5 Ensure noexec option set on /tmp partitionUnixCIS Google Container-Optimized OS v1.2.0 L1 Server
1.1.7 Ensure noexec option set on /var partitionUnixCIS Google Container-Optimized OS v1.2.0 L2 Server
1.1.9 Ensure noexec option set on /var/tmp partitionUnixCIS Debian 8 Server L1 v2.0.2
1.1.9 Ensure noexec option set on /var/tmp partitionUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.12 Ensure noexec option set on /dev/shm partitionUnixCIS Google Container-Optimized OS v1.2.0 L1 Server
1.1.16 Ensure noexec option set on /dev/shm partitionUnixCIS Debian 8 Server L1 v2.0.2
1.1.16 Ensure noexec option set on /dev/shm partitionUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitionsUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitionsUnixCIS Debian 8 Server L1 v2.0.2
1.3.1 (L2) Ensure 'Allow read access via the File System API on these sites' is set to 'Disabled'WindowsCIS Microsoft Edge v3.0.0 L2
1.3.1 Ensure 'Block Flash activation in Office documents' is set to 'Enabled: Block all activation'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.3.3 (L2) Ensure 'Control use of JavaScript JIT' is set to 'Enabled: Do not allow any site to run JavaScript JIT'WindowsCIS Microsoft Edge v3.0.0 L2
1.3.4 (L2) Ensure 'Control use of the File System API for reading' is set to 'Enabled: Don't allow any site to request read access to files and directories via the File System API'WindowsCIS Microsoft Edge v3.0.0 L2
1.3.5 (L1) Ensure 'Control use of the File System API for writing' is set to 'Enabled: Don't allow any site to request write access to files and directories'WindowsCIS Microsoft Edge v3.0.0 L1
1.3.6 (L2) Ensure 'Control use of the Web Bluetooth API' is set to 'Enabled: Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API'WindowsCIS Microsoft Edge v3.0.0 L2
1.3.7 (L2) Ensure 'Control use of the WebHID API' is set to 'Enabled: Do not allow any site to request access to HID devices via the WebHID API'WindowsCIS Microsoft Edge v3.0.0 L2
1.7.1 (L1) Ensure 'Configure users ability to override feature flags' is set to 'Enabled: Prevent users from overriding feature flags'WindowsCIS Microsoft Edge v3.0.0 L1
1.8.1 (L1) Ensure 'Blocks external extensions from being installed' is set to 'Enabled'WindowsCIS Microsoft Edge v3.0.0 L1
1.8.2 (L2) Ensure 'Configure extension management settings' is set to 'Enabled: *'WindowsCIS Microsoft Edge v3.0.0 L2
1.29 (L2) Ensure 'Allow features to download assets from the Asset Delivery Service' is set to 'Disabled'WindowsCIS Microsoft Edge v3.0.0 L2
1.39 (L1) Ensure 'Allow managed extensions to use the Enterprise Hardware Platform API' is set to 'Disabled'WindowsCIS Microsoft Edge v3.0.0 L1
1.45 (L1) Ensure 'Allow remote debugging' is set to 'Disabled'WindowsCIS Microsoft Edge v3.0.0 L1
1.53 (L2) Ensure 'AutoLaunch Protocols Component Enabled' is set to 'Disabled'WindowsCIS Microsoft Edge v3.0.0 L2
1.73 (L1) Ensure 'Control communication with the Experimentation and Configuration Service' is set to 'Enabled: Disable communication with the Experimentation and Configuration Service'WindowsCIS Microsoft Edge v3.0.0 L1
1.75 (L2) Ensure 'Control use of the Serial API' is set to 'Enable: Do not allow any site to request access to serial ports via the Serial API'WindowsCIS Microsoft Edge v3.0.0 L2
1.104 (L1) Ensure 'Enable upload files from mobile in Microsoft Edge desktop' is set to 'Disabled'WindowsCIS Microsoft Edge v3.0.0 L1
1.124 (L1) Ensure 'Show the Reload in Internet Explorer mode button in the toolbar' is set to 'Disabled'WindowsCIS Microsoft Edge v3.0.0 L1
11.3 Ensure the httpd_t Type is Not in Permissive ModeUnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
11.3 Ensure the httpd_t Type is Not in Permissive ModeUnixCIS Apache HTTP Server 2.4 L2 v2.1.0
11.4 Ensure Only the Necessary SELinux Booleans are EnabledUnixCIS Apache HTTP Server 2.4 L2 v2.1.0
11.4 Ensure Only the Necessary SELinux Booleans are EnabledUnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
12.1 Ensure the AppArmor Framework Is EnabledUnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
12.1 Ensure the AppArmor Framework Is EnabledUnixCIS Apache HTTP Server 2.4 L2 v2.1.0
12.2 Ensure the Apache AppArmor Profile Is Configured ProperlyUnixCIS Apache HTTP Server 2.4 L2 v2.1.0
12.2 Ensure the Apache AppArmor Profile Is Configured ProperlyUnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware