800-53|CM-11

Title

USER-INSTALLED SOFTWARE

Description

The organization:

Supplemental

If provided the necessary privileges, users have the ability to install software in organizational information systems. To maintain control over the types of software installed, organizations identify permitted and prohibited actions regarding software installation. Permitted software installations may include, for example, updates and security patches to existing software and downloading applications from organization-approved 'app stores'. Prohibited software installations may include, for example, software with unknown or suspect pedigrees or software that organizations consider potentially malicious. The policies organizations select governing user-installed software may be organization-developed or provided by some external entity. Policy enforcement methods include procedural methods (e.g., periodic examination of user accounts), automated methods (e.g., configuration settings implemented on organizational information systems), or both.

Reference Item Details

Related: AC-3,CM-2,CM-3,CM-5,CM-6,CM-7,PL-4

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 11 OS v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 5 L1 DB v1.2.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 7 L1 DB v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 6 L1 DB v1.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Red Hat 6 Server L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS CentOS 6 Workstation L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS CentOS 6 Server L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS CentOS 6 Workstation L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS CentOS 6 Server L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat 6 Server L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmodUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmodUnixCIS Red Hat 6 Server L1 v3.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmodUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmodUnixCIS CentOS 6 Server L1 v3.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmodUnixCIS CentOS 6 Workstation L1 v3.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmodUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS CentOS 6 Server L1 v3.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Red Hat 6 Server L1 v3.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS CentOS 6 Workstation L1 v3.0.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabledUnixCIS CentOS 6 Server L1 v3.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabledUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabledUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabledUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabledUnixCIS CentOS 6 Workstation L1 v3.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabledUnixCIS Red Hat 6 Server L1 v3.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS CentOS 6 Workstation L1 v3.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS Red Hat 6 Server L1 v3.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS CentOS 6 Server L1 v3.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.1.1.4 Ensure mounting of hfs filesystems is disabledUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.1.1.4 Ensure mounting of hfs filesystems is disabledUnixCIS CentOS 6 Server L1 v3.0.0
1.1.1.4 Ensure mounting of hfs filesystems is disabledUnixCIS Red Hat 6 Server L1 v3.0.0
1.1.1.4 Ensure mounting of hfs filesystems is disabledUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.1.1.4 Ensure mounting of hfs filesystems is disabledUnixCIS CentOS 6 Workstation L1 v3.0.0
1.1.1.4 Ensure mounting of hfs filesystems is disabledUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.1.1.4 Ensure mounting of hfs filesystems is disabled - modprobeUnixCIS CentOS 6 Server L1 v3.0.0
1.1.1.4 Ensure mounting of hfs filesystems is disabled - modprobeUnixCIS Red Hat 6 Server L1 v3.0.0
1.1.1.4 Ensure mounting of hfs filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.1.1.4 Ensure mounting of hfs filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Server L1 v2.0.0