800-53|CM-5(1)

Title

AUTOMATED ACCESS ENFORCEMENT / AUDITING

Description

The information system enforces access restrictions and supports auditing of the enforcement actions.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AU-12,AU-2,AU-6,CM-3,CM-6

Category: CONFIGURATION MANAGEMENT

Parent Title: ACCESS RESTRICTIONS FOR CHANGE

Family: CONFIGURATION MANAGEMENT

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4.4 Ensure boot loader does not allow removable media	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.10 Ensure system device files are labeled - device_t	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.10 Ensure system device files are labeled - unlabeled_t	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.21 Ensure the TFTP server has not been installed - TFTP server package installed if not required for operational support.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.2.2.6 Ensure rsyslog imudp and imrelp aren't loaded.	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
5.3.30 Ensure SSH does not permit GSSAPI - GSSAPI authentication unless needed.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.31 Ensure SSH does not permit Kerberos authentication	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.5.9 Ensure local interactive user accounts umask is 077	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AADC-CL-000840 - Adobe Acrobat Pro DC Classic privileged file and folder locations must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CL-001325 - Adobe Acrobat Pro DC Classic privileged host locations must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-000840 - Adobe Acrobat Pro DC Continuous privileged file and folder locations must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
AADC-CN-001325 - Adobe Acrobat Pro DC Continuous privileged host locations must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-000840 - Adobe Acrobat Pro XI privileged file and folder locations must be disabled.	Windows	DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-001325 - Adobe Acrobat Pro XI privileged site locations must be disabled.	Windows	DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-001330 - Adobe Acrobat Pro XI privileged host locations must be disabled.	Windows	DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-001335 - Adobe Acrobat Pro XI certified document trust must be disabled.	Windows	DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events.	Unix	DISA STIG AIX 7.x v3r1
AIX7-00-002107 - AIX must disable Kerberos Authentication in ssh config file to enforce access restrictions.	Unix	DISA STIG AIX 7.x v3r1
AIX7-00-002133 - AIX must be configured to use syslogd to log events by TCPD.	Unix	DISA STIG AIX 7.x v3r1
AIX7-00-003022 - AIX must disable trivial file transfer protocol.	Unix	DISA STIG AIX 7.x v3r1
AOSX-13-000554 - The macOS system must not have a guest account - Guest account	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000554 - The macOS system must not have a guest account - Guest fdesetup	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-002110 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-002063 - The macOS system must disable the guest account.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-002063 - The macOS system must enforce access restrictions.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fd	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fd	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fm	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fm	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fr	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fr	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fw	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fw	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-002063 - The macOS system must enforce access restrictions.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-002063 - The macOS system must enforce access restrictions.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-12-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-002063 - The macOS system must enforce access restrictions.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-13-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-13-002063 - The macOS system must disable the guest account.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-14-000100 - The macOS system must disable root logon.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001001 - The macOS system must be configured to audit all administrative action events.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001003 - The macOS system must enable security auditing.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001020 - The macOS system must be configured to audit all deletions of object attributes.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001021 - The macOS system must be configured to audit all changes of object attributes.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001024 - The macOS system must be configured to audit all failed program execution on the system.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001044 - The macOS system must configure the system to audit all authorization and authentication events.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001100 - The macOS system must disable root logon for SSH.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r2

Detections

Analytics

800-53|CM-5(1)

Title

Description

Reference Item Details

Audit Items