800-53|CM-5(1)

Title

AUTOMATED ACCESS ENFORCEMENT / AUDITING

Description

The information system enforces access restrictions and supports auditing of the enforcement actions.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AU-12,AU-2,AU-6,CM-3,CM-6

Category: CONFIGURATION MANAGEMENT

Parent Title: ACCESS RESTRICTIONS FOR CHANGE

Family: CONFIGURATION MANAGEMENT

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4.4 Ensure boot loader does not allow removable media	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.10 Ensure system device files are labeled - device_t	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.10 Ensure system device files are labeled - unlabeled_t	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.21 Ensure the TFTP server has not been installed - TFTP server package installed if not required for operational support.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.1010 - The rsyslog daemon must not accept log messages from other servers unless the server is being used for log aggregation.	Unix	Tenable Fedora Linux Best Practices v2.0.0
4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.2.2.6 Ensure rsyslog imudp and imrelp aren't loaded.	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
5.3.30 Ensure SSH does not permit GSSAPI - GSSAPI authentication unless needed.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.31 Ensure SSH does not permit Kerberos authentication	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.5.9 Ensure local interactive user accounts umask is 077	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AADC-CL-000840 - Adobe Acrobat Pro DC Classic privileged file and folder locations must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Classic Track v1r3
AADC-CL-000840 - Adobe Acrobat Pro DC Classic privileged file and folder locations must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CL-001325 - Adobe Acrobat Pro DC Classic privileged host locations must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CL-001325 - Adobe Acrobat Pro DC Classic privileged host locations must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Classic Track v1r3
AADC-CN-000840 - Adobe Acrobat Pro DC Continuous privileged file and folder locations must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
AADC-CN-000840 - Adobe Acrobat Pro DC Continuous privileged file and folder locations must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Continuous Track v1r2
AADC-CN-001325 - Adobe Acrobat Pro DC Continuous privileged host locations must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
AADC-CN-001325 - Adobe Acrobat Pro DC Continuous privileged host locations must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Continuous Track v1r2
ADBP-XI-000840 - Adobe Acrobat Pro XI privileged file and folder locations must be disabled.	Windows	DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-001325 - Adobe Acrobat Pro XI privileged site locations must be disabled.	Windows	DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-001330 - Adobe Acrobat Pro XI privileged host locations must be disabled.	Windows	DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-001335 - Adobe Acrobat Pro XI certified document trust must be disabled.	Windows	DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/group	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/group	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/audit/config	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/audit/config	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/environ	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/environ	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/group	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/group	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/limits	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/limits	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/login.cfg	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/login.cfg	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/passwd read	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/passwd read	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/passwd write	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/passwd write	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/user	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events - /etc/security/user	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-002107 - AIX must disable Kerberos Authentication in ssh config file to enforce access restrictions.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-002133 - AIX must be configured to use syslogd to log events by TCPD.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-002133 - AIX must be configured to use syslogd to log events by TCPD.	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002133 - AIX must be configured to use syslogd to log events by TCPD.	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-003022 - AIX must disable trivial file transfer protocol.	Unix	DISA STIG AIX 7.x v2r9
AOSX-13-000554 - The macOS system must not have a guest account - Guest account	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000554 - The macOS system must not have a guest account - Guest fdesetup	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-002110 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6

Detections

Analytics

800-53|CM-5(1)

Title

Description

Reference Item Details

Audit Items