800-53|CM-5(6)

Title

LIMIT LIBRARY PRIVILEGES

Description

The organization limits privileges to change software resident within software libraries.

Supplemental

Software libraries include privileged programs.

Reference Item Details

Related: AC-2

Category: CONFIGURATION MANAGEMENT

Parent Title: ACCESS RESTRICTIONS FOR CHANGE

Family: CONFIGURATION MANAGEMENT

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2 Set permissions on local-settings.jsUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
1.3 Protect Firefox BinariesUnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.4 Set permissions on local-settings.jsUnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.4 Set permissions on local-settings.js - AdministratorsWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.4 Set permissions on local-settings.js - UsersWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.4 Set permissions on mozilla.cfgUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
1.5 Protect Firefox BinariesUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
1.5 Set permissions on mozilla.cfgUnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.5 Set permissions on mozilla.cfg - AdministratorsWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.5 Set permissions on mozilla.cfg - UsersWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
AADC-CL-001280 - Adobe Acrobat Pro DC Classic Default Handler changes must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-001280 - Adobe Acrobat Pro DC Continuous Default Handler changes must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-001280 - Adobe Acrobat Pro XI Default Handler changes must be disabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AIX7-00-001018 - All system files, programs, and directories must be owned by a system account.UnixDISA STIG AIX 7.x v3r1
AIX7-00-001019 - AIX device files and directories must only be writable by users with a system account or as configured by the vendor.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002072 - AIX system files, programs, and directories must be group-owned by a system group.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002088 - AIX library files must have mode 0755 or less permissive.UnixDISA STIG AIX 7.x v3r1
AIX7-00-003009 - All system command files must not have extended ACLs.UnixDISA STIG AIX 7.x v3r1
AIX7-00-003010 - All library files must not have extended ACLs.UnixDISA STIG AIX 7.x v3r1
ALMA-09-010250 - AlmaLinux OS 9 system commands must be group-owned by root or a system account.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-010360 - AlmaLinux OS 9 system commands must be owned by root.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-010470 - AlmaLinux OS 9 system commands must have mode 755 or less permissive.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-010580 - AlmaLinux OS 9 library directories must be group-owned by root or a system account.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-010690 - AlmaLinux OS 9 library directories must be owned by root.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-010800 - AlmaLinux OS 9 library directories must have mode 755 or less permissive.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-010910 - AlmaLinux OS 9 library files must be group-owned by root or a system account.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-011020 - AlmaLinux OS 9 library files must be owned by root.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-011130 - AlmaLinux OS 9 library files must have mode 755 or less permissive.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
AOSX-13-000240 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 11 v1r5
APPL-12-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 13 v1r5
APPL-14-005001 The macOS system must ensure System Integrity Protection is enabled.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-15-005001 - The macOS system must ensure System Integrity Protection is enabled.UnixDISA Apple macOS 15 (Sequoia) STIG v1r2
ARDC-CL-000050 - Adobe Reader DC must disable the ability to change the Default Handler.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000050 - Adobe Reader DC must disable the ability to change the Default Handler.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
CD12-00-000700 - Privileges to change PostgreSQL software modules must be limited.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-000710 - PostgreSQL must limit privileges to change functions and triggers, and links to software external to PostgreSQL.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1