800-53|CM-5(6)

Title

LIMIT LIBRARY PRIVILEGES

Description

The organization limits privileges to change software resident within software libraries.

Supplemental

Software libraries include privileged programs.

Reference Item Details

Related: AC-2

Category: CONFIGURATION MANAGEMENT

Parent Title: ACCESS RESTRICTIONS FOR CHANGE

Family: CONFIGURATION MANAGEMENT

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2 Set permissions on local-settings.jsUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
1.3 Protect Firefox BinariesUnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.4 Set permissions on local-settings.jsUnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.4 Set permissions on local-settings.js - AdministratorsWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.4 Set permissions on local-settings.js - UsersWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.4 Set permissions on mozilla.cfgUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
1.5 Protect Firefox BinariesUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
1.5 Set permissions on mozilla.cfgUnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.5 Set permissions on mozilla.cfg - AdministratorsWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.5 Set permissions on mozilla.cfg - UsersWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
AADC-CL-001280 - Adobe Acrobat Pro DC Classic Default Handler changes must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-001280 - Adobe Acrobat Pro DC Continuous Default Handler changes must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-001280 - Adobe Acrobat Pro XI Default Handler changes must be disabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AIX7-00-001018 - All system files, programs, and directories must be owned by a system account.UnixDISA STIG AIX 7.x v3r1
AIX7-00-001019 - AIX device files and directories must only be writable by users with a system account or as configured by the vendor.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002072 - AIX system files, programs, and directories must be group-owned by a system group.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002088 - AIX library files must have mode 0755 or less permissive.UnixDISA STIG AIX 7.x v3r1
AIX7-00-003009 - All system command files must not have extended ACLs.UnixDISA STIG AIX 7.x v3r1
AIX7-00-003010 - All library files must not have extended ACLs.UnixDISA STIG AIX 7.x v3r1
AOSX-13-000240 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 11 v1r5
APPL-12-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 13 v1r4
APPL-14-005001 - The macOS system must ensure System Integrity Protection is enabled.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-005001 - The macOS system must ensure System Integrity Protection is enabled.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
ARDC-CL-000050 - Adobe Reader DC must disable the ability to change the Default Handler.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000050 - Adobe Reader DC must disable the ability to change the Default Handler.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
CD12-00-000700 - Privileges to change PostgreSQL software modules must be limited.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-000710 - PostgreSQL must limit privileges to change functions and triggers, and links to software external to PostgreSQL.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-003200 - The PostgreSQL software installation account must be restricted to authorized users.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
CD12-00-003300 - Database software, including PostgreSQL configuration files, must be stored in dedicated directories separate from the host OS and other applications.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries.CiscoDISA STIG Cisco IOS Router NDM v3r2
CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries.CiscoDISA STIG Cisco IOS XE Router NDM v3r2
CISC-ND-000460 - The Cisco switch must be configured to limit privileges to change the software resident within software libraries.CiscoDISA STIG Cisco IOS Switch NDM v3r2
CISC-ND-000460 - The Cisco switch must be configured to limit privileges to change the software resident within software libraries.CiscoDISA STIG Cisco IOS XE Switch NDM v3r2
CNTR-K8-000850 - Kubernetes Kubelet must deny hostname override.UnixDISA STIG Kubernetes v2r2
CNTR-K8-000860 - The Kubernetes manifests must be owned by root.UnixDISA STIG Kubernetes v2r2