800-53|CM-5(6)

Title

LIMIT LIBRARY PRIVILEGES

Description

The organization limits privileges to change software resident within software libraries.

Supplemental

Software libraries include privileged programs.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-2

Category: CONFIGURATION MANAGEMENT

Parent Title: ACCESS RESTRICTIONS FOR CHANGE

Family: CONFIGURATION MANAGEMENT

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2 Set permissions on local-settings.js	Unix	CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
1.3 Protect Firefox Binaries	Unix	CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.4 Set permissions on local-settings.js	Unix	CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.4 Set permissions on local-settings.js - Administrators	Windows	CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.4 Set permissions on local-settings.js - Users	Windows	CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.4 Set permissions on mozilla.cfg	Unix	CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
1.5 Protect Firefox Binaries	Unix	CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
1.5 Set permissions on mozilla.cfg	Unix	CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.5 Set permissions on mozilla.cfg - Administrators	Windows	CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.5 Set permissions on mozilla.cfg - Users	Windows	CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
AADC-CL-001280 - Adobe Acrobat Pro DC Classic Default Handler changes must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-001280 - Adobe Acrobat Pro DC Continuous Default Handler changes must be disabled.	Windows	DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-001280 - Adobe Acrobat Pro XI Default Handler changes must be disabled.	Windows	DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AIX7-00-001018 - All system files, programs, and directories must be owned by a system account.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-001019 - AIX device files and directories must only be writable by users with a system account or as configured by the vendor.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-002072 - AIX system files, programs, and directories must be group-owned by a system group.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-002088 - AIX library files must have mode 0755 or less permissive.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-003009 - All system command files must not have extended ACLs.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-003010 - All library files must not have extended ACLs.	Unix	DISA STIG AIX 7.x v2r9
AOSX-13-000240 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-12-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-13-005001 - The macOS system must enable System Integrity Protection.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-14-005001 - The macOS system must ensure System Integrity Protection is enabled.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-15-005001 - The macOS system must ensure System Integrity Protection is enabled.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
ARDC-CL-000050 - Adobe Reader DC must disable the ability to change the Default Handler.	Windows	DISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000050 - Adobe Reader DC must disable the ability to change the Default Handler.	Windows	DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Ensure System Integrity Protection is Enabled	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
CD12-00-000700 - Privileges to change PostgreSQL software modules must be limited.	Unix	DISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-000710 - PostgreSQL must limit privileges to change functions and triggers, and links to software external to PostgreSQL.	Unix	DISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership.	Unix	DISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-003200 - The PostgreSQL software installation account must be restricted to authorized users.	PostgreSQLDB	DISA STIG Crunchy Data PostgreSQL DB v3r1
CD12-00-003300 - Database software, including PostgreSQL configuration files, must be stored in dedicated directories separate from the host OS and other applications.	PostgreSQLDB	DISA STIG Crunchy Data PostgreSQL DB v3r1
CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries.	Cisco	DISA STIG Cisco IOS XE Router NDM v3r1
CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries.	Cisco	DISA STIG Cisco IOS Router NDM v3r1
CISC-ND-000460 - The Cisco switch must be configured to limit privileges to change the software resident within software libraries.	Cisco	DISA STIG Cisco IOS Switch NDM v3r1
CISC-ND-000460 - The Cisco switch must be configured to limit privileges to change the software resident within software libraries.	Cisco	DISA STIG Cisco IOS XE Switch NDM v3r1
CNTR-K8-000850 - Kubernetes Kubelet must deny hostname override.	Unix	DISA STIG Kubernetes v2r1
CNTR-K8-000860 - The Kubernetes manifests must be owned by root.	Unix	DISA STIG Kubernetes v2r1

Detections

Analytics