800-53|CM-6b.

Title

CONFIGURATION SETTINGS

Description

Implements the configuration settings;

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.0.2 Use IP address rather than hostname - 'db2system = IP'	Unix	CIS IBM DB2 OS L1 v1.2.0
1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements.	Windows	DISA Windows Vista STIG v6r41
1.1 Create local-settings.js file - general.config.filename	Windows	CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
1.1 Create local-settings.js file - general.config.filename	Windows	CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.1 Create local-settings.js file - general.config.obscure	Windows	CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
1.1 Create local-settings.js file - general.config.obscure	Windows	CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
1.1 Create local-settings.js file - general.config.obscure_value	Unix	CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
1.1 Create local-settings.js file - general.config.obscure_value	Unix	CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
1.1 Ensure access to SharePointEmailws.asmx is limited to only the server farm account	Windows	CIS Microsoft SharePoint 2016 OS v1.1.0
1.1 Ensure access to SharePointEmailws.asmx is limited to only the server farm account	Windows	CIS Microsoft SharePoint 2019 OS v1.0.0
1.1 Ensure Web Content Is on Non-System Partition	Windows	CIS IIS 7 L1 v1.8.0
1.1 Ensure web content is on non-system partition	Windows	CIS IIS 8.0 v1.5.1 Level 1
1.1 Set 'Restrict level of calendar details users can publish' to 'Enabled:Disables 'Full details' and 'Limited details''	Windows	CIS MS Office Outlook 2010 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - /etc/modprobe.d/CIS.conf	Unix	CIS Amazon Linux v2.1.0 L1
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled	Unix	CIS Amazon Linux v2.1.0 L2
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - /etc/modprobe.d/CIS.conf	Unix	CIS Amazon Linux v2.1.0 L1
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - /etc/modprobe.d/CIS.conf	Unix	CIS Amazon Linux v2.1.0 L1
1.1.1.4 Ensure mounting of hfs filesystems is disabled - /etc/modprobe.d/CIS.conf	Unix	CIS Amazon Linux v2.1.0 L1
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - /etc/modprobe.d/CIS.conf	Unix	CIS Amazon Linux v2.1.0 L1
1.1.1.6 Ensure mounting of squashfs filesystems is disabled - /etc/modprobe.d/CIS.conf	Unix	CIS Amazon Linux v2.1.0 L1
1.1.1.7 Ensure mounting of udf filesystems is disabled - /etc/modprobe.d/CIS.conf	Unix	CIS Amazon Linux v2.1.0 L1
1.1.1.8 Ensure mounting of FAT filesystems is disabled - /etc/modprobe.d/CIS.conf	Unix	CIS Amazon Linux v2.1.0 L1
1.1.2 Ensure /tmp is configured - or equivalent.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.2.4 Ensure 'Automatically configure profile based on Active Directory Primary SMTP address' is set to Enabled	Windows	CIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.1.2.4 Ensure 'Automatically configure profile based on Active Directory Primary SMTP address' is set to Enabled	Windows	CIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.1.2.5 Ensure 'Do not allow users to change permissions on folders' is set to Enabled	Windows	CIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.1.2.5 Ensure 'Do not allow users to change permissions on folders' is set to Enabled	Windows	CIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.1.3.12.2 Set 'Recovery console: Allow floppy copy and access to all drives and all folders' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.13.1 Set 'Shutdown: Clear virtual memory pagefile' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.15.1 Set 'System objects: Strengthen default permissions of internal system objects (e'g' Symbolic Links)' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.10 Ensure separate partition exists for /var	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.10 Ensure that the --repair-malformed-updates argument is set to false	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.11 Ensure separate partition exists for /var/log/audit	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/log/audit	Unix	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.1.13 Ensure separate partition exists for /home	Unix	CIS Amazon Linux v2.1.0 L2
1.1.13 Ensure separate partition exists for /var/log/audit	Unix	CIS Amazon Linux 2 STIG v1.0.0 L2
1.1.16 Ensure separate partition exists for /var/log/audit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.19 Ensure nosuid is set on users' home directories.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.22 Ensure nosuid option set on removable media partitions	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.23 Ensure noexec option is configured for NFS - NFS.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.24 Ensure nosuid option is set for NFS - NFS.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.26 Ensure all world-writable directories are group-owned.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.27 Disable Automounting	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.28 Disable USB Storage - /bin/true	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.28 Disable USB Storage - blacklist	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.006 - Users with Administrative privilege are not documented or do not have separate accounts for administrative duties.	Windows	DISA Windows Vista STIG v6r41
1.006-01 - Policy must require that administrative user accounts not be used with applications that access the internet.	Windows	DISA Windows Vista STIG v6r41
1.007 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.	Windows	DISA Windows Vista STIG v6r41
1.013 - System information backups are not created, updated, and protected according to DISA requirements.	Windows	DISA Windows Vista STIG v6r41
1.016 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.	Windows	DISA Windows Vista STIG v6r41

Detections

Analytics

800-53|CM-6b.

Title

Description

Reference Item Details

Audit Items