800-53|CM-7(1)(b)

Title

PERIODIC REVIEW

Description

Disables [Assignment: organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure].

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AIOS-12-004400 - Apple iOS must not allow backup to remote systems (My Photo Stream).	MDM	MobileIron - DISA Apple iOS 12 v2r1
AIOS-12-004400 - Apple iOS must not allow backup to remote systems (My Photo Stream).	MDM	AirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004500 - Apple iOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).	MDM	AirWatch - DISA Apple iOS 12 v2r1
AIOS-12-004500 - Apple iOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).	MDM	MobileIron - DISA Apple iOS 12 v2r1
AIOS-13-004400 - Apple iOS/iPadOS must not allow backup to remote systems (My Photo Stream).	MDM	MobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004400 - Apple iOS/iPadOS must not allow backup to remote systems (My Photo Stream).	MDM	AirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004500 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).	MDM	AirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-004500 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).	MDM	MobileIron - DISA Apple iOS/iPadOS 13 v2r1
APPNET0075 - Disable TLS RC4 cipher in .Net	Windows	DISA STIG for Microsoft Dot Net Framework 4.0 v2r4
AS24-U1-000780 - The Apache web server must prohibit or restrict the use of nonsecure or unnecessary ports, protocols, modules, and/or services.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000780 - The Apache web server must prohibit or restrict the use of nonsecure or unnecessary ports, protocols, modules, and/or services.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-W2-000780 - The Apache web server must prohibit or restrict the use of nonsecure or unnecessary ports, protocols, modules, and/or services.	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
CD12-00-004150 - PostgreSQL must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.	Unix	DISA STIG Crunchy Data PostgreSQL OS v3r1
DB2X-00-008300 - DB2 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance	Unix	DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-008300 - DB2 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance	Windows	DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DKER-EE-001050 - TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r2
DKER-EE-003560 - Docker Enterprise network ports on all running containers must be limited to what is needed.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r2
DTBC-0074 - Use of the QUIC protocol must be disabled.	Windows	DISA STIG Google Chrome v2r9
EP11-00-008700 - The EDB Postgres Advanced Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4
EPAS-00-008700 - The EDB Postgres Advanced Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.	Unix	EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1
EX13-CA-000130 - Exchange services must be documented and unnecessary services must be removed or disabled.	Windows	DISA Microsoft Exchange 2013 Client Access Server STIG v2r2
EX13-EG-000305 - Exchange services must be documented and unnecessary services must be removed or disabled.	Windows	DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6
EX13-MB-000300 - Exchange services must be documented and unnecessary services must be removed or disabled.	Windows	DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX16-ED-000610 - Exchange services must be documented and unnecessary services must be removed or disabled.	Windows	DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5
EX16-MB-000600 - Exchange services must be documented and unnecessary services must be removed or disabled.	Windows	DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6
EX19-ED-000199 Exchange services must be documented, and unnecessary services must be removed or disabled.	Windows	DISA Microsoft Exchange 2019 Edge Server STIG v2r1
EX19-MB-000198 Exchange services must be documented, and unnecessary services must be removed or disabled.	Windows	DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1
GOOG-09-001400 - The Google Android Pie must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only HSP (Headset Profile), HFP (HandsFree Profile), or SPP (Serial Port Profile) capable devices.	MDM	AirWatch - DISA Google Android 9.x v2r1
GOOG-09-001400 - The Google Android Pie must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only HSP (Headset Profile), HFP (HandsFree Profile), or SPP (Serial Port Profile) capable devices.	MDM	MobileIron - DISA Google Android 9.x v2r1
GOOG-11-001400 - Google Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP).	MDM	AirWatch - DISA Google Android 11 COBO v2r1
GOOG-11-001400 - Google Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP).	MDM	MobileIron - DISA Google Android 11 COPE v2r1
GOOG-11-001400 - Google Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP).	MDM	MobileIron - DISA Google Android 11 COBO v2r1
GOOG-11-001400 - Google Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP).	MDM	AirWatch - DISA Google Android 11 COPE v2r1
GOOG-12-009400 - Google Android 12 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP).	MDM	MobileIron - DISA Google Android 12 COPE v1r2
GOOG-12-009400 - Google Android 12 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP).	MDM	AirWatch - DISA Google Android 12 COBO v1r2
GOOG-12-009400 - Google Android 12 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP).	MDM	MobileIron - DISA Google Android 12 COBO v1r2
GOOG-12-009400 - Google Android 12 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP).	MDM	AirWatch - DISA Google Android 12 COPE v1r2
GOOG-13-009400 - Google Android 13 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP) - SPP.	MDM	AirWatch - DISA Google Android 13 COPE v2r1
GOOG-13-009400 - Google Android 13 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP) - SPP.	MDM	MobileIron - DISA Google Android 13 COPE v2r1
GOOG-13-009400 - Google Android 13 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP) - SPP.	MDM	AirWatch - DISA Google Android 13 COBO v2r1
GOOG-13-009400 - Google Android 13 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP) - SPP.	MDM	MobileIron - DISA Google Android 13 COBO v2r1
IIST-SI-000239 - The IIS 10.0 websites must use ports, protocols, and services according to Ports, Protocols, and Services Management (PPSM) guidelines.	Windows	DISA IIS 10.0 Site v2r9
IIST-SV-000148 - The IIS 10.0 web server must not be running on a system providing any other role.	Windows	DISA IIS 10.0 Server v3r1
IIST-SV-000148 - The IIS 10.0 web server must not be running on a system providing any other role.	Windows	DISA IIS 10.0 Server v2r10
IIST-SV-000149 - The Internet Printing Protocol (IPP) must be disabled on the IIS 10.0 web server	Windows	DISA IIS 10.0 Server v2r10
IIST-SV-000149 - The Internet Printing Protocol (IPP) must be disabled on the IIS 10.0 web server - IPP must be disabled on the IIS 10.0 web server	Windows	DISA IIS 10.0 Server v3r1
IISW-SI-000239 - The IIS 8.5 websites must utilize ports, protocols, and services according to PPSM guidelines.	Windows	DISA IIS 8.5 Site v2r9
IISW-SV-000148 - The IIS 8.5 web server must not be running on a system providing any other role.	Windows	DISA IIS 8.5 Server v2r7
IISW-SV-000149 - The Internet Printing Protocol (IPP) must be disabled on the IIS 8.5 web server - IPP must be disabled on the IIS 8.5 web server	Windows	DISA IIS 8.5 Server v2r7
KNOX-07-002400 - Disable all Bluetooth profiles except for HSP, HFP, and SPP - Bluetooth Audio Only	MDM	MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1

Detections

Analytics

800-53|CM-7(1)(b)

Title

Description

Reference Item Details

Audit Items