800-53|CM-7(4)

Title

UNAUTHORIZED SOFTWARE / BLACKLISTING

Description

The organization:

Supplemental

The process used to identify software programs that are not authorized to execute on organizational information systems is commonly referred to as blacklisting. Organizations can implement CM-7(5) instead of this control enhancement if whitelisting (the stronger of the two policies) is the preferred approach for restricting software program execution.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: CM-6,CM-8,PM-5

Category: CONFIGURATION MANAGEMENT

Parent Title: LEAST FUNCTIONALITY

Family: CONFIGURATION MANAGEMENT

Baseline Impact: MODERATE

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.19 Disable Automounting	Unix	CIS Aliyun Linux 2 L1 v1.0.0
1.1.21 Disable Automounting	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.1.21 Disable Automounting	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.2.4.10 Configure 'Turn off the Store application'	Windows	CIS Windows 8 L1 v1.0.0
1.5 Remove all non-essential services from the host - running processes	Unix	CIS Docker 1.6 v1.0.0 L1 Linux
1.5.4 Ensure prelink is disabled	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.5.4 Ensure prelink is disabled	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.11 Do not root your device	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.12 Do not root your device	MDM	MobileIron - CIS Google Android 7 v1.0.0 L1
2.1.11 Ensure openbsd-inetd is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
2.1.11 Ensure openbsd-inetd is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
2.2.2 Ensure X Window System is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
2.2.5 Ensure CUPS is not enabled	Unix	CIS Amazon Linux 2 STIG v1.0.0 L1
2.2.6 Ensure DHCP Server is not enabled	Unix	CIS Amazon Linux 2 STIG v1.0.0 L1
2.2.7 Ensure LDAP server is not enabled	Unix	CIS Amazon Linux 2 STIG v1.0.0 L1
2.3.1 Ensure NIS Client is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
2.3.1 Ensure NIS Client is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
2.3.2 Ensure rsh client is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
2.3.2 Ensure rsh client is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
2.3.2 Ensure rsh client is not installed - 'rsh-client'	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
2.3.2 Ensure rsh client is not installed - 'rsh-client'	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
2.3.3 Ensure talk client is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
2.3.3 Ensure talk client is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
2.3.4 Ensure telnet client is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
2.3.4 Ensure telnet client is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
2.3.5 Ensure LDAP client is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
2.3.5 Ensure LDAP client is not installed	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
2.5.2 Enable Gatekeeper	Unix	CIS Apple macOS 10.13 L1 v1.1.0
2.6.2 Enable Gatekeeper	Unix	CIS Apple macOS 10.12 L1 v1.2.0
2.6.2 Enable Gatekeeper	Unix	CIS Apple OSX 10.9 L1 v1.3.0
2.6.2 Enable Gatekeeper	Unix	CIS Apple OSX 10.11 El Capitan L1 v1.1.0
2.6.2 Enable Gatekeeper	Unix	CIS Apple OSX 10.10 Yosemite L1 v1.2.0
4.4 Disable Prelink	Unix	CIS Debian Linux 7 L1 v1.0.0
4.4 Disable Prelink	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
4.7 Ensure Unlisted File Extensions are not allowed	Windows	CIS IIS 8.0 v1.5.1 Level 1
4.7 Ensure Unlisted File Extensions are not allowed - Applications	Windows	CIS IIS 7 L1 v1.8.0
4.7 Ensure Unlisted File Extensions are not allowed - Default	Windows	CIS IIS 7 L1 v1.8.0
5.1.1 Ensure NIS is not installed	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
5.1.1 Ensure NIS is not installed	Unix	CIS Debian Linux 7 L1 v1.0.0
5.1.3 Ensure rsh client is not installed - rsh-client	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
5.1.3 Ensure rsh client is not installed - rsh-client	Unix	CIS Debian Linux 7 L1 v1.0.0
5.1.3 Ensure rsh client is not installed - rsh-redone-client	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
5.1.3 Ensure rsh client is not installed - rsh-reload-client	Unix	CIS Debian Linux 7 L1 v1.0.0
5.1.5 Ensure talk client is not installed	Unix	CIS Debian Linux 7 L1 v1.0.0
20.61 Ensure 'Telnet Client is not installed'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
20.61 Ensure 'Telnet Client is not installed'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS
20.62 Ensure 'Telnet Client is not installed'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
20.62 Ensure 'Telnet Client is not installed'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
20.62 Ensure 'Telnet Client is not installed'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
20.62 Ensure 'Telnet Client is not installed'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS

Detections

Analytics