800-53|CM-7(4)

Title

UNAUTHORIZED SOFTWARE / BLACKLISTING

Description

The organization:

Supplemental

The process used to identify software programs that are not authorized to execute on organizational information systems is commonly referred to as blacklisting. Organizations can implement CM-7(5) instead of this control enhancement if whitelisting (the stronger of the two policies) is the preferred approach for restricting software program execution.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: CM-6,CM-8,PM-5

Category: CONFIGURATION MANAGEMENT

Parent Title: LEAST FUNCTIONALITY

Family: CONFIGURATION MANAGEMENT

Baseline Impact: MODERATE

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.4/1.1.5 Do not install/remove any unnecessary Applications or packages	Unix	CIS Apple OSX 10.6 Snow Leopard L1 v1.0.0
1.1.19 Disable Automounting	Unix	CIS Amazon Linux 2 v1.0.0 L1
1.1.19 Disable Automounting	Unix	CIS Aliyun Linux 2 L1 v1.0.0
1.1.21 Disable Automounting	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.1.21 Disable Automounting	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.2.3.3.1 Configure 'Do not allow Windows Messenger to be run'	Windows	CIS Windows 2003 MS v3.1.0
1.2.3.3.1 Configure 'Do not allow Windows Messenger to be run'	Windows	CIS Windows 2003 DC v3.1.0
1.2.4.10 Configure 'Turn off the Store application'	Windows	CIS Windows 8 L1 v1.0.0
1.4.1.1 Do not enable or use MobileMe	Unix	CIS Apple OSX 10.6 Snow Leopard L1 v1.0.0
1.4.4 Remove SETroubleshoot 'rpm'	Unix	CIS Red Hat Enterprise Linux 5 L2 v2.2
1.5 Remove all non-essential services from the host - running processes	Unix	CIS Docker 1.6 v1.0.0 L1 Linux
1.5.3 Ensure prelink is disabled	Unix	CIS Amazon Linux 2 v1.0.0 L1
1.5.4 Ensure prelink is disabled	Unix	CIS CentOS 6 Server L1 v2.1.0
1.5.4 Ensure prelink is disabled	Unix	CIS Oracle Linux 6 Workstation L1 v1.1.0
1.5.4 Ensure prelink is disabled	Unix	CIS Debian 8 Workstation L1 v2.0.1
1.5.4 Ensure prelink is disabled	Unix	CIS SUSE Linux Enterprise Server 12 L1 v2.1.0
1.5.4 Ensure prelink is disabled	Unix	CIS Red Hat 6 Workstation L1 v2.1.0
1.5.4 Ensure prelink is disabled	Unix	CIS Ubuntu Linux 16.04 LTS Workstation L1 v1.1.0
1.5.4 Ensure prelink is disabled	Unix	CIS Red Hat 6 Server L1 v2.1.0
1.5.4 Ensure prelink is disabled	Unix	CIS Debian 8 Server L1 v2.0.1
1.5.4 Ensure prelink is disabled	Unix	CIS CentOS 6 Workstation L1 v2.1.0
1.5.4 Ensure prelink is disabled	Unix	CIS Oracle Linux 6 Server L1 v1.1.0
1.5.4 Ensure prelink is disabled	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.5.4 Ensure prelink is disabled	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.5.4 Ensure prelink is disabled	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0
1.5.4 Ensure prelink is disabled	Unix	CIS Ubuntu Linux 16.04 LTS Server L1 v1.1.0
1.6.1.4 Ensure SETroubleshoot is not installed	Unix	CIS Oracle Linux 6 Server L2 v1.1.0
1.6.1.4 Ensure SETroubleshoot is not installed	Unix	CIS SUSE Linux Enterprise Server 12 L2 v2.1.0
1.6.1.4 Ensure SETroubleshoot is not installed	Unix	CIS CentOS 6 Server L2 v2.1.0
1.6.1.4 Ensure SETroubleshoot is not installed	Unix	CIS Amazon Linux 2 v1.0.0 L2
1.6.1.4 Ensure SETroubleshoot is not installed	Unix	CIS Red Hat 6 Server L2 v2.1.0
1.6.1.4 Ensure SETroubleshoot is not installed	Unix	CIS SUSE Linux Enterprise Workstation 12 L2 v2.1.0
1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed	Unix	CIS Amazon Linux 2 v1.0.0 L2
1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed	Unix	CIS SUSE Linux Enterprise Server 12 L2 v2.1.0
1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed	Unix	CIS CentOS 6 Server L2 v2.1.0
1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed	Unix	CIS CentOS 6 Workstation L2 v2.1.0
1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed	Unix	CIS Oracle Linux 6 Workstation L2 v1.1.0
1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed	Unix	CIS Red Hat 6 Server L2 v2.1.0
1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed	Unix	CIS Red Hat 6 Workstation L2 v2.1.0
1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed	Unix	CIS Oracle Linux 6 Server L2 v1.1.0
1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed	Unix	CIS SUSE Linux Enterprise Workstation 12 L2 v2.1.0
1.6.3 Ensure prelink is disabled	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1
1.6.3 Ensure prelink is disabled	Unix	CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0
1.6.3 Ensure prelink is disabled	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0
1.6.3 Ensure prelink is disabled	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1
1.6.4 Ensure prelink is disabled	Unix	CIS Oracle Linux 7 Workstation L1 v3.0.0
1.6.4 Ensure prelink is disabled	Unix	CIS Red Hat EL7 Server L1 v3.0.1
1.6.4 Ensure prelink is disabled	Unix	CIS SUSE Linux Enterprise 15 Workstation L1 v1.0.0
1.11 Do not root your device	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.12 Do not root your device	MDM	MobileIron - CIS Google Android 7 v1.0.0 L1

Detections

Analytics