800-53|CM-8(3)

Title

AUTOMATED UNAUTHORIZED COMPONENT DETECTION

Description

The organization:

Supplemental

This control enhancement is applied in addition to the monitoring for unauthorized remote connections and mobile devices. Monitoring for unauthorized system components may be accomplished on an ongoing basis or by the periodic scanning of systems for that purpose. Automated mechanisms can be implemented within information systems or in other separate devices. Isolation can be achieved, for example, by placing unauthorized information system components in separate domains or subnets or otherwise quarantining such components. This type of component isolation is commonly referred to as sandboxing.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-17,AC-18,AC-19,CA-7,RA-5,SI-3,SI-4,SI-7

Category: CONFIGURATION MANAGEMENT

Parent Title: INFORMATION SYSTEM COMPONENT INVENTORY

Family: CONFIGURATION MANAGEMENT

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1 Ensure the appropriate MongoDB software version/patches are installed	MongoDB	CIS MongoDB 5 L1 DB v1.2.0
1.1 Ensure the appropriate MongoDB software version/patches are installed	Windows	CIS MongoDB 6 v1.2.0 L1 MongoDB
1.1 Ensure the appropriate MongoDB software version/patches are installed	Unix	CIS MongoDB 7 v1.1.0 L1 MongoDB
1.1 Ensure the appropriate MongoDB software version/patches are installed	Unix	CIS MongoDB 6 v1.2.0 L1 MongoDB
1.1 Ensure the appropriate MongoDB software version/patches are installed	Windows	CIS MongoDB 7 v1.1.0 L1 MongoDB
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.5 Ensure noexec option set on /tmp partition	Unix	CIS Google Container-Optimized OS v1.2.0 L1 Server
1.1.7 Ensure noexec option set on /var partition	Unix	CIS Google Container-Optimized OS v1.2.0 L2 Server
1.1.9 Ensure noexec option set on /var/tmp partition	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.9 Ensure noexec option set on /var/tmp partition	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.12 Ensure noexec option set on /dev/shm partition	Unix	CIS Google Container-Optimized OS v1.2.0 L1 Server
1.1.16 Ensure noexec option set on /dev/shm partition	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.16 Ensure noexec option set on /dev/shm partition	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Debian 8 Server L1 v2.0.2
1.3 Ensure Apache Is Installed From the Appropriate Binaries	Unix	CIS Apache HTTP Server 2.4 v2.2.0 L1
1.8.1 (L1) Ensure 'Blocks external extensions from being installed' is set to 'Enabled'	Windows	CIS Microsoft Edge v3.0.0 L1
2.1.2 Ensure X Window System is not installed	Unix	CIS Google Container-Optimized OS v1.2.0 L1 Server
2.2.1.3 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'	MDM	AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1
2.2.1.3 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'	MDM	AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned
2.2.1.3 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'	MDM	AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1
2.2.1.3 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'	MDM	MobileIron - CIS Apple iOS 18 v1.0.0 L1 End User Owned
2.2.1.3 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'	MDM	MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1
2.2.1.3 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'	MDM	MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned
2.2.1.3 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'	MDM	MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1
2.2.1.3 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'	MDM	AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned
2.4 Ensure unused symbolic links are removed	Unix	CIS IBM AIX 7 v1.0.0 L1
2.5 (L1) Host must only run binaries delivered via signed VIB	VMware	CIS VMware ESXi 8.0 v1.1.0 L1
2.5.4 Audit Location Services Access	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L2
2.5.4 Audit Location Services Access	Unix	CIS Apple macOS 12.0 Monterey v4.0.0 L2
2.5.4 Audit Location Services Access	Unix	CIS Apple macOS 10.14 v2.0.0 L2
18.10.15.8 (L1) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.10.15.8 (L1) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.10.15.8 (L1) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.15.8 (L1) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.15.8 (L1) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.10.15.8 (L1) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.10.15.8 (L1) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.15.8 (L1) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.15.8 (L1) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.10.15.8 (L1) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.15.8 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS
18.10.15.8 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
18.10.15.8 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
18.10.15.8 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC
18.10.15.9 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller
18.10.15.9 Ensure 'Toggle user control over Insider builds' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server

Detections

Analytics