Detections
Analytics

800-53|CM-8(3)

Title

AUTOMATED UNAUTHORIZED COMPONENT DETECTION

Description

The organization:

Supplemental

This control enhancement is applied in addition to the monitoring for unauthorized remote connections and mobile devices. Monitoring for unauthorized system components may be accomplished on an ongoing basis or by the periodic scanning of systems for that purpose. Automated mechanisms can be implemented within information systems or in other separate devices. Isolation can be achieved, for example, by placing unauthorized information system components in separate domains or subnets or otherwise quarantining such components. This type of component isolation is commonly referred to as sandboxing.

Reference Item Details

Related: AC-17,AC-18,AC-19,CA-7,RA-5,SI-3,SI-4,SI-7

Category: CONFIGURATION MANAGEMENT

Parent Title: INFORMATION SYSTEM COMPONENT INVENTORY

Family: CONFIGURATION MANAGEMENT

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmodUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmodUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobeUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobeUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.5 Ensure noexec option set on /tmp partitionUnixCIS Google Container-Optimized OS v1.2.0 L1 Server
1.1.7 Ensure noexec option set on /var partitionUnixCIS Google Container-Optimized OS v1.2.0 L2 Server
1.1.9 Ensure noexec option set on /var/tmp partitionUnixCIS Debian 8 Server L1 v2.0.2
1.1.9 Ensure noexec option set on /var/tmp partitionUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.16 Ensure noexec option set on /dev/shm partitionUnixCIS Debian 8 Server L1 v2.0.2
1.1.16 Ensure noexec option set on /dev/shm partitionUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitionsUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitionsUnixCIS Debian 8 Server L1 v2.0.2
2.5 (L1) Host must only run binaries delivered via signed VIBVMwareCIS VMware ESXi 8.0 v1.1.0 L1
2.6.1.1 Audit iCloud ConfigurationUnixCIS Apple macOS 10.14 v2.0.0 L2
5.1.2 Ensure Apple Mobile File Integrity (AMFI) Is EnabledUnixCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is EnabledUnixCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is EnabledUnixCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is EnabledUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is EnabledUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is EnabledUnixCIS Apple macOS 15.0 Sequoia v1.0.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is EnabledUnixCIS Apple macOS 12.0 Monterey v3.1.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is EnabledUnixCIS Apple macOS 14.0 Sonoma v2.0.0 L1
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is EnabledUnixCIS Apple macOS 13.0 Ventura v3.0.0 L1
5.1.3 Ensure Apple Mobile File Integrity Is EnabledUnixCIS Apple macOS 10.14 v2.0.0 L1
5.10.5 Enable Security PostureGCPCIS Google Kubernetes Engine (GKE) v1.6.1 L2
9.1 Check for Remote ConsolesUnixCIS Oracle Solaris 11.4 L1 v1.1.0
9.8 Ensure root PATH IntegrityUnixCIS Oracle Solaris 11.4 L1 v1.1.0
9.20 Check for Presence of User .forward FilesUnixCIS Oracle Solaris 11.4 L1 v1.1.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows 10 v20H2 v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows Server v20H2 DC v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows 10 v2004 v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows 10 v21H2 v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows 10 v22H2 v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows Server 2019 DC v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT MSCT Windows Server 2022 DC v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows Server 2019 MS v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows 10 1909 v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows 10 1809 v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows 10 1903 v1.19.9
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows 10 v21H1 v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows 11 v22H2 v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows 11 v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows 11 v23H2 v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows Server 1903 MS v1.19.9
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows Server v1909 MS v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows Server 2022 v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows Server v20H2 MS v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows 11 v24H2 v1.0.0
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows Server 1903 DC v1.19.9
Enumeration policy for external devices incompatible with Kernel DMA ProtectionWindowsMSCT Windows Server v1909 DC v1.0.0