800-53|SA-22

Title

UNSUPPORTED SYSTEM COMPONENTS

Description

The organization:

Supplemental

Support for information system components includes, for example, software patches, firmware updates, replacement parts, and maintenance contracts. Unsupported components (e.g., when vendors are no longer providing critical software patches), provide a substantial opportunity for adversaries to exploit new weaknesses discovered in the currently installed components. Exceptions to replacing unsupported system components may include, for example, systems that provide critical mission/business capability where newer technologies are not available or where the systems are so isolated that installing replacement components is not an option.

Reference Item Details

Related: PL-2,SA-3

Category: SYSTEM AND SERVICES ACQUISITION

Family: SYSTEM AND SERVICES ACQUISITION

Priority: P0

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 (L1) Host hardware must have auditable, authentic, and up to date system and device firmwareVMwareCIS VMware ESXi 8.0 v1.1.0 L1
1.1 Ensure Latest SQL Server Cumulative and Security Updates are InstalledMS_SQLDBCIS SQL Server 2022 Database L1 AWS RDS v1.1.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are InstalledMS_SQLDBCIS Microsoft SQL Server 2019 v1.4.0 L1 Database Engine
1.1 Ensure Latest SQL Server Cumulative and Security Updates are InstalledMS_SQLDBCIS SQL Server 2022 Database L1 DB v1.1.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are InstalledMS_SQLDBCIS SQL Server 2017 Database L1 AWS RDS v1.3.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are InstalledMS_SQLDBCIS SQL Server 2017 Database L1 DB v1.3.0
1.1 Ensure Latest SQL Server Cumulative and Security Updates are InstalledMS_SQLDBCIS Microsoft SQL Server 2019 v1.4.0 L1 AWS RDS
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2016 Database L1 DB v1.4.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2016 Database L1 AWS RDS v1.4.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 3.6 Database Audit L1 v1.1.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
1.1.1 Ensure NGINX is installedUnixCIS NGINX Benchmark v2.1.0 L1 Webserver
1.1.1 Ensure NGINX is installedUnixCIS NGINX Benchmark v2.1.0 L1 Loadbalancer
1.1.1 Ensure NGINX is installedUnixCIS NGINX Benchmark v2.1.0 L1 Proxy
1.1.2 Ensure NGINX is installed from sourceUnixCIS NGINX Benchmark v2.1.0 L2 Proxy
1.1.2 Ensure NGINX is installed from sourceUnixCIS NGINX Benchmark v2.1.0 L2 Loadbalancer
1.1.2 Ensure NGINX is installed from sourceUnixCIS NGINX Benchmark v2.1.0 L2 Webserver
1.2 (L1) Ensure the Image Profile VIB acceptance level is configured properlyUnixCIS VMware ESXi 7.0 v1.4.0 L1 Bare Metal
1.2 Ensure the Image Profile VIB acceptance level is configured properlyUnixCIS VMware ESXi 6.7 v1.3.0 Level 1 Bare Metal
1.2.33 Ensure unsupported configuration overrides are not usedOpenShiftCIS RedHat OpenShift Container Platform v1.6.0 L1
1.3 (L1) Ensure no unauthorized kernel modules are loaded on the hostUnixCIS VMware ESXi 7.0 v1.4.0 L1 Bare Metal
1.3 Ensure no unauthorized kernel modules are loaded on the hostUnixCIS VMware ESXi 6.7 v1.3.0 Level 1 Bare Metal
1.5 Ensure the Latest Security Patches are AppliedPostgreSQLDBCIS PostgreSQL 13 DB v1.2.0
1.5 Ensure the Latest Security Patches are AppliedPostgreSQLDBCIS PostgreSQL 14 DB v 1.2.0
1.28 Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.130 (L1) Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'WindowsCIS Microsoft Edge v3.0.0 L1
2.1 (L1) Host must run software that has not reached End of General Support statusVMwareCIS VMware ESXi 8.0 v1.1.0 L1
2.4 (L1) Host image profile acceptance level must be PartnerSupported or higherUnixCIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal
2.9 Ensure Legacy EFI Is Valid and UpdatingUnixCIS Apple macOS 12.0 Monterey v3.1.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - checked regularlyUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - checked regularlyUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - validUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.9 Ensure Legacy EFI Is Valid and Updating - validUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
2.11 Ensure EFI Version Is Valid and Checked Regularly - daemonUnixCIS Apple macOS 10.14 v2.0.0 L1
2.11 Ensure EFI Version Is Valid and Checked Regularly - integrity-checkUnixCIS Apple macOS 10.14 v2.0.0 L1
4.1 Ensure the Latest Security Patches are AppliedUnixCIS MariaDB 10.6 on Linux L1 v1.1.0
4.1 Ensure the Latest Security Patches are AppliedMySQLDBCIS MySQL 5.6 Community Database L1 v2.0.0
4.1 Ensure the Latest Security Patches are AppliedMySQLDBCIS MySQL 5.7 Community Database L1 v2.0.0
4.1 Ensure the Latest Security Patches are AppliedMySQLDBCIS MySQL 5.6 Enterprise Database L1 v2.0.0
4.1 Ensure the Latest Security Patches are AppliedMySQLDBCIS MySQL 5.7 Enterprise Database L1 v2.0.0
4.2 Ensure device is not obviously jailbroken or compromisedMDMAirWatch - CIS Apple iOS 17 Institution Owned L1
4.2 Ensure device is not obviously jailbroken or compromisedMDMMobileIron - CIS Apple iOS 17 Institution Owned L1
4.11 Ensure only verified packages are installedUnixCIS Docker v1.7.0 L2 Docker - Linux
4.12 Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All ProjectsGCPCIS Google Cloud Platform v3.0.0 L2
20.3 (L1) Ensure 'Microsoft Internet Explorer is not installed on the system'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
20.42 Ensure 'Operating System is maintained at a supported servicing level'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS
20.42 Ensure 'Operating System is maintained at a supported servicing level'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
20.42 Ensure 'Operating System is maintained at a supported servicing level'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
20.42 Ensure 'Operating System is maintained at a supported servicing level'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC