CAT|II

Title

DISA Severity Level 2

Description

Any vulnerability, the exploitation of which has a potential to result in loss of Confidentiality, Availability, or Integrity.

Reference Item Details

Reference: CAT - DISA Severity Level

Category: Severity Level

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
GEN002000 - There must be no .netrc files on the system	Unix	DISA STIG HP-UX 11.31 v1r19
1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements.	Windows	DISA Windows Server 2008 DC STIG v6r47
1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements.	Windows	DISA Windows 7 STIG v1r32
1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements.	Windows	DISA Windows Vista STIG v6r41
1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements.	Windows	DISA Windows Server 2008 MS STIG v6r46
1.001 - The Automated Information System (AIS) will be physically secured in an access controlled area.	Windows	DISA Windows Server 2008 R2 DC STIG v1r34
1.001 - The Automated Information System (AIS) will be physically secured in an access controlled area.	Windows	DISA Windows Server 2008 R2 MS STIG v1r33
1.007 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.	Windows	DISA Windows Vista STIG v6r41
1.007 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.	Windows	DISA Windows Server 2008 DC STIG v6r47
1.007 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.	Windows	DISA Windows 7 STIG v1r32
1.007 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.	Windows	DISA Windows Server 2008 MS STIG v6r46
1.007 - Members of the Backup Operators group will have separate accounts for backup duties and normal operational tasks.	Windows	DISA Windows Server 2008 R2 DC STIG v1r34
1.007 - Members of the Backup Operators group will have separate accounts for backup duties and normal operational tasks.	Windows	DISA Windows Server 2008 R2 MS STIG v1r33
1.008 - Shared user accounts are permitted on the system.	Windows	DISA Windows Vista STIG v6r41
1.008 - Shared user accounts must not be permitted on the system.	Windows	DISA Windows Server 2008 R2 MS STIG v1r33
1.008 - Shared user accounts must not be permitted on the system.	Windows	DISA Windows 7 STIG v1r32
1.008 - Shared user accounts must not be permitted on the system.	Windows	DISA Windows Server 2008 R2 DC STIG v1r34
1.008 - Shared user accounts must not be permitted on the system.	Windows	DISA Windows Server 2008 DC STIG v6r47
1.008 - Shared user accounts must not be permitted on the system.	Windows	DISA Windows Server 2008 MS STIG v6r46
1.15 - Ensure IBM JRE 1.6 is configured correctly - 'policy.provider = sun.security.provider.PolicyFile'	Unix	Redhat JBoss EAP 5.x
1.17 The allRolesMode must be configured to 'strict' - 'allRolesMode = strict'	Unix	Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'JBossWS password != empty'	Unix	Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'JBossWS principal != sa'	Unix	Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'JBossWS userName != sa'	Unix	Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jbossws-users.properties - kermit'	Unix	Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console password != empty'	Unix	Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console principal != sa'	Unix	Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console userName != sa'	Unix	Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'jmx-console-users.properties - admin'	Unix	Redhat JBoss EAP 5.x
1.19 - Remove, rename, or comment out the default user accounts from production servers - 'messaging-users.properties - guest'	Unix	Redhat JBoss EAP 5.x
1.024 - System files are not checked for unauthorized changes.	Windows	DISA Windows Server 2008 MS STIG v6r46
1.024 - System files are not checked for unauthorized changes.	Windows	DISA Windows Server 2008 DC STIG v6r47
1.024 - System files will be monitored for unauthorized changes.	Windows	DISA Windows Server 2008 R2 DC STIG v1r34
1.024 - System files will be monitored for unauthorized changes.	Windows	DISA Windows Server 2008 R2 MS STIG v1r33
1.025 - A Server does not have a host-based Intrusion Detection System.	Windows	DISA Windows Server 2008 DC STIG v6r47
1.025 - A Server does not have a host-based Intrusion Detection System.	Windows	DISA Windows Server 2008 MS STIG v6r46
1.025 - Servers will have a host-based Intrusion Detection System.	Windows	DISA Windows Server 2008 R2 DC STIG v1r34
1.025 - Servers will have a host-based Intrusion Detection System.	Windows	DISA Windows Server 2008 R2 MS STIG v1r33
1.029 - Audit logs will be reviewed on a daily basis.	Windows	DISA Windows Server 2008 R2 DC STIG v1r34
1.029 - Audit logs will be reviewed on a daily basis.	Windows	DISA Windows Server 2008 R2 MS STIG v1r33
1.029 - There is no local policy for reviewing audit logs.	Windows	DISA Windows Server 2008 MS STIG v6r46
1.029 - There is no local policy for reviewing audit logs.	Windows	DISA Windows Server 2008 DC STIG v6r47
1.032 - Audit data must be retained for at least one year.	Windows	DISA Windows Server 2008 DC STIG v6r47
1.032 - Audit data must be retained for at least one year.	Windows	DISA Windows Server 2008 R2 DC STIG v1r34
1.032 - Audit data must be retained for at least one year.	Windows	DISA Windows Server 2008 R2 MS STIG v1r33
1.032 - Audit data must be retained for at least one year.	Windows	DISA Windows Server 2008 MS STIG v6r46
1.100 - The system must initiate a session lock for the screensaver after a period of inactivity for graphical user interfaces.	Unix	Tenable Fedora Linux Best Practices v2.0.0
1.101 - The system must prevent a user from overriding the screensaver idle-activation-enabled setting for the graphical user interface.	Unix	Tenable Fedora Linux Best Practices v2.0.0
1.110 - The system must initiate a session lock for graphical user interfaces when the screensaver is activated.	Unix	Tenable Fedora Linux Best Practices v2.0.0
1.118 - The system must be configured so that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing passwords.	Unix	Tenable Fedora Linux Best Practices v2.0.0

Detections

Analytics

CAT|II

Title

Description

Reference Item Details

Audit Items