CCI|CCI-000213

Title

Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4.1 Ensure bootloader password is set - password efi grub	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - password efi user	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - password grub	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - password user	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - superusers efi	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.1 Ensure bootloader password is set - superusers grub	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.3 Ensure authentication required for single user mode	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.5 Ensure version 7.2 or newer booted with a BIOS have a unique name for the grub superusers account	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.4.6 Ensure version 7.2 or newer booted with UEFI have a unique name for the grub superusers account - UEFI must have a unique name for the grub superusers account when booting into single-user mode and maintenance.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.008 - Local volumes are not formatted using NTFS.	Windows	DISA Windows Vista STIG v6r41
3.027 - Printer share permissions are not configured as recommended.	Windows	DISA Windows Vista STIG v6r41
ALMA-09-006180 - AlmaLinux OS 9 must require authentication to access emergency mode.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-006290 - AlmaLinux OS 9 must require a boot loader password.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-006400 - AlmaLinux OS 9 must require a unique superuser's name upon booting into single-user and maintenance modes.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-006510 - AlmaLinux OS 9 must require authentication to access single-user mode.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
APPL-14-000033 The macOS system must disable FileVault automatic log on.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-002001 The macOS system must disable Server Message Block sharing.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-002003 The macOS system must disable Network File System service.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-002006 The macOS system must disable Unix-to-Unix Copy Protocol service.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-002008 The macOS system must disable the built-in web server.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-002009 The macOS system must disable AirDrop.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-002022 The macOS system must disable Remote Apple Events.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-002038 The macOS system must disable Trivial File Transfer Protocol service.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-002050 The macOS system must disable Screen Sharing and Apple Remote Desktop.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-002100 The macOS system must disable Media Sharing.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-002110 The macOS system must disable Bluetooth sharing.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-005001 The macOS system must ensure System Integrity Protection is enabled.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-005058 The macOS system must disable Handoff.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-005070 The macOS system must enable Authenticated Root.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-15-000033 - The macOS system must disable FileVault automatic login.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-002001 - The macOS system must disable Server Message Block (SMB) sharing.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-002003 - The macOS system must disable Network File System (NFS) service.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-002006 - The macOS system must disable Unix-to-Unix Copy Protocol (UUCP) service.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-002008 - The macOS system must disable the built-in web server.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-002009 - The macOS system must disable AirDrop.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-002022 - The macOS system must disable Remote Apple Events.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-002038 - The macOS system must disable Trivial File Transfer Protocol (TFTP) service.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-002050 - The macOS system must disable Screen Sharing and Apple Remote Desktop.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-002100 - The macOS system must disable Media Sharing.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-002110 - The macOS system must disable Bluetooth Sharing.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-005001 - The macOS system must ensure System Integrity Protection is enabled.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-005058 - The macOS system must disable Handoff.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-005070 - The macOS system must enable Authenticated Root.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r2
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocol	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.	Unix	DISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.	Unix	DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol	Windows	DISA STIG Apache Server 2.4 Windows Server v3r1

Detections

Analytics

CCI|CCI-000213

Title

Reference Item Details

Audit Items