Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-000366
CCI
CCI|CCI-000366
Title
Implement the security configuration settings.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements.
Windows
DISA Windows Vista STIG v6r41
1.1.2 Ensure /tmp is configured - or equivalent.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.10 Ensure separate partition exists for /var
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.16 Ensure separate partition exists for /var/log/audit
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.19 Ensure nosuid is set on users' home directories.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.22 Ensure nosuid option set on removable media partitions
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.23 Ensure noexec option is configured for NFS - NFS.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.24 Ensure nosuid option is set for NFS - NFS.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.26 Ensure all world-writable directories are group-owned.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.27 Disable Automounting
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.28 Disable USB Storage - /bin/true
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.28 Disable USB Storage - blacklist
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.2.8 Ensure the version of the operating system is an active vendor supported release
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.3 Ensure AIDE is configured to verify ACLs - config
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.3 Ensure AIDE is configured to verify ACLs - installed
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.4 Ensure AIDE is configured to verify XATTRS - config
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.4 Ensure AIDE is configured to verify XATTRS - installed
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.5 Ensure AIDE is configured to use FIPS 140-2 - installed
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.5 Ensure AIDE is configured to use FIPS 140-2 - sha512
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.3 Ensure address space layout randomization (ASLR) is enabled - config
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.6 Ensure the Ctrl-Alt-Delete key sequence is disabled - inactive
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.6 Ensure the Ctrl-Alt-Delete key sequence is disabled - target
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.7 Ensure kernel core dumps are disabled.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.8 Ensure DNS is servers are configured - immutable
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.8 Ensure DNS is servers are configured - nameserver 1
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.8 Ensure DNS is servers are configured - nameserver 2
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.8 Ensure DNS is servers are configured - no dns
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.006 - Users with Administrative privilege are not documented or do not have separate accounts for administrative duties.
Windows
DISA Windows Vista STIG v6r41
1.006-01 - Policy must require that administrative user accounts not be used with applications that access the internet.
Windows
DISA Windows Vista STIG v6r41
1.007 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.
Windows
DISA Windows Vista STIG v6r41
1.8.7 Ensure the graphical user Ctrl-Alt-Delete key sequence is disabled
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.16 Ensure automatic logon via GUI is not allowed
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.17 Ensure unrestricted logon is not allowed
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - automount
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - automount-open
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - automount-open=false
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - automount=false
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - autorun-never
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - autorun-never=true
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.9 Ensure updates, patches, and additional security software are installed
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.013 - System information backups are not created, updated, and protected according to DISA requirements.
Windows
DISA Windows Vista STIG v6r41
1.016 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.
Windows
DISA Windows Vista STIG v6r41
2.2.2 Ensure X11 Server components are not installed - rpm
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.2 Ensure X11 Server components are not installed - systemctl
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.22 Ensure TFTP daemon is configured to operate in secure mode - TFTP server is required, the TFTP daemon is configured to operate in secure mode.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.005 - Systems must be at supported service packs (SP) or releases levels.
Windows
DISA Windows Vista STIG v6r41
2.014 - ACLs for disabled services do not conform to minimum standards.
Windows
DISA Windows Vista STIG v6r41
2.019 - Security-related Software Patches are not applied.
Windows
DISA Windows Vista STIG v6r41
2.021 - Remove Software Certificate Installation Files
Windows
DISA Windows Vista STIG v6r41
