CCI|CCI-001084

Title

Isolate security functions from nonsecurity functions.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.130 - User Account Control - Behavior of elevation prompt for administratorsWindowsDISA Windows Vista STIG v6r41
3.132 - User Account Control - Detect Application InstallationsWindowsDISA Windows Vista STIG v6r41
3.134 - User Account Control - Elevate UIAccess applications that are in secure locationsWindowsDISA Windows Vista STIG v6r41
3.135 - User Account Control - Switch to secure desktopWindowsDISA Windows Vista STIG v6r41
3.136 - User Account Control - Non UAC Compliant Application VirtualizationWindowsDISA Windows Vista STIG v6r41
3.141 - User Account Control - Executable ElevationWindowsDISA Windows Vista STIG v6r41
5.132 - Require username and password to elevate a running application.WindowsDISA Windows Vista STIG v6r41
AS24-U2-000580 - The Apache web server document directory must be in a separate partition from the Apache web servers system files.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000580 - The Apache web server document directory must be in a separate partition from the Apache web servers system files.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-W1-000580 - The Apache web server document directory must be in a separate partition from the Apache web servers system files.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000580 - The Apache web server document directory must be in a separate partition from the Apache web servers system files.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W2-000580 - The Apache web server document directory must be in a separate partition from the Apache web servers system files.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Configure the System to Separate User and System Functionality - isolateUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure the System to Separate User and System Functionality - isolateUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure the System to Separate User and System Functionality - isolateUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Catalina - Configure the System to Separate User and System Functionality - isolateUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure the System to Separate User and System Functionality - isolateUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure the System to Separate User and System Functionality - isolateUnixNIST macOS Catalina v1.5.0 - All Profiles
CD12-00-004000 - PostgreSQL must isolate security functions from non-security functions.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CNTR-K8-001620 - Kubernetes Kubelet must enable kernel protection.UnixDISA STIG Kubernetes v2r2
CNTR-R2-000940 Rancher RKE2 runtime must isolate security functions from nonsecurity functions.UnixDISA Rancher Government Solutions RKE2 STIG v2r2
DB2X-00-005500 - DB2 must isolate security functions from non-security functionsIBM_DB2DBDISA STIG IBM DB2 v10.5 LUW v2r1 Database
DTBI356-IE11 - The 64-bit tab processes, when running in Enhanced Protected Mode on 64-bit versions of Windows, must be turned on.WindowsDISA STIG IE 11 v2r5
DTBI485-IE11 - Protected Mode must be enforced (Internet zone).WindowsDISA STIG IE 11 v2r5
DTBI490-IE11 - Protected Mode must be enforced (Restricted Sites zone).WindowsDISA STIG IE 11 v2r5
DTBI610-IE11 - Internet Explorer Processes for Zone Elevation must be enforced (Reserved).WindowsDISA STIG IE 11 v2r5
DTBI612-IE11 - Internet Explorer Processes for Zone Elevation must be enforced (Explorer).WindowsDISA STIG IE 11 v2r5
DTBI614-IE11 - Internet Explorer Processes for Zone Elevation must be enforced (iexplore).WindowsDISA STIG IE 11 v2r5
EP11-00-005800 - The EDB Postgres Advanced Server must isolate security functions from non-security functions.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4
EPAS-00-005800 - The EDB Postgres Advanced Server must isolate security functions from nonsecurity functions.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v2r1
IIST-SI-000224 - The IIS 10.0 website document directory must be in a separate partition from the IIS 10.0 websites system files.WindowsDISA IIS 10.0 Site v2r10
IISW-SI-000224 - The IIS 8.5 website document directory must be in a separate partition from the IIS 8.5 websites system files.WindowsDISA IIS 8.5 Site v2r9
MD3X-00-000390 - MongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).MongoDBDISA STIG MongoDB Enterprise Advanced 3.x v2r3 DB
Monterey - Configure the System to Separate User and System Functionality - isolateUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Configure the System to Separate User and System Functionality - isolateUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Configure the System to Separate User and System Functionality - isolateUnixNIST macOS Monterey v1.0.0 - All Profiles
MYS8-00-006500 - The MySQL Database Server 8.0 must isolate security functions from non-security functions.MySQLDBDISA Oracle MySQL 8.0 v2r2 DB
O112-C2-004100 - Administrators must utilize a separate, distinct administrative account when performing administrative activities, accessing database security functions, or accessing security-relevant information.OracleDBDISA STIG Oracle 11.2g v2r5 Database
O112-C2-018500 - The DBMS must isolate security functions from non-security functions by means of separate security domains.OracleDBDISA STIG Oracle 11.2g v2r5 Database
O121-C2-004100 - Administrators must utilize a separate, distinct administrative account when performing administrative activities, accessing database security functions, or accessing security-relevant information.OracleDBDISA STIG Oracle 12c v3r2 Database
O121-C2-018500 - The DBMS must isolate security functions from nonsecurity functions by means of separate security domains.OracleDBDISA STIG Oracle 12c v3r2 Database
OH12-1X-000281 - OHS must have the DocumentRoot directive set to a separate partition from the OHS system files.UnixDISA STIG Oracle HTTP Server 12.1.3 v2r2
OH12-1X-000282 - OHS must have the Directory directive accompanying the DocumentRoot directive set to a separate partition from the OHS system files.UnixDISA STIG Oracle HTTP Server 12.1.3 v2r2
OL08-00-010170 - OL 8 must use a Linux Security Module configured to enforce limits on system services.UnixDISA Oracle Linux 8 STIG v2r2
OL08-00-010171 - OL 8 must have the 'policycoreutils' package installed.UnixDISA Oracle Linux 8 STIG v2r2
OL08-00-010421 - OL 8 must clear the page allocator to prevent use-after-free attacks.UnixDISA Oracle Linux 8 STIG v2r2
OL08-00-010422 - OL 8 must disable virtual syscalls.UnixDISA Oracle Linux 8 STIG v2r2
OL08-00-010423 - OL 8 must clear SLUB/SLAB objects to prevent use-after-free attacks.UnixDISA Oracle Linux 8 STIG v2r2
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions.UnixDISA STIG PostgreSQL 9.x on RHEL OS v2r5
PPS9-00-005800 - The EDB Postgres Advanced Server must isolate security functions from non-security functions.PostgreSQLDBEDB PostgreSQL Advanced Server DB Audit v2r3