CCI|CCI-001233

Title

The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AOSX-13-000835 - The macOS system must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously where HBSS is used; 30 days for any additional internal network scans not covered by HBSS; and annually for external scans by Computer Network Defense Service Provider (CNDSP).UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000015 - The macOS system must utilize an HBSS solution and implement all DoD required modules.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules.UnixDISA STIG Apple macOS 11 v1r5
APPL-12-000015 - The macOS system must utilize an ESS solution and implement all DoD required modules - ESS and implement all DoD required modules.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-000015 - The macOS system must use an Endpoint Security Solution (ESS) and implement all DOD required modules.UnixDISA STIG Apple macOS 13 v1r4
Big Sur - Configure Automated Flaw RemediationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure Automated Flaw RemediationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure Automated Flaw RemediationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure Automated Flaw RemediationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Automated Flaw RemediationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure Automated Flaw RemediationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Must Use Host Based Security SolutionUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Must Use HBSSUnixNIST macOS Catalina v1.5.0 - All Profiles
GEN006480 - The system must have a host-based intrusion detection tool installed.UnixDISA STIG Solaris 10 X86 v2r4
GEN006480 - The system must have a host-based intrusion detection tool installed.UnixDISA STIG Solaris 10 SPARC v2r4
GEN006480 - The system must have a host-based intrusion detection tool installed.UnixDISA STIG for Oracle Linux 5 v2r1
GEN008820 - The system package management tool must not automatically obtain updates - /var/spool/cron/atjobs/*UnixDISA STIG Solaris 10 X86 v2r4
GEN008820 - The system package management tool must not automatically obtain updates - /var/spool/cron/atjobs/*UnixDISA STIG Solaris 10 SPARC v2r4
GEN008820 - The system package management tool must not automatically obtain updates - /var/spool/cron/crontabs/*UnixDISA STIG Solaris 10 SPARC v2r4
GEN008820 - The system package management tool must not automatically obtain updates - /var/spool/cron/crontabs/*UnixDISA STIG Solaris 10 X86 v2r4
GEN008820 - The system package management tool must not automatically obtain updates.UnixDISA STIG for Oracle Linux 5 v2r1
GEN008820 - The system package management tool must not automatically obtain updates.UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
Monterey - Configure Automated Flaw RemediationUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Configure Automated Flaw RemediationUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Configure Automated Flaw RemediationUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Configure Automated Flaw RemediationUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Configure Automated Flaw RemediationUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Configure Automated Flaw RemediationUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Must Use HBSSUnixNIST macOS Monterey v1.0.0 - All Profiles
OL6-00-000011 - System security patches and updates must be installed and up-to-date.UnixDISA STIG Oracle Linux 6 v2r7
OL6-00-000285 - The Oracle Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool - mcafeetp packageUnixDISA STIG Oracle Linux 6 v2r7
OL6-00-000285 - The Oracle Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool - mcafeetp processUnixDISA STIG Oracle Linux 6 v2r7
RHEL-06-000011 - System security patches and updates must be installed and up-to-date.UnixDISA Red Hat Enterprise Linux 6 STIG v2r2
UBTU-18-010021 - The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP).UnixDISA STIG Ubuntu 18.04 LTS v2r15
WN12-GE-000023 - Windows Server 2012 / 2012 R2 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where ESS is used; 30 days, for any additional internal network scans n - CNDSP.WindowsDISA Windows Server 2012 and 2012 R2 DC STIG v3r7
WN12-GE-000023 - Windows Server 2012 / 2012 R2 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP) - CNDSP.WindowsDISA Windows Server 2012 and 2012 R2 MS STIG v3r7
WN16-00-000320 - Windows Server 2016 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP) - CNDSP.WindowsDISA Windows Server 2016 STIG v2r9