CCI|CCI-001310

Title

Checks the validity of organization-defined information inputs to the system.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
CD12-00-001800 - PostgreSQL must check the validity of all data inputs except those specifically identified by the organization.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
CD12-00-001900 - PostgreSQL and associated applications must reserve the use of dynamic code execution for situations that require it.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
CD12-00-002000 - PostgreSQL and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
DB2X-00-005900 - DB2 must check the validity of all data inputs except those specifically identified by the organization.IBM_DB2DBDISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-006000 - DB2 and associated applications must reserve the use of dynamic code execution for situations that require it.IBM_DB2DBDISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-006100 - DB2 and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.IBM_DB2DBDISA STIG IBM DB2 v10.5 LUW v2r1 Database
EP11-00-006200 - The EDB Postgres Advanced Server must check the validity of all data inputs except those specifically identified by the organization.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4
EP11-00-006300 - The EDB Postgres Advanced Server and associated applications must reserve the use of dynamic code execution for situations that require it.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4
EP11-00-006400 - The EDB Postgres Advanced Server and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4
EPAS-00-006200 - The EDB Postgres Advanced Server must check the validity of all data inputs except those specifically identified by the organization.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v2r1
EPAS-00-006300 - The EDB Postgres Advanced Server and associated applications must reserve the use of dynamic code execution for situations that require it.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v2r1
EPAS-00-006400 - The EDB Postgres Advanced Server and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v2r1
F5BI-AS-000261 - The BIG-IP ASM module must check the validity of all data inputs except those specifically identified by the organization.F5DISA F5 BIG-IP Application Security Manager STIG v2r1
F5BI-LT-000261 - The BIG-IP Core implementation must be configured to check the validity of all data inputs except those specifically identified by the organization.F5DISA F5 BIG-IP Local Traffic Manager STIG v2r3
IIST-SI-000231 - Directory Browsing on the IIS 10.0 website must be disabled.WindowsDISA IIS 10.0 Site v2r10
IIST-SV-000138 - Directory Browsing on the IIS 10.0 web server must be disabled.WindowsDISA IIS 10.0 Server v3r2
IIST-SV-000138 - Directory Browsing on the IIS 10.0 web server must be disabled.WindowsDISA IIS 10.0 Server v2r10
IISW-SI-000231 - Directory Browsing on the IIS 8.5 website must be disabled.WindowsDISA IIS 8.5 Site v2r9
IISW-SV-000138 - Directory Browsing on the IIS 8.5 web server must be disabled.WindowsDISA IIS 8.5 Server v2r7
MADB-10-005700 - MariaDB must check the validity of all data inputs except those specifically identified by the organization.MySQLDBDISA MariaDB Enterprise 10.x v2r2 DB
MADB-10-005800 - MariaDB and associated applications must reserve the use of dynamic code execution for situations that require it.MySQLDBDISA MariaDB Enterprise 10.x v2r2 DB
MADB-10-005900 - MariaDB and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.MySQLDBDISA MariaDB Enterprise 10.x v2r2 DB
MD3X-00-000490 - MongoDB must check the validity of all data inputs except those specifically identified by the organization.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS
MD3X-00-000500 - MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS
MD4X-00-001000 - MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS
MD4X-00-004100 - MongoDB must check the validity of all data inputs except those specifically identified by the organization.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS
MD7X-00-005700 MongoDB must check the validity of all data inputs except those specifically identified by the organization.MongoDBDISA MongoDB Enterprise Advanced 7.x STIG v1r1
MD7X-00-005800 MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it.UnixDISA MongoDB Enterprise Advanced 7.x STIG v1r1
MYS8-00-007300 - The MySQL Database Server 8.0 must check the validity of all data inputs except those specifically identified by the organization.MySQLDBDISA Oracle MySQL 8.0 v2r2 DB
MYS8-00-007400 - The MySQL Database Server 8.0 and associated applications must reserve the use of dynamic code execution for situations that require it.MySQLDBDISA Oracle MySQL 8.0 v2r2 DB
MYS8-00-007500 - The MySQL Database Server 8.0 and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.MySQLDBDISA Oracle MySQL 8.0 v2r2 DB
O112-C2-019500 - The DBMS must check the validity of data inputs.OracleDBDISA STIG Oracle 11.2g v2r5 Database
O121-C2-019500 - The DBMS must check the validity of data inputs.OracleDBDISA STIG Oracle 12c v3r2 Database
PGS9-00-001800 - PostgreSQL must check the validity of all data inputs except those specifically identified by the organization.PostgreSQLDBDISA STIG PostgreSQL 9.x on RHEL DB v2r5
PGS9-00-001900 - PostgreSQL and associated applications must reserve the use of dynamic code execution for situations that require it.PostgreSQLDBDISA STIG PostgreSQL 9.x on RHEL DB v2r5
PGS9-00-002000 - PostgreSQL and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.PostgreSQLDBDISA STIG PostgreSQL 9.x on RHEL DB v2r5
PPS9-00-006200 - The EDB Postgres Advanced Server must check the validity of all data inputs except those specifically identified by the organization.PostgreSQLDBEDB PostgreSQL Advanced Server DB Audit v2r3
PPS9-00-006300 - The EDB Postgres Advanced Server and associated applications must reserve the use of dynamic code execution for situations that require it.PostgreSQLDBEDB PostgreSQL Advanced Server DB Audit v2r3
PPS9-00-006400 - The EDB Postgres Advanced Server and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.PostgreSQLDBEDB PostgreSQL Advanced Server DB Audit v2r3
SQL2-00-022500 - SQL Server must check the validity of data inputs.MS_SQLDBDISA STIG SQL Server 2012 Database Audit v1r20
SQL4-00-022500 - SQL Server must check the validity of all data inputs except those specifically identified by the organization.MS_SQLDBDISA STIG SQL Server 2014 Database Audit v1r7
SQL4-00-031500 - The DBMS and associated applications must reserve the use of dynamic code execution for situations that require it.MS_SQLDBDISA STIG SQL Server 2014 Database Audit v1r7
SQL4-00-031600 - The DBMS and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.MS_SQLDBDISA STIG SQL Server 2014 Database Audit v1r7
SQL6-D0-002100 - SQL Server must check the validity of all data inputs except those specifically identified by the organization.MS_SQLDBDISA STIG SQL Server 2016 Database Audit v3r2
VCEM-67-000020 - ESX Agent Manager must set 'URIEncoding' to UTF-8 - URIEncoding to UTF-8.UnixDISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-67-000021 - ESX Agent Manager must use the 'setCharacterEncodingFilter' filter - filterUnixDISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-67-000021 - ESX Agent Manager must use the 'setCharacterEncodingFilter' filter - filter-mappingUnixDISA STIG VMware vSphere 6.7 EAM Tomcat v1r4
VCEM-70-000020 - ESX Agent Manager must set URIEncoding to UTF-8 - URIEncoding to UTF-8.UnixDISA STIG VMware vSphere 7.0 EAM Tomcat v1r2
VCEM-70-000021 - ESX Agent Manager must use the 'setCharacterEncodingFilter' filter - filterUnixDISA STIG VMware vSphere 7.0 EAM Tomcat v1r2
VCEM-70-000021 - ESX Agent Manager must use the 'setCharacterEncodingFilter' filter - filter-mappingUnixDISA STIG VMware vSphere 7.0 EAM Tomcat v1r2