Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-001499
CCI
CCI|CCI-001499
Title
Limit privileges to change software resident within software libraries.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
AADC-CL-001280 - Adobe Acrobat Pro DC Classic Default Handler changes must be disabled.
Windows
DISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-001280 - Adobe Acrobat Pro DC Continuous Default Handler changes must be disabled.
Windows
DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-001280 - Adobe Acrobat Pro XI Default Handler changes must be disabled.
Windows
DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AIX7-00-001018 - All system files, programs, and directories must be owned by a system account.
Unix
DISA STIG AIX 7.x v3r1
AIX7-00-001019 - AIX device files and directories must only be writable by users with a system account or as configured by the vendor.
Unix
DISA STIG AIX 7.x v3r1
AIX7-00-002072 - AIX system files, programs, and directories must be group-owned by a system group.
Unix
DISA STIG AIX 7.x v3r1
AIX7-00-002088 - AIX library files must have mode 0755 or less permissive.
Unix
DISA STIG AIX 7.x v3r1
AIX7-00-003009 - All system command files must not have extended ACLs.
Unix
DISA STIG AIX 7.x v3r1
AIX7-00-003010 - All library files must not have extended ACLs.
Unix
DISA STIG AIX 7.x v3r1
AOSX-13-000240 - The macOS system must enable System Integrity Protection.
Unix
DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-005001 - The macOS system must enable System Integrity Protection.
Unix
DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-005001 - The macOS system must enable System Integrity Protection.
Unix
DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-005001 - The macOS system must enable System Integrity Protection.
Unix
DISA STIG Apple macOS 11 v1r8
APPL-11-005001 - The macOS system must enable System Integrity Protection.
Unix
DISA STIG Apple macOS 11 v1r5
APPL-12-005001 - The macOS system must enable System Integrity Protection.
Unix
DISA STIG Apple macOS 12 v1r9
APPL-13-005001 - The macOS system must enable System Integrity Protection.
Unix
DISA STIG Apple macOS 13 v1r4
APPL-14-005001 - The macOS system must ensure System Integrity Protection is enabled.
Unix
DISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-005001 - The macOS system must ensure System Integrity Protection is enabled.
Unix
DISA Apple macOS 15 (Sequoia) STIG v1r1
ARDC-CL-000050 - Adobe Reader DC must disable the ability to change the Default Handler.
Windows
DISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000050 - Adobe Reader DC must disable the ability to change the Default Handler.
Windows
DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
Big Sur - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Catalina - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Catalina v1.5.0 - 800-171
Catalina - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Ensure System Integrity Protection is Enabled
Unix
NIST macOS Catalina v1.5.0 - All Profiles
CD12-00-000700 - Privileges to change PostgreSQL software modules must be limited.
Unix
DISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-000710 - PostgreSQL must limit privileges to change functions and triggers, and links to software external to PostgreSQL.
Unix
DISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership.
Unix
DISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-003200 - The PostgreSQL software installation account must be restricted to authorized users.
PostgreSQLDB
DISA STIG Crunchy Data PostgreSQL DB v3r1
CD12-00-003300 - Database software, including PostgreSQL configuration files, must be stored in dedicated directories separate from the host OS and other applications.
PostgreSQLDB
DISA STIG Crunchy Data PostgreSQL DB v3r1
CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries.
Cisco
DISA STIG Cisco IOS Router NDM v3r2
CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries.
Cisco
DISA STIG Cisco IOS XE Router NDM v3r2
CISC-ND-000460 - The Cisco switch must be configured to limit privileges to change the software resident within software libraries.
Cisco
DISA STIG Cisco IOS Switch NDM v3r2
CISC-ND-000460 - The Cisco switch must be configured to limit privileges to change the software resident within software libraries.
Cisco
DISA STIG Cisco IOS XE Switch NDM v3r2
CNTR-K8-000850 - Kubernetes Kubelet must deny hostname override.
Unix
DISA STIG Kubernetes v2r2
CNTR-K8-000860 - The Kubernetes manifests must be owned by root.
Unix
DISA STIG Kubernetes v2r2
CNTR-K8-000880 - The Kubernetes KubeletConfiguration file must be owned by root.
Unix
DISA STIG Kubernetes v2r2
CNTR-K8-000890 - The Kubernetes KubeletConfiguration files must have file permissions set to 644 or more restrictive.
Unix
DISA STIG Kubernetes v2r2
CNTR-K8-000900 - The Kubernetes manifest files must have least privileges.
Unix
DISA STIG Kubernetes v2r2
CNTR-R2-000520 Configuration and authentication files for Rancher RKE2 must be protected.
Unix
DISA Rancher Government Solutions RKE2 STIG v2r2