CCI|CCI-001499

Title

Limit privileges to change software resident within software libraries.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AADC-CL-001280 - Adobe Acrobat Pro DC Classic Default Handler changes must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-001280 - Adobe Acrobat Pro DC Continuous Default Handler changes must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-001280 - Adobe Acrobat Pro XI Default Handler changes must be disabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AIX7-00-001018 - All system files, programs, and directories must be owned by a system account.UnixDISA STIG AIX 7.x v3r1
AIX7-00-001019 - AIX device files and directories must only be writable by users with a system account or as configured by the vendor.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002072 - AIX system files, programs, and directories must be group-owned by a system group.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002088 - AIX library files must have mode 0755 or less permissive.UnixDISA STIG AIX 7.x v3r1
AIX7-00-003009 - All system command files must not have extended ACLs.UnixDISA STIG AIX 7.x v3r1
AIX7-00-003010 - All library files must not have extended ACLs.UnixDISA STIG AIX 7.x v3r1
AOSX-13-000240 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 11 v1r5
APPL-12-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 13 v1r4
APPL-14-005001 - The macOS system must ensure System Integrity Protection is enabled.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-005001 - The macOS system must ensure System Integrity Protection is enabled.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
ARDC-CL-000050 - Adobe Reader DC must disable the ability to change the Default Handler.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000050 - Adobe Reader DC must disable the ability to change the Default Handler.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - All Profiles
CD12-00-000700 - Privileges to change PostgreSQL software modules must be limited.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-000710 - PostgreSQL must limit privileges to change functions and triggers, and links to software external to PostgreSQL.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-003200 - The PostgreSQL software installation account must be restricted to authorized users.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
CD12-00-003300 - Database software, including PostgreSQL configuration files, must be stored in dedicated directories separate from the host OS and other applications.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries.CiscoDISA STIG Cisco IOS Router NDM v3r2
CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries.CiscoDISA STIG Cisco IOS XE Router NDM v3r2
CISC-ND-000460 - The Cisco switch must be configured to limit privileges to change the software resident within software libraries.CiscoDISA STIG Cisco IOS Switch NDM v3r2
CISC-ND-000460 - The Cisco switch must be configured to limit privileges to change the software resident within software libraries.CiscoDISA STIG Cisco IOS XE Switch NDM v3r2
CNTR-K8-000850 - Kubernetes Kubelet must deny hostname override.UnixDISA STIG Kubernetes v2r2
CNTR-K8-000860 - The Kubernetes manifests must be owned by root.UnixDISA STIG Kubernetes v2r2
CNTR-K8-000880 - The Kubernetes KubeletConfiguration file must be owned by root.UnixDISA STIG Kubernetes v2r2
CNTR-K8-000890 - The Kubernetes KubeletConfiguration files must have file permissions set to 644 or more restrictive.UnixDISA STIG Kubernetes v2r2
CNTR-K8-000900 - The Kubernetes manifest files must have least privileges.UnixDISA STIG Kubernetes v2r2
CNTR-R2-000520 Configuration and authentication files for Rancher RKE2 must be protected.UnixDISA Rancher Government Solutions RKE2 STIG v2r2