CCI|CCI-001749

Title

The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.3 Ensure gpgcheck is globally activated - CA that is recognized and approved by the organization.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.2.6 Ensure software packages have been digitally signed by a Certificate Authority (CA) - CA that is recognized and approved by the organization.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
6.1.1 Audit system file permissionsUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AOSX-13-000430 - The macOS system must have the security assessment policy subsystem enabled.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000710 - The macOS system must allow only applications that have a valid digital signature to run - AllowIdentifiedDevelopersUnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000710 - The macOS system must allow only applications that have a valid digital signature to run - EnableAssessmentUnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000710 - The macOS system must allow only applications that have a valid digital signature to run - SPApplicationsDataTypeUnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-002064 - The macOS system must have the security assessment policy subsystem enabled.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-002064 - The macOS system must have the security assessment policy subsystem enabled.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-002064 - The macOS system must have the security assessment policy subsystem enabled.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-002064 - The macOS system must have the security assessment policy subsystem enabled.UnixDISA STIG Apple macOS 11 v1r8
APPL-12-002064 - The macOS system must have the security assessment policy subsystem enabled.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-002064 - The macOS system must have the security assessment policy subsystem enabled.UnixDISA STIG Apple macOS 13 v1r4
APPL-14-002060 - The macOS system must apply gatekeeper settings to block applications from unidentified developers.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-002064 - The macOS system must enable Gatekeeper.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Catalina - Enable GatekeeperUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enable GatekeeperUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enable GatekeeperUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enable GatekeeperUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Enable GatekeeperUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enable GatekeeperUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enable GatekeeperUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enable GatekeeperUnixNIST macOS Catalina v1.5.0 - All Profiles
CNTR-R2-000460 Rancher RKE2 must be built from verified packages.UnixDISA Rancher Government Solutions RKE2 STIG v2r2
DKER-EE-001770 - Docker Incs official GPG key must be added to the host using the users operating systems respective package repository management tooling.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r2
DTAVSEL-201 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive all patches, service packs and updates from a DoD-managed source.UnixMcAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5
DTAVSEL-201 - The McAfee VirusScan Enterprise must be configured to receive all patches, service packs and updates from a DoD-managed source.UnixMcAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6
DTBI370-IE11 - Checking for signatures on downloaded programs must be enforced.WindowsDISA STIG IE 11 v2r5
DTOO127 - Access - Application add-ins must be signed by Trusted Publisher.WindowsDISA STIG Office 2010 Access v1r11
DTOO127 - Add-ins to Office applications must be signed by a Trusted PublisherWindowsDISA STIG Microsoft Office Access 2016 v1r1
DTOO127 - Add-ins to Office applications must be signed by a Trusted PublisherWindowsDISA STIG Microsoft Publisher 2016 v1r3
DTOO127 - Add-ins to Office applications must be signed by a Trusted Publisher.WindowsDISA STIG Microsoft Access 2013 v1r7
DTOO127 - Add-ins to Office applications must be signed by a Trusted Publisher.WindowsDISA STIG Microsoft Project 2013 v1r5
DTOO127 - Add-ins to Office applications must be signed by a Trusted Publisher.WindowsDISA STIG Microsoft Excel 2016 v2r1
DTOO127 - Add-ins to Office applications must be signed by a Trusted Publisher.WindowsDISA STIG Microsoft PowerPoint 2016 v1r1
DTOO127 - Add-ins to Office applications must be signed by a Trusted Publisher.WindowsDISA STIG Microsoft Visio 2016 v1r1
DTOO127 - Add-ins to Office applications must be signed by a Trusted Publisher.WindowsDISA STIG Microsoft PowerPoint 2013 v1r7
DTOO127 - Add-ins to Office applications must be signed by a Trusted Publisher.WindowsDISA STIG Microsoft Visio 2013 v1r5
DTOO127 - Add-ins to Office applications must be signed by a Trusted Publisher.WindowsDISA STIG Microsoft Word 2013 v1r7
DTOO127 - Add-ins to Office applications must be signed by a Trusted Publisher.WindowsDISA STIG Microsoft Project 2016 v1r1
DTOO127 - Add-ins to Office applications must be signed by a Trusted Publisher.WindowsDISA STIG Microsoft Excel 2013 v1r8
DTOO127 - Add-ins to Office applications must be signed by a Trusted Publisher.WindowsDISA STIG Microsoft Word 2016 v1r1