CCI|CCI-001764

Title

Prevent program execution in accordance with organization-defined policies, rules of behavior, and/or access agreements regarding software program usage and restrictions; rules authorizing the terms and conditions of software program usage.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.7 Ensure noexec option set on /dev/shm partition - fstabUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.7 Ensure noexec option set on /dev/shm partition - mountUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.8 Ensure nodev option set on /dev/shm partition - fstabUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.8 Ensure nodev option set on /dev/shm partition - mountUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.9 Ensure nosuid option set on /dev/shm partition - fstabUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.9 Ensure nosuid option set on /dev/shm partition - mountUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.022 - Disallow AutoPlay/Autorun from Autorun.infWindowsDISA Windows Vista STIG v6r41
3.059 - The system is configured to autoplay removable media.WindowsDISA Windows Vista STIG v6r41
AIOS-12-003600 - Apple iOS must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-003600 - Apple iOS must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-13-003600 - Apple iOS/iPadOS must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-003600 - Apple iOS/iPadOS must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIX7-00-003025 - AIX must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.UnixDISA STIG AIX 7.x v3r1
ALMA-09-025980 - AlmaLinux OS 9 must prevent files with the setuid and setgid bit set from being executed on file systems that contain user home directories.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-026090 - AlmaLinux OS 9 must prevent device files from being interpreted on file systems that contain user home directories.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-026200 - AlmaLinux OS 9 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-026310 - AlmaLinux OS 9 must mount /boot with the nodev option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-026420 - AlmaLinux OS 9 must prevent files with the setuid and setgid bit set from being executed on the /boot directory.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-026530 - AlmaLinux OS 9 must mount /dev/shm with the nodev option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-026640 - AlmaLinux OS 9 must mount /dev/shm with the noexec option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-026750 - AlmaLinux OS 9 must mount /dev/shm with the nosuid option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-026860 - AlmaLinux OS 9 must mount /tmp with the nodev option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-026970 - AlmaLinux OS 9 must mount /tmp with the noexec option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-027080 - AlmaLinux OS 9 must mount /tmp with the nosuid option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-027190 - AlmaLinux OS 9 must mount /var/log/audit with the nodev option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-027300 - AlmaLinux OS 9 must mount /var/log/audit with the noexec option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-027410 - AlmaLinux OS 9 must mount /var/log/audit with the nosuid option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-027520 - AlmaLinux OS 9 must mount /var/log with the nodev option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-027630 - AlmaLinux OS 9 must mount /var/log with the noexec option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-027740 - AlmaLinux OS 9 must mount /var/log with the nosuid option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-027850 - AlmaLinux OS 9 must mount /var with the nodev option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-027960 - AlmaLinux OS 9 must mount /var/tmp with the nodev option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-028070 - AlmaLinux OS 9 must mount /var/tmp with the noexec option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-028180 - AlmaLinux OS 9 must mount /var/tmp with the nosuid option.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enable Parental ControlsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enable Parental ControlsUnixNIST macOS Catalina v1.5.0 - 800-171
CNTR-R2-000550 Rancher RKE2 must be configured with only essential configurations.UnixDISA Rancher Government Solutions RKE2 STIG v2r2
DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2