CCI|CCI-001813

Title

Enforce access restrictions using organization-defined mechanisms.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.4.4 Ensure boot loader does not allow removable mediaUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.10 Ensure system device files are labeled - device_tUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.10 Ensure system device files are labeled - unlabeled_tUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.21 Ensure the TFTP server has not been installed - TFTP server package installed if not required for operational support.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.30 Ensure SSH does not permit GSSAPI - GSSAPI authentication unless needed.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.31 Ensure SSH does not permit Kerberos authenticationUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.5.9 Ensure local interactive user accounts umask is 077UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AADC-CL-000840 - Adobe Acrobat Pro DC Classic privileged file and folder locations must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CL-001325 - Adobe Acrobat Pro DC Classic privileged host locations must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-000840 - Adobe Acrobat Pro DC Continuous privileged file and folder locations must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
AADC-CN-001325 - Adobe Acrobat Pro DC Continuous privileged host locations must be disabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-000840 - Adobe Acrobat Pro XI privileged file and folder locations must be disabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-001325 - Adobe Acrobat Pro XI privileged site locations must be disabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-001330 - Adobe Acrobat Pro XI privileged host locations must be disabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-001335 - Adobe Acrobat Pro XI certified document trust must be disabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events.UnixDISA STIG AIX 7.x v3r1
AOSX-13-000554 - The macOS system must not have a guest account - Guest accountUnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000554 - The macOS system must not have a guest account - Guest fdesetupUnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-002063 - The macOS system must disable the guest account.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-002063 - The macOS system must enforce access restrictions.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-002063 - The macOS system must enforce access restrictions.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-002063 - The macOS system must enforce access restrictions.UnixDISA STIG Apple macOS 11 v1r8
APPL-12-002063 - The macOS system must enforce access restrictions.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-002063 - The macOS system must disable the guest account.UnixDISA STIG Apple macOS 13 v1r4
APPL-14-000100 - The macOS system must disable root logon.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001100 - The macOS system must disable root logon for SSH.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-002063 - The macOS system must disable the guest account.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-000100 - The macOS system must disable root login.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001100 - The macOS system must disable root login for SSH.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-002063 - The macOS system must disable the guest account.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
ARDC-CL-000315 - Adobe Reader DC must disable the ability to add Trusted Files and Folders.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CL-000320 - Adobe Reader DC must disable the ability to specify Host-Based Privileged Locations.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000315 - Adobe Reader DC must disable the ability to add Trusted Files and Folders.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
ARDC-CN-000320 - Adobe Reader DC must disable the ability to elevate IE Trusts to Privileged Locations.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
ARST-ND-000550 - If the Arista network device uses role-based access control, the network device must enforce organization-defined role-based access control policies over defined subjects and objects.AristaDISA STIG Arista MLS EOS 4.2x NDM v2r1
AS24-U1-000440 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000440 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.UnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-W1-000280 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000280 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000440 - Anonymous user access to the Apache web server application directories must be prohibited.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Disable the Guest AccountUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable the Guest AccountUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable the Guest AccountUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable the Guest AccountUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable the Guest AccountUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable the Guest AccountUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable the Guest AccountUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable the Guest AccountUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable the Guest AccountUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253