Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-002165
CCI
CCI|CCI-002165
Title
Enforce organization-defined discretionary access control policies over defined subjects and objects.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
1.6.1.3 Ensure SELinux policy is configured
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.5 Ensure the SELinux mode is enforcing
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.9 Ensure non-privileged users are prevented from executing privileged functions
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.006 - ACLs for system files and directories do not conform to minimum requirements. - 'C:'
Windows
DISA Windows Vista STIG v6r41
2.006 - ACLS FOR SYSTEM FILES AND DIRECTORIES DO NOT CONFORM TO MINIMUM REQUIREMENTS. - 'C:\Program Files'
Windows
DISA Windows Vista STIG v6r41
2.006 - ACLS FOR SYSTEM FILES AND DIRECTORIES DO NOT CONFORM TO MINIMUM REQUIREMENTS. - 'C:\Windows'
Windows
DISA Windows Vista STIG v6r41
6.1.11 Ensure no unowned files or directories exist
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
6.1.12 Ensure no ungrouped files or directories exist
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
6.1.15 Ensure the file permissions ownership and group membership of system files and commands match the vendor values
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-003020 - AIX must use Trusted Execution (TE) Check policy.
Unix
DISA STIG AIX 7.x v3r1
AIX7-00-003098 - AIX must allow admins to send a message to all the users who logged in currently.
Unix
DISA STIG AIX 7.x v3r1
AIX7-00-003099 - AIX must allow admins to send a message to a user who logged in currently.
Unix
DISA STIG AIX 7.x v3r1
Big Sur - Allow Administrators to Modify Security Settings and System Attributes
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Allow Administrators to Promote Other Users to Administrator Status
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Allow Information Transfer with Other Operating Systems
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Allow Administrators to Modify Security Settings and System Attributes
Unix
NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Allow Administrators to Promote Other Users to Administrator Status
Unix
NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Allow Information Transfer with Other Operating Systems
Unix
NIST macOS Catalina v1.5.0 - All Profiles
CD12-00-002200 - PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.
Unix
DISA STIG Crunchy Data PostgreSQL OS v3r1
DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - repositoryAccess
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - team member access
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
DTOO199 - Changing permissions on rights managed content for users must be enforced.
Windows
DISA STIG Microsoft Office System 2013 v2r2
DTOO199 - Office System - Changing permissions on rights managed content for users must be enforced.
Windows
DISA STIG Office System 2010 v1r13
DTOO200 - Office must be configured to not allow read with browsers.
Windows
DISA STIG Microsoft Office System 2013 v2r2
DTOO200 - Office System - Office must be configured to not allow read with browsers.
Windows
DISA STIG Office System 2010 v1r13
EP11-00-007300 - EDB Postgres Advanced Server must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.
PostgreSQLDB
EDB PostgreSQL Advanced Server v11 DB Audit v2r4
EPAS-00-007300 - The EDB Postgres Advanced Server must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.
Unix
EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1
GEN000252 - The time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive.
Unix
DISA STIG Solaris 10 X86 v2r4
GEN000252 - The time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive.
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001140 - System files and directories must not have uneven access permissions - /bin/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001140 - System files and directories must not have uneven access permissions - /bin/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001140 - System files and directories must not have uneven access permissions - /etc/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001140 - System files and directories must not have uneven access permissions - /etc/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001140 - System files and directories must not have uneven access permissions - /sbin/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001140 - System files and directories must not have uneven access permissions - /sbin/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001140 - System files and directories must not have uneven access permissions - /usr/bin/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001140 - System files and directories must not have uneven access permissions - /usr/bin/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001140 - System files and directories must not have uneven access permissions - /usr/sbin/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001140 - System files and directories must not have uneven access permissions - /usr/sbin/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001140 - System files and directories must not have uneven access permissions - /usr/ucb/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001140 - System files and directories must not have uneven access permissions - /usr/ucb/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001180 - All network services daemon files must have mode 0755 or less permissive - /usr/sbin/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001180 - All network services daemon files must have mode 0755 or less permissive - /usr/sbin/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001180 - All network services daemon files must have mode 0755 or less permissive - httpd
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001180 - All network services daemon files must have mode 0755 or less permissive - httpd
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001180 - All network services daemon files must have mode 0755 or less permissive - sshd
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001180 - All network services daemon files must have mode 0755 or less permissive - sshd
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001280 - Manual page files must have mode 0655 or less permissive - /usr/sfw/man/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001280 - Manual page files must have mode 0655 or less permissive - /usr/sfw/man/*
Unix
DISA STIG Solaris 10 SPARC v2r4