Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-002165
CCI
CCI|CCI-002165
Title
Enforce organization-defined discretionary access control policies over defined subjects and objects.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
1.6.1.3 Ensure SELinux policy is configured
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.5 Ensure the SELinux mode is enforcing
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.006 - ACLs for system files and directories do not conform to minimum requirements. - 'C:'
Windows
DISA Windows Vista STIG v6r41
2.006 - ACLS FOR SYSTEM FILES AND DIRECTORIES DO NOT CONFORM TO MINIMUM REQUIREMENTS. - 'C:\Program Files'
Windows
DISA Windows Vista STIG v6r41
2.006 - ACLS FOR SYSTEM FILES AND DIRECTORIES DO NOT CONFORM TO MINIMUM REQUIREMENTS. - 'C:\Windows'
Windows
DISA Windows Vista STIG v6r41
6.1.11 Ensure no unowned files or directories exist
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
6.1.12 Ensure no ungrouped files or directories exist
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-003020 - AIX must use Trusted Execution (TE) Check policy.
Unix
DISA STIG AIX 7.x v3r1
AIX7-00-003098 - AIX must allow admins to send a message to all the users who logged in currently.
Unix
DISA STIG AIX 7.x v3r1
AIX7-00-003099 - AIX must allow admins to send a message to a user who logged in currently.
Unix
DISA STIG AIX 7.x v3r1
Big Sur - Allow Administrators to Modify Security Settings and System Attributes
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Allow Administrators to Promote Other Users to Administrator Status
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Allow Information Transfer with Other Operating Systems
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Allow Administrators to Modify Security Settings and System Attributes
Unix
NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Allow Administrators to Promote Other Users to Administrator Status
Unix
NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Allow Information Transfer with Other Operating Systems
Unix
NIST macOS Catalina v1.5.0 - All Profiles
DTOO199 - Changing permissions on rights managed content for users must be enforced.
Windows
DISA STIG Microsoft Office System 2013 v2r2
DTOO199 - Office System - Changing permissions on rights managed content for users must be enforced.
Windows
DISA STIG Office System 2010 v1r13
DTOO200 - Office must be configured to not allow read with browsers.
Windows
DISA STIG Microsoft Office System 2013 v2r2
DTOO200 - Office System - Office must be configured to not allow read with browsers.
Windows
DISA STIG Office System 2010 v1r13
EPAS-00-007300 - The EDB Postgres Advanced Server must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.
Unix
EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1
GEN000252 - The time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive.
Unix
DISA STIG Solaris 10 X86 v2r4
GEN000252 - The time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive.
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001140 - System files and directories must not have uneven access permissions - /bin/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001140 - System files and directories must not have uneven access permissions - /bin/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001140 - System files and directories must not have uneven access permissions - /etc/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001140 - System files and directories must not have uneven access permissions - /etc/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001140 - System files and directories must not have uneven access permissions - /sbin/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001140 - System files and directories must not have uneven access permissions - /sbin/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001140 - System files and directories must not have uneven access permissions - /usr/bin/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001140 - System files and directories must not have uneven access permissions - /usr/bin/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001140 - System files and directories must not have uneven access permissions - /usr/sbin/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001140 - System files and directories must not have uneven access permissions - /usr/sbin/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001140 - System files and directories must not have uneven access permissions - /usr/ucb/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001140 - System files and directories must not have uneven access permissions - /usr/ucb/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001180 - All network services daemon files must have mode 0755 or less permissive - /usr/sbin/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001180 - All network services daemon files must have mode 0755 or less permissive - /usr/sbin/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001180 - All network services daemon files must have mode 0755 or less permissive - httpd
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001180 - All network services daemon files must have mode 0755 or less permissive - httpd
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001180 - All network services daemon files must have mode 0755 or less permissive - sshd
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001180 - All network services daemon files must have mode 0755 or less permissive - sshd
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001280 - Manual page files must have mode 0655 or less permissive - /usr/sfw/man/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001280 - Manual page files must have mode 0655 or less permissive - /usr/sfw/man/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001280 - Manual page files must have mode 0655 or less permissive - /usr/sfw/share/man/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001280 - Manual page files must have mode 0655 or less permissive - /usr/sfw/share/man/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001280 - Manual page files must have mode 0655 or less permissive - /usr/share/man/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001280 - Manual page files must have mode 0655 or less permissive - /usr/share/man/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001320 - NIS/NIS+/yp files must be owned by root, sys, or bin - /usr/lib/netsvc/yp/*
Unix
DISA STIG Solaris 10 X86 v2r4
GEN001320 - NIS/NIS+/yp files must be owned by root, sys, or bin - /usr/lib/netsvc/yp/*
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN001320 - NIS/NIS+/yp files must be owned by root, sys, or bin - /var/yp/*
Unix
DISA STIG Solaris 10 X86 v2r4
