CCI|CCI-002233

Title

Prevent the organization-defined software from executing at higher privilege levels than users executing the software.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.10 PHTN-40-000019UnixCIS VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1.0.0 CAT II
1.19 SQLD-22-002900MS_SQLDBCIS Microsoft SQL Server 2022 Database STIG v1.0.0 CAT II
1.43 ALMA-09-007280UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
1.44 SQLI-22-010500MS_SQLDBCIS Microsoft SQL Server 2022 Instance STIG v1.0.0 CAT II MS_SQLDB
1.46 UBTU-24-200580UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.48 SLES-15-010390UnixCIS SUSE Linux Enterprise Server 15 STIG v1.0.0 CAT II
1.59 MADB-10-006900MySQLDBCIS MariaDB Enterprise 10.x STIG v1.1.0 CAT II MySQLDB
1.64 SQLI-22-016400MS_SQLDBCIS Microsoft SQL Server 2022 Instance STIG v1.0.0 CAT II MS_SQLDB
1.93 AZLX-23-002110UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.135 OL09-00-000715UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.177 UBTU-22-654230UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.185 RHEL-10-500300UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT II
1.205 OL08-00-030000UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.392 RHEL-09-654010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.MDMAirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4
AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.MDMMobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4
AIOS-16-009700 - Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data.MDMAirWatch - DISA Apple iOS-iPadOS 16 STIG v2r2
AIOS-16-009700 - Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data.MDMMobileIron - DISA Apple iOS-iPadOS 16 STIG v2r2
AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r2
AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r2
AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r2
AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r2
AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS 17 v2r2
AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 17 v2r2
AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r2
AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r2
AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r2
AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r2
AIOS-18-009700 - Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS 18 v2r3
AIOS-18-009700 - Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 18 v2r3
AIOS-26-009700 - Apple iOS/iPadOS 26 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS 26 v1r3
AIOS-26-009700 - Apple iOS/iPadOS 26 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 26 v1r3
AIX7-00-001138 - NFS file systems on AIX must be mounted with the nosuid option unless the NFS file systems contain approved setuid or setgid programs.UnixDISA IBM AIX 7.x STIG v3r2
ALMA-09-007280 - AlmaLinux OS 9 must audit uses of the "execve" system call.UnixDISA Cloud Linux AlmaLinux OS 9 STIG v1r6
AZLX-23-002110 - Amazon Linux 2023 must audit uses of the "execve" system call.UnixDISA Amazon Linux 2023 STIG v1r3
Big Sur - Prevent Software From Executing at Higher Privilege Levels than Users Executing The SoftwareUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Prevent Software From Executing at Higher Privilege Levels than Users Executing The SoftwareUnixNIST macOS Catalina v1.5.0 - All Profiles
CD12-00-003600 - Execution of software modules (to include functions and trigger procedures) with elevated privileges must be restricted to necessary cases only.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
CD16-00-006900 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.PostgreSQLDBDISA Crunchy Data Postgres 16 STIG v1r2 PostgreSQLDB
CNTR-R2-001130 - Rancher RKE2 must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.UnixDISA Rancher Government Solutions RKE2 STIG v2r6
DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - repositoryAccessUnixDISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - team member accessUnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
DKER-EE-003200 - Docker Enterprise images must be built with the USER instruction to prevent containers from running as root.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r2
EP11-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4
EP11-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4
EPAS-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v2r1
EPAS-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v2r1
GEN000520 - The root user must not own the logon session for an application requiring a continuous display.UnixDISA STIG Solaris 10 SPARC v2r4
GEN000520 - The root user must not own the logon session for an application requiring a continuous display.UnixDISA STIG Solaris 10 X86 v2r4