CCI|CCI-002233

Title

Prevent the organization-defined software from executing at higher privilege levels than users executing the software.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r4
AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r4
AIOS-16-009700 - Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data.MDMAirWatch - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-009700 - Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data.MDMMobileIron - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1
AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1
AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1
AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1
AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIOS-18-009700 - Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-009700 - Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 18 v1r1
AIX7-00-001138 - NFS file systems on AIX must be mounted with the nosuid option unless the NFS file systems contain approved setuid or setgid programs.UnixDISA STIG AIX 7.x v3r1
Big Sur - Prevent Software From Executing at Higher Privilege Levels than Users Executing The SoftwareUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Prevent Software From Executing at Higher Privilege Levels than Users Executing The SoftwareUnixNIST macOS Catalina v1.5.0 - All Profiles
CD12-00-003600 - Execution of software modules (to include functions and trigger procedures) with elevated privileges must be restricted to necessary cases only.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
CNTR-R2-001130 Rancher RKE2 must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.UnixDISA Rancher Government Solutions RKE2 STIG v2r2
DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - repositoryAccessUnixDISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - team member accessUnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
DKER-EE-003200 - Docker Enterprise images must be built with the USER instruction to prevent containers from running as root.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r2
EP11-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4
EP11-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4
EPAS-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v2r1
EPAS-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v2r1
GEN000520 - The root user must not own the logon session for an application requiring a continuous display.UnixDISA STIG Solaris 10 X86 v2r4
GEN000520 - The root user must not own the logon session for an application requiring a continuous display.UnixDISA STIG Solaris 10 SPARC v2r4
GEN000920 - The root account's home directory (other than /) must have mode 0700.UnixDISA STIG Solaris 10 X86 v2r4
GEN000920 - The root account's home directory (other than /) must have mode 0700.UnixDISA STIG Solaris 10 SPARC v2r4
MADB-10-006900 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.MySQLDBDISA MariaDB Enterprise 10.x v2r2 DB
Monterey - Prevent Software From Executing at Higher Privilege Levels than Users Executing The SoftwareUnixNIST macOS Monterey v1.0.0 - All Profiles
MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes - Copy/PasteMDMMobileIron - DISA Microsoft Android 11 COPE v1r2
MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes - Sharing data into the profileMDMMobileIron - DISA Microsoft Android 11 COPE v1r2
MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes.MDMAirWatch - DISA Microsoft Android 11 COPE v1r2
MYS8-00-010600 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.MySQLDBDISA Oracle MySQL 8.0 v2r2 DB
OL08-00-030000 - The OL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.UnixDISA Oracle Linux 8 STIG v2r2
PGS9-00-003600 - Execution of software modules (to include functions and trigger procedures) with elevated privileges must be restricted to necessary cases only.PostgreSQLDBDISA STIG PostgreSQL 9.x on RHEL DB v2r5
PHTN-40-000019 The Photon operating system must be configured to audit the execution of privileged functions.UnixDISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1
PPS9-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.PostgreSQLDBEDB PostgreSQL Advanced Server DB Audit v2r3
PPS9-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.PostgreSQLDBEDB PostgreSQL Advanced Server DB Audit v2r3
RHEL-08-030000 - The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.UnixDISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-09-654010 - RHEL 9 must audit uses of the 'execve' system call - execve system call.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
SLES-12-010600 - The SUSE operating system Apparmor tool must be configured to control whitelisted applications and user home directory access control.UnixDISA SLES 12 STIG v3r1
SLES-15-010390 - SUSE operating system AppArmor tool must be configured to control whitelisted applications and user home directory access control.UnixDISA SLES 15 STIG v2r2
SQL4-00-032600 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.MS_SQLDBDISA STIG SQL Server 2014 Instance DB Audit v2r4
SQL6-D0-002900 - Execution of stored procedures and functions that utilize execute as must be restricted to necessary cases only.MS_SQLDBDISA STIG SQL Server 2016 Database Audit v3r2