CCI|CCI-002233

Title

The information system prevents organization-defined software from executing at higher privilege levels than users executing the software.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2013

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.	MDM	MobileIron - DISA Apple iOS/iPadOS 14 v1r4
AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.	MDM	AirWatch - DISA Apple iOS/iPadOS 14 v1r4
AIX7-00-001138 - NFS file systems on AIX must be mounted with the nosuid option unless the NFS file systems contain approved setuid or setgid programs.	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-001138 - NFS file systems on AIX must be mounted with the nosuid option unless the NFS file systems contain approved setuid or setgid programs.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-001138 - NFS file systems on AIX must be mounted with the nosuid option unless the NFS file systems contain approved setuid or setgid programs.	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-001138 - NFS file systems on AIX must be mounted with the nosuid option unless the NFS file systems contain approved setuid or setgid programs.	Unix	DISA STIG AIX 7.x v2r8
AIX7-00-001138 - NFS file systems on AIX must be mounted with the nosuid option unless the NFS file systems contain approved setuid or setgid programs.	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-001138 - NFS file systems on AIX must be mounted with the nosuid option unless the NFS file systems contain approved setuid or setgid programs.	Unix	DISA STIG AIX 7.x v2r5
Big Sur - Prevent Software From Executing at Higher Privilege Levels than Users Executing The Software	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Prevent Software From Executing at Higher Privilege Levels than Users Executing The Software	Unix	NIST macOS Catalina v1.5.0 - All Profiles
CNTR-K8-002000 - The Kubernetes API server must have the ValidatingAdmissionWebhook enabled.	Unix	DISA STIG Kubernetes v1r2
CNTR-K8-002000 - The Kubernetes API server must have the ValidatingAdmissionWebhook enabled.	Unix	DISA STIG Kubernetes v1r6
CNTR-K8-002000 - The Kubernetes API server must have the ValidatingAdmissionWebhook enabled.	Unix	DISA STIG Kubernetes v1r4
CNTR-K8-002000 - The Kubernetes API server must have the ValidatingAdmissionWebhook enabled.	Unix	DISA STIG Kubernetes v1r5
CNTR-K8-002010 - Kubernetes must have a pod security policy set.	Unix	DISA STIG Kubernetes v1r2
CNTR-K8-002010 - Kubernetes must have a pod security policy set.	Unix	DISA STIG Kubernetes v1r4
CNTR-K8-002010 - Kubernetes must have a pod security policy set.	Unix	DISA STIG Kubernetes v1r6
CNTR-K8-002010 - Kubernetes must have a pod security policy set.	Unix	DISA STIG Kubernetes v1r5
DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v1r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - repositoryAccess	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - team member access	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set. - repositoryAccess	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix DTR v1r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set. - team member access	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v1r1
DKER-EE-003200 - Docker Enterprise images must be built with the USER instruction to prevent containers from running as root.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v1r1
DKER-EE-003200 - Docker Enterprise images must be built with the USER instruction to prevent containers from running as root.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
EP11-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.	PostgreSQLDB	EDB PostgreSQL Advanced Server v11 DB Audit v2r2
EP11-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.	PostgreSQLDB	EDB PostgreSQL Advanced Server v11 DB Audit v2r3
EP11-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.	PostgreSQLDB	EDB PostgreSQL Advanced Server v11 DB Audit v2r2
EP11-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.	PostgreSQLDB	EDB PostgreSQL Advanced Server v11 DB Audit v2r3
EPAS-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.	PostgreSQLDB	EnterpriseDB PostgreSQL Advanced Server DB v1r1
EPAS-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.	PostgreSQLDB	EnterpriseDB PostgreSQL Advanced Server DB v1r1
GEN000520 - The root user must not own the logon session for an application requiring a continuous display.	Unix	DISA STIG Solaris 10 X86 v2r4
GEN000520 - The root user must not own the logon session for an application requiring a continuous display.	Unix	DISA STIG Solaris 10 SPARC v2r2
GEN000520 - The root user must not own the logon session for an application requiring a continuous display.	Unix	DISA STIG Solaris 10 X86 v2r1
GEN000520 - The root user must not own the logon session for an application requiring a continuous display.	Unix	DISA STIG Solaris 10 SPARC v2r1
GEN000520 - The root user must not own the logon session for an application requiring a continuous display.	Unix	DISA STIG Solaris 10 X86 v2r2
GEN000520 - The root user must not own the logon session for an application requiring a continuous display.	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN000920 - The root account's home directory (other than /) must have mode 0700.	Unix	DISA STIG Solaris 10 SPARC v2r2
GEN000920 - The root account's home directory (other than /) must have mode 0700.	Unix	DISA STIG Solaris 10 X86 v2r1
GEN000920 - The root account's home directory (other than /) must have mode 0700.	Unix	DISA STIG Solaris 10 X86 v2r4
GEN000920 - The root account's home directory (other than /) must have mode 0700.	Unix	DISA STIG Solaris 10 SPARC v2r1
GEN000920 - The root account's home directory (other than /) must have mode 0700.	Unix	DISA STIG Solaris 10 X86 v2r2
GEN000920 - The root account's home directory (other than /) must have mode 0700.	Unix	DISA STIG Solaris 10 SPARC v2r4
MADB-10-006900 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.	MySQLDB	DISA MariaDB Enterprise 10.x v1r2 DB
MADB-10-006900 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.	MySQLDB	DISA MariaDB Enterprise 10.x v1r3 DB
MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes - Copy/Paste	MDM	MobileIron - DISA Microsoft Android 11 COPE v1r1
MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes - Sharing data into the profile	MDM	MobileIron - DISA Microsoft Android 11 COPE v1r1
MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes.	MDM	AirWatch - DISA Microsoft Android 11 COPE v1r1
MYS8-00-010600 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only	MySQLDB	DISA Oracle MySQL 8.0 v1r4 DB

Detections

Analytics

CCI|CCI-002233

Title

Reference Item Details

Audit Items