CCI|CCI-002824

Title

Implement organization-defined controls to protect its memory from unauthorized code execution.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIX7-00-003096 - AIX must set Stack Execution Disable (SED) system wide mode to all.UnixDISA STIG AIX 7.x v3r1
Big Sur - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Monterey - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Configure the System to Protect Memory from Unauthorized Code ExecutionUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
OL07-00-040201 - The Oracle Linux operating system must implement virtual address space randomization.UnixDISA Oracle Linux 7 STIG v3r1
OL08-00-010420 - OL 8 must implement non-executable data to protect its memory from unauthorized code execution.UnixDISA Oracle Linux 8 STIG v2r2
OL08-00-010430 - OL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.UnixDISA Oracle Linux 8 STIG v2r2
PHTN-30-000065 - The Photon operating system must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.UnixDISA STIG VMware vSphere 7.0 Photon OS v1r3
PHTN-40-000160 The Photon operating system must implement address space layout randomization to protect its memory from unauthorized code execution.UnixDISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1
PHTN-67-000069 - The Photon operating system must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.UnixDISA STIG VMware vSphere 6.7 Photon OS v1r6
RHEL-08-010420 - RHEL 8 must implement non-executable data to protect its memory from unauthorized code execution.UnixDISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-08-010430 - RHEL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.UnixDISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-09-212045 - RHEL 9 must clear SLUB/SLAB objects to prevent use-after-free attacks.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-212050 - RHEL 9 must enable mitigations against processor-based vulnerabilities.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-213025 - RHEL 9 must restrict exposed kernel pointer addresses access.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-213070 - RHEL 9 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-213110 - RHEL 9 must implement nonexecutable data to protect its memory from unauthorized code execution.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
SLES-12-030320 - The SUSE operating system must implement kptr-restrict to prevent the leaking of internal kernel addresses.UnixDISA SLES 12 STIG v3r1
SLES-12-030330 - Address space layout randomization (ASLR) must be implemented by the SUSE operating system to protect memory from unauthorized code execution.UnixDISA SLES 12 STIG v3r1
SLES-15-010540 - The SUSE operating system must implement kptr-restrict to prevent the leaking of internal kernel addresses.UnixDISA SLES 15 STIG v2r2
SLES-15-010550 - Address space layout randomization (ASLR) must be implemented by the SUSE operating system to protect memory from unauthorized code execution.UnixDISA SLES 15 STIG v2r2
UBTU-16-030130 - The Ubuntu operating system must implement non-executable data to protect its memory from unauthorized code execution.UnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-16-030140 - The Ubuntu operating system must implement address space layout randomization to protect its memory from unauthorized code execution.UnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-18-010513 - The Ubuntu operating system must implement non-executable data to protect its memory from unauthorized code execution.UnixDISA STIG Ubuntu 18.04 LTS v2r15
UBTU-18-010514 - The Ubuntu operating system must implement address space layout randomization to protect its memory from unauthorized code execution.UnixDISA STIG Ubuntu 18.04 LTS v2r15
UBTU-20-010447 - The Ubuntu operating system must implement nonexecutable data to protect its memory from unauthorized code execution.UnixDISA STIG Ubuntu 20.04 LTS v2r1
UBTU-20-010448 - The Ubuntu operating system must implement address space layout randomization to protect its memory from unauthorized code execution.UnixDISA STIG Ubuntu 20.04 LTS v2r1
UBTU-22-213020 - Ubuntu 22.04 LTS must implement address space layout randomization to protect its memory from unauthorized code execution.UnixDISA STIG Canonical Ubuntu 22.04 LTS v2r2
UBTU-22-213025 - Ubuntu 22.04 LTS must implement nonexecutable data to protect its memory from unauthorized code execution.UnixDISA STIG Canonical Ubuntu 22.04 LTS v2r2
WINCC-000078 - EMET system-wide Address Space Layout Randomization (ASLR) must be enabled and configured to Application Opt In.WindowsDISA Windows Vista STIG v6r41
WINCC-000079 - EMET Default Protections for Internet Explorer must be enabled.WindowsDISA Windows Vista STIG v6r41
WINCC-000080 - EMET Default Protections for Recommended Software must be enabled. - Acrobat.exeWindowsDISA Windows Vista STIG v6r41
WINCC-000080 - EMET Default Protections for Recommended Software must be enabled. - AcroRd32.exeWindowsDISA Windows Vista STIG v6r41
WINCC-000080 - EMET Default Protections for Recommended Software must be enabled. - EXCEL.EXEWindowsDISA Windows Vista STIG v6r41
WINCC-000080 - EMET Default Protections for Recommended Software must be enabled. - INFOPATH.EXEWindowsDISA Windows Vista STIG v6r41