Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-003992
CCI
CCI|CCI-003992
Title
Prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
APPL-14-002060 - The macOS system must apply gatekeeper settings to block applications from unidentified developers.
Unix
DISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-002064 - The macOS system must enable Gatekeeper.
Unix
DISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-002060 - The macOS system must apply gatekeeper settings to block applications from unidentified developers.
Unix
DISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-002064 - The macOS system must enable gatekeeper.
Unix
DISA Apple macOS 15 (Sequoia) STIG v1r1
AS24-U1-000230 - Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Apache web server.
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000230 - Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Apache web server.
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
ESXI-80-000133 The ESXi Image Profile and vSphere Installation Bundle (VIB) acceptance level must be verified.
Unix
DISA VMware vSphere 8.0 ESXi STIG OS v2r1
EX19-ED-000053 - Exchange local machine policy must require signed scripts.
Windows
DISA Microsoft Exchange 2019 Edge Server STIG v2r1
EX19-MB-000061 - Exchange local machine policy must require signed scripts.
Windows
DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2
O365-AC-000002 - Trust Bar Notifications for unsigned application add-ins in Access must be disabled and blocked.
Windows
DISA STIG Microsoft Office 365 ProPlus v3r1
O365-CO-000007 - Trust Bar notifications must be configured to display information in the Message Bar about the content that has been automatically blocked.
Windows
DISA STIG Microsoft Office 365 ProPlus v3r1
O365-EX-000028 - Trust Bar notification must be enabled for unsigned application add-ins in Excel and blocked.
Windows
DISA STIG Microsoft Office 365 ProPlus v3r1
O365-PR-000002 - Project must automatically disable unsigned add-ins without informing users.
Windows
DISA STIG Microsoft Office 365 ProPlus v3r1
O365-PT-000008 - Unsigned add-ins in PowerPoint must be blocked with no Trust Bar Notification to the user.
Windows
DISA STIG Microsoft Office 365 ProPlus v3r1
O365-PU-000002 - Publisher must automatically disable unsigned add-ins without informing users.
Windows
DISA STIG Microsoft Office 365 ProPlus v3r1
O365-PU-000003 - Publisher must disable all unsigned VBA macros.
Windows
DISA STIG Microsoft Office 365 ProPlus v3r1
O365-VI-000003 - Visio must automatically disable unsigned add-ins without informing users.
Windows
DISA STIG Microsoft Office 365 ProPlus v3r1
O365-WD-000001 - Word must automatically disable unsigned add-ins without informing users.
Windows
DISA STIG Microsoft Office 365 ProPlus v3r1
OL07-00-010019 - The Oracle Linux operating system must ensure cryptographic verification of vendor software packages.
Unix
DISA Oracle Linux 7 STIG v3r1
OL07-00-010020 - The Oracle Linux operating system must be configured so that the cryptographic hash of system files and commands matches vendor values.
Unix
DISA Oracle Linux 7 STIG v3r1
OL07-00-020050 - The Oracle Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization - CA that is recognized and approved by the organization.
Unix
DISA Oracle Linux 7 STIG v3r1
OL07-00-020060 - The Oracle Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization - CA that is recognized and approved by the organization.
Unix
DISA Oracle Linux 7 STIG v3r1
OL08-00-010019 - OL 8 must ensure cryptographic verification of vendor software packages.
Unix
DISA Oracle Linux 8 STIG v2r2
OL08-00-010370 - YUM must be configured to prevent the installation of patches, service packs, device drivers, or OL 8 system components that have not been digitally signed using a certificate that is recognized and approved by the organization.
Unix
DISA Oracle Linux 8 STIG v2r2
OL08-00-010371 - OL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
Unix
DISA Oracle Linux 8 STIG v2r2
OL08-00-010372 - OL 8 must prevent the loading of a new kernel for later execution.
Unix
DISA Oracle Linux 8 STIG v2r2
PHTN-40-000130 The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation.
Unix
DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1
PHTN-40-000199 The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation for all repos.
Unix
DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1
RHEL-08-010019 - RHEL 8 must ensure cryptographic verification of vendor software packages.
Unix
DISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-08-010370 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
Unix
DISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-08-010371 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
Unix
DISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-08-010372 - RHEL 8 must prevent the loading of a new kernel for later execution.
Unix
DISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-09-213020 - RHEL 9 must prevent the loading of a new kernel for later execution.
Unix
DISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-214010 - RHEL 9 must ensure cryptographic verification of vendor software packages.
Unix
DISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-214015 - RHEL 9 must check the GPG signature of software packages originating from external software repositories before installation.
Unix
DISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-214020 - RHEL 9 must check the GPG signature of locally installed software packages before installation.
Unix
DISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-214025 - RHEL 9 must have GPG signature verification enabled for all software repositories.
Unix
DISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-215010 - RHEL 9 subscription-manager package must be installed.
Unix
DISA Red Hat Enterprise Linux 9 STIG v2r2
SLES-12-010550 - The SUSE operating system tool zypper must have gpgcheck enabled.
Unix
DISA SLES 12 STIG v3r1
SLES-15-010430 - The SUSE operating system tool zypper must have gpgcheck enabled.
Unix
DISA SLES 15 STIG v2r2
SOL-11.1-020020 - The system must verify that package updates are digitally signed.
Unix
DISA STIG Solaris 11 SPARC v3r1
SOL-11.1-020020 - The system must verify that package updates are digitally signed.
Unix
DISA STIG Solaris 11 X86 v3r1
UBTU-20-010438 - The Ubuntu operating system's Advance Package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.
Unix
DISA STIG Ubuntu 20.04 LTS v2r1
UBTU-22-214010 - Ubuntu 22.04 LTS must be configured so that the Advance Package Tool (APT) prevents the installation of patches, service packs, device drivers, or operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.
Unix
DISA STIG Canonical Ubuntu 22.04 LTS v2r2