Capacity
CCI-001082
Separate user functionality, including user interface services, from system management functionality.
4
Rule
Severity: High
Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.
6
Rule
Severity: Medium
Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.
6
Rule
Severity: Medium
The Apache web server must separate the hosted applications from hosted Apache web server management functionality.
2
Rule
Severity: High
Anonymous user access to the Apache web server application directories must be prohibited.
2
Rule
Severity: Medium
The application server must separate hosted application functionality from application server management functionality.
2
Rule
Severity: Medium
The application user interface must be either physically or logically separated from data storage and management interfaces.
2
Rule
Severity: Medium
All installation-delivered IDMS USER-level tasks must be properly secured.
2
Rule
Severity: Medium
All installation-delivered IDMS DEVELOPER-level tasks must be properly secured.
2
Rule
Severity: Medium
All installation-delivered IDMS DBADMIN-level tasks must be properly secured.
2
Rule
Severity: Medium
All installation-delivered IDMS DCADMIN-level tasks must be properly secured.
2
Rule
Severity: Medium
All installation-delivered IDMS User-level programs must be properly secured.
2
Rule
Severity: Medium
All installation-delivered IDMS Developer-level Programs must be properly secured.
2
Rule
Severity: Medium
All installation-delivered IDMS Database-Administrator-level programs must be properly secured.
2
Rule
Severity: Medium
All installation-delivered IDMS DC-Administrator-level programs must be properly secured.
1
Rule
Severity: Medium
DB2 must separate user functionality (including user interface services) from database management functionality.
1
Rule
Severity: Medium
The WebSphere Application Servers must not be in the DMZ.
1
Rule
Severity: Medium
CA VM:Secure product ADMIN GLOBALS command must be restricted to systems programming personnel.
2
Rule
Severity: Medium
The JBoss server must separate hosted application functionality from application server management functionality.
2
Rule
Severity: Medium
The Mainframe Product must separate user functionality (including user interface services) from information system management functionality.
2
Rule
Severity: Medium
Azure SQL Database must separate user functionality (including user interface services) from database management functionality.
4
Rule
Severity: Medium
Exchange Mailbox databases must reside on a dedicated partition.
1
Rule
Severity: Medium
SQL Server must be configured to separate user functionality (including user interface services) from database management functionality.
1
Rule
Severity: Medium
Nutanix AOS must separate hosted application functionality from application server management functionality.
1
Rule
Severity: Medium
Nutanix AOS must configure network traffic segmentation when using Disaster Recovery Services.
1
Rule
Severity: High
OHS accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.
1
Rule
Severity: Medium
Oracle WebLogic must separate hosted application functionality from Oracle WebLogic management functionality.
2
Rule
Severity: Medium
Users requiring access to Prisma Cloud Compute's Credential Store must be assigned and accessed by the appropriate role holders.
2
Rule
Severity: Medium
The SDN controller must be configured to separate tenant functionality from system management functionality.
2
Rule
Severity: Medium
The Tanium Module server must be installed on a separate system.
4
Rule
Severity: Medium
The Tanium application must separate user functionality (including user interface services) from information system management functionality.
2
Rule
Severity: Medium
Access to JMX management interface must be restricted.
2
Rule
Severity: Medium
Access to Tomcat manager application must be restricted.
4
Rule
Severity: Medium
PostgreSQL must separate user functionality (including user interface services) from database management functionality.
2
Rule
Severity: Medium
The container platform must separate user functionality (including user interface services) from information system management functionality.
3
Rule
Severity: Medium
The EDB Postgres Advanced Server must separate user functionality (including user interface services) from database management functionality.
5
Rule
Severity: Medium
The DBMS must separate user functionality (including user interface services) from database management functionality.
2
Rule
Severity: Medium
The operating system must separate user functionality (including user interface services) from operating system management functionality.
2
Rule
Severity: Medium
SSMC web server application, libraries, and configuration files must only be accessible to privileged users.
2
Rule
Severity: Medium
Kubernetes must separate user functionality.
2
Rule
Severity: Medium
MarkLogic Server must separate user functionality (including user interface services) from database management functionality.
2
Rule
Severity: Medium
MariaDB must separate user functionality (including user interface services) from database management functionality.
2
Rule
Severity: Medium
MongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).
2
Rule
Severity: Medium
Exchange queue database must reside on a dedicated partition.
2
Rule
Severity: High
Anonymous IIS 10.0 website access accounts must be restricted.
2
Rule
Severity: High
IIS 10.0 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.
2
Rule
Severity: Medium
The IIS 10.0 web server must separate the hosted applications from hosted web server management functionality.
2
Rule
Severity: High
A Windows PAW used to manage domain controllers and directory services must not be used to manage any other type of high-value IT resource.
2
Rule
Severity: Medium
In a Windows PAW, administrator accounts used for maintaining the PAW must be separate from administrative accounts used to manage high-value IT resources.
2
Rule
Severity: Medium
The MySQL Database Server 8.0 must separate user functionality (including user interface services) from database management functionality.
2
Rule
Severity: Medium
Redis Enterprise DBMS must separate user functionality (including user interface services) from database management functionality.
2
Rule
Severity: High
Access to the Redis Enterprise control plane must be restricted.
2
Rule
Severity: Medium
Rancher RKE2 runtime must maintain separate execution domains for each container by assigning each container a separate address space to prevent unauthorized and unintended information transfer via shared system resources.
2
Rule
Severity: Medium
OpenShift must separate user functionality (including user interface services) from information system management functionality.
2
Rule
Severity: Medium
All Automation Controller NGINX web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.
2
Rule
Severity: Medium
Nonprivileged accounts on the hosting system must only access Automation Controller NGINX web server security-relevant information and functions through a distinct administrative account.
2
Rule
Severity: Medium
RHEL 9 must restrict access to the kernel message buffer.
2
Rule
Severity: Medium
RHEL 9 must prevent kernel profiling by nonprivileged users.
2
Rule
Severity: Medium
RHEL 9 must restrict exposed kernel pointer addresses access.
2
Rule
Severity: Medium
RHEL 9 must disable access to network bpf system call from nonprivileged processes.
2
Rule
Severity: Medium
RHEL 9 must restrict usage of ptrace to descendant processes.
2
Rule
Severity: Medium
The VMM must separate user functionality (including user interface services) from VMM management functionality.
1
Rule
Severity: Medium
VAMI server binaries and libraries must be verified for their integrity.
1
Rule
Severity: Medium
Performance Charts directory tree must have permissions in an out-of-the-box state.
1
Rule
Severity: Medium
ESX Agent Manager directory tree must have permissions in an out-of-the-box state.
1
Rule
Severity: Medium
Lookup Service directory tree must have permissions in an out-of-the-box state.
3
Rule
Severity: Medium
The vCenter Server user roles must be verified.
1
Rule
Severity: Medium
The Security Token Service directory tree must have permissions in an out-of-the-box state.
1
Rule
Severity: Medium
The vCenter Server users must have the correct roles assigned.
1
Rule
Severity: Medium
The vSphere UI directory tree must have permissions in an out-of-the-box state.
2
Rule
Severity: Medium
Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.
2
Rule
Severity: Medium
Anonymous user access to the web server application directories must be prohibited.
2
Rule
Severity: Medium
The web server must separate the hosted applications from hosted web server management functionality.
1
Rule
Severity: Medium
Access to IBM Security zSecure program resources must be limited to authorized users.
1
Rule
Severity: Medium
MongoDB must separate user functionality (including user interface services) from database management functionality.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules