Capacity
CCI-001090
Prevent unauthorized and unintended information transfer via shared system resources.
30
Rule
Severity: Medium
Verify that All World-Writable Directories Have Sticky Bits Set
17
Rule
Severity: Low
Restrict Access to Kernel Message Buffer
14
Rule
Severity: Low
Disallow kernel profiling by unprivileged users
1
Rule
Severity: Medium
Apple iOS/iPadOS 15 must not allow backup to remote systems (iCloud).
1
Rule
Severity: Medium
Apple iOS/iPadOS 15 must not allow backup to remote systems (iCloud document and data synchronization).
1
Rule
Severity: Medium
Apple iOS/iPadOS 15 must not allow backup to remote systems (iCloud Keychain).
1
Rule
Severity: Medium
Apple iOS/iPadOS 15 must not allow backup to remote systems (My Photo Stream).
1
Rule
Severity: Medium
Apple iOS/iPadOS 15 must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).
1
Rule
Severity: Medium
Apple iOS/iPadOS 15 must not allow backup to remote systems (managed applications data stored in iCloud).
1
Rule
Severity: Medium
Apple iOS/iPadOS 15 must not allow backup to remote systems (enterprise books).
1
Rule
Severity: Medium
Apple iOS/iPadOS 15 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.
2
Rule
Severity: Medium
Applications must prevent unauthorized and unintended information transfer via shared system resources.
2
Rule
Severity: Low
A BIND 9.x server implementation must be running in a chroot(ed) directory structure.
2
Rule
Severity: Medium
IDMS must prevent unauthorized and unintended information transfer via database buffers.
1
Rule
Severity: Medium
A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.
1
Rule
Severity: Medium
A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set.
2
Rule
Severity: Medium
The DNS server implementation must prevent unauthorized and unintended information transfer via shared system resources.
4
Rule
Severity: Medium
Google Android 13 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.
4
Rule
Severity: Medium
Google Android 13 must be configured to not allow backup of [all applications, configuration data] to remote systems.
4
Rule
Severity: Low
Google Android 13 must allow only the Administrator (MDM) to perform the following management function: Disable Phone Hub.
2
Rule
Severity: Medium
Google Android 12 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.
2
Rule
Severity: Medium
Google Android 12 must be configured to not allow backup of [all applications, configuration data] to remote systems.
20
Rule
Severity: Medium
Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.
19
Rule
Severity: Medium
Access to database files must be limited to relevant processes and to authorized, administrative users.
1
Rule
Severity: Medium
The IBM z/VM SYSTEM CONFIG file must be configured to clear TDISK on IPL.
2
Rule
Severity: Medium
Microsoft Android 11 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.
2
Rule
Severity: Medium
Microsoft Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.
2
Rule
Severity: Medium
Azure SQL Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.
1
Rule
Severity: Medium
Nutanix AOS must be configured to restrict public directories.
2
Rule
Severity: Medium
Prisma Cloud Compute must prevent unauthorized and unintended information transfer.
4
Rule
Severity: Medium
Samsung Android must be configured to not allow backup of all applications and configuration data to remote systems.
- Disable Backup Services.
8
Rule
Severity: Medium
Samsung Android must be configured to not allow backup of all applications and configuration data to locally connected systems.
3
Rule
Severity: Medium
Samsung Android must be configured to not allow backup of all applications, configuration data to remote systems.
- Disable Data Sync Framework.
3
Rule
Severity: Medium
Samsung Android's Work profile must be configured to not allow backup of all applications, configuration data to remote systems.
- Disable Data Sync Framework.
3
Rule
Severity: Medium
Apple iOS/iPadOS 16 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.
3
Rule
Severity: Medium
Apple iOS/iPadOS 17 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.
2
Rule
Severity: Medium
Apple iOS/iPadOS 17 must not allow backup to remote systems (iCloud).
2
Rule
Severity: Medium
Apple iOS/iPadOS 16 must not allow backup to remote systems (iCloud).
1
Rule
Severity: Medium
The Ubuntu operating system must set a sticky bit on all public directories to prevent unauthorized and unintended information transferred via shared system resources.
3
Rule
Severity: Low
The Ubuntu operating system must restrict access to the kernel message buffer.
2
Rule
Severity: Medium
The Ubuntu operating system must set a sticky bit on all public directories to prevent unauthorized and unintended information transferred via shared system resources.
2
Rule
Severity: Medium
The container platform must prohibit containers from accessing privileged resources.
2
Rule
Severity: Medium
The container platform must prevent unauthorized and unintended information transfer via shared system resources.
2
Rule
Severity: Medium
Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data transfer policy.
5
Rule
Severity: Medium
The DBMS must prevent unauthorized and unintended information transfer via shared system resources.
2
Rule
Severity: Medium
Google Android 13 must be configured to not allow backup of all work profile applications to remote systems.
4
Rule
Severity: Medium
Google Android 14 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.
4
Rule
Severity: Medium
Google Android 14 must be configured to not allow backup of [all applications, configuration data] to remote systems.
4
Rule
Severity: Low
Google Android 14 must allow only the administrator (MDM) to perform the following management function: Disable Phone Hub.
2
Rule
Severity: Medium
Operating systems must prevent unauthorized and unintended information transfer via shared system resources.
2
Rule
Severity: Medium
ACF2 AUTOERAS GSO record value must be set to indicate that ACF2 is controlling the automatic physical erasure of VSAM or non VSAM data sets.
4
Rule
Severity: Medium
IBM z/OS sensitive and critical system data sets must not exist on shared DASD.
2
Rule
Severity: Medium
The CA-TSS AUTOERASE Control Option must be set to ALL for all systems.
2
Rule
Severity: Medium
The IBM RACF ERASE ALL SETROPTS value must be set to ERASE(ALL) on all systems.
2
Rule
Severity: Medium
IBM z/OS sensitive and critical system data sets must not exist on shared DASDs.
2
Rule
Severity: Medium
Access to MarkLogic Server files must be limited to relevant processes and to authorized, administrative users.
2
Rule
Severity: Medium
MariaDB must prevent unauthorized and unintended information transfer via shared system resources.
3
Rule
Severity: Medium
MongoDB must prevent unauthorized and unintended information transfer via shared system resources.
2
Rule
Severity: Medium
Non system-created file shares on a system must limit access to groups that require it.
2
Rule
Severity: Medium
SQL Server must prevent unauthorized and unintended information transfer via shared system resources.
2
Rule
Severity: Medium
SQL Server must prevent unauthorized and unintended information transfer via Instant File Initialization (IFI).
4
Rule
Severity: High
Solicited Remote Assistance must not be allowed.
6
Rule
Severity: Medium
Local drives must be prevented from sharing with Remote Desktop Session Hosts.
2
Rule
Severity: Medium
Windows 10 Kernel (Direct Memory Access) DMA Protection must be enabled.
4
Rule
Severity: High
Anonymous enumeration of shares must be restricted.
6
Rule
Severity: High
Anonymous access to Named Pipes and Shares must be restricted.
4
Rule
Severity: Medium
Non-system-created file shares on a system must limit access to groups that require it.
2
Rule
Severity: Medium
Data files owned by users must be on a different logical partition from the directory server data files.
2
Rule
Severity: High
Anonymous enumeration of shares must not be allowed.
2
Rule
Severity: Medium
Windows Server 2019 non-system-created file shares must limit access to groups that require it.
2
Rule
Severity: Medium
Windows Server 2019 Remote Desktop Services must prevent drive redirection.
2
Rule
Severity: Medium
Windows Server 2019 data files owned by users must be on a different logical partition from the directory server data files.
2
Rule
Severity: High
Windows Server 2019 must not allow anonymous enumeration of shares.
2
Rule
Severity: High
Windows Server 2019 must restrict anonymous access to Named Pipes and Shares.
2
Rule
Severity: Medium
Windows Server 2022 nonsystem-created file shares must limit access to groups that require it.
2
Rule
Severity: Medium
Windows Server 2022 Remote Desktop Services must prevent drive redirection.
2
Rule
Severity: Medium
Windows Server 2022 data files owned by users must be on a different logical partition from the directory server data files.
2
Rule
Severity: High
Windows Server 2022 must not allow anonymous enumeration of shares.
2
Rule
Severity: High
Windows Server 2022 must restrict anonymous access to Named Pipes and Shares.
3
Rule
Severity: Medium
The DBMS must restrict access to system tables and other configuration information or metadata to DBAs or other authorized users.
3
Rule
Severity: Medium
DBMS backup and restoration files must be protected from unauthorized access.
2
Rule
Severity: Low
The Oracle Linux operating system must restrict access to the kernel message buffer.
2
Rule
Severity: Medium
A sticky bit must be set on all OL 8 public directories to prevent unauthorized and unintended information transferred via shared system resources.
2
Rule
Severity: Low
OL 8 must restrict access to the kernel message buffer.
2
Rule
Severity: Low
OL 8 must prevent kernel profiling by unprivileged users.
2
Rule
Severity: Medium
Redis Enterprise DBMS must prevent unauthorized and unintended information transfer via shared system resources.
2
Rule
Severity: Medium
Rancher RKE2 runtime must maintain separate execution domains for each container by assigning each container a separate address space to prevent unauthorized and unintended information transfer via shared system resources.
2
Rule
Severity: Medium
OpenShift must prevent unauthorized and unintended information transfer via shared system resources and enable page poisoning.
2
Rule
Severity: Medium
OpenShift must disable virtual syscalls.
2
Rule
Severity: Medium
OpenShift must enable poisoning of SLUB/SLAB objects.
2
Rule
Severity: Medium
OpenShift must set the sticky bit for world-writable directories.
2
Rule
Severity: Medium
OpenShift must restrict access to the kernel buffer.
2
Rule
Severity: Medium
OpenShift must prevent kernel profiling.
2
Rule
Severity: High
Container images instantiated by OpenShift must execute using least privileges.
2
Rule
Severity: Medium
A sticky bit must be set on all RHEL 8 public directories to prevent unauthorized and unintended information transferred via shared system resources.
2
Rule
Severity: Low
RHEL 8 must restrict access to the kernel message buffer.
2
Rule
Severity: Low
RHEL 8 must prevent kernel profiling by unprivileged users.
1
Rule
Severity: Low
The Red Hat Enterprise Linux operating system must restrict access to the kernel message buffer.
4
Rule
Severity: Medium
The sticky bit must be set on all SUSE operating system world-writable directories.
2
Rule
Severity: Medium
RHEL 9 must restrict access to the kernel message buffer.
2
Rule
Severity: Medium
RHEL 9 must prevent kernel profiling by nonprivileged users.
2
Rule
Severity: Medium
All RHEL 9 world-writable directories must be owned by root, sys, bin, or an application user.
2
Rule
Severity: Medium
A sticky bit must be set on all RHEL 9 public directories.
4
Rule
Severity: Low
The SUSE operating system must restrict access to the kernel message buffer.
1
Rule
Severity: Medium
Samsung Android must be configured to not allow backup of all applications and configuration data to remote systems.
1
Rule
Severity: Medium
Samsung Android must be configured to not allow backup of all applications, configuration data to locally connected systems.
1
Rule
Severity: Medium
Samsung Android must be configured to not allow backup of all applications, configuration data to remote systems.
- Disable Data Sync Framework
1
Rule
Severity: Medium
Samsung Android must be configured to not allow backup of all applications' configuration data to locally connected systems.
1
Rule
Severity: Medium
Samsung Android's Work profile must be configured to not allow backup of [all applications, configuration data] to remote systems.
- Disable Data Sync Framework
4
Rule
Severity: Low
The Samsung Android device must be configured to perform the following management function: Disable Phone Hub.
2
Rule
Severity: Medium
The VMM must prevent unauthorized and unintended information transfer via shared system resources.
3
Rule
Severity: Medium
The Photon operating system must restrict access to the kernel message buffer.
1
Rule
Severity: High
The macOS system must ensure System Integrity Protection is enabled.
1
Rule
Severity: Low
Ubuntu 22.04 LTS must restrict access to the kernel message buffer.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must set a sticky bit on all public directories to prevent unauthorized and unintended information transferred via shared system resources.
1
Rule
Severity: Medium
Google Android 14 must be configured to not allow backup of all work profile applications to remote systems.
2
Rule
Severity: Medium
Google Android 15 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.
2
Rule
Severity: Medium
Google Android 15 must be configured to not allow backup of [all applications, configuration data] to remote systems.
2
Rule
Severity: Low
Google Android 15 must allow only the administrator (MDM) to perform the following management function: Disable Phone Hub.
1
Rule
Severity: Medium
All containers must be restricted from acquiring additional privileges.
1
Rule
Severity: Medium
Host IPC namespace must not be shared.
1
Rule
Severity: Medium
SLEM 5 must restrict access to the kernel message buffer.
1
Rule
Severity: Medium
The sticky bit must be set on all SLEM 5 world-writable directories.
1
Rule
Severity: Medium
Samsung Android must be configured to not allow backup of all applications, configuration data to remote systems.- Disable Data Sync Framework.
2
Rule
Severity: Medium
Samsung Android's Work profile must be configured to not allow backup of all applications, configuration data to remote systems.- Disable Data Sync Framework.
1
Rule
Severity: Medium
TOSS must prevent unauthorized and unintended information transfer via shared system resources.
1
Rule
Severity: Medium
Apple iOS/iPadOS 18 must not allow backup to remote systems (iCloud).
1
Rule
Severity: Medium
Apple iOS/iPadOS 18 must not allow backup to remote systems (iCloud document and data synchronization).
1
Rule
Severity: Medium
Apple iOS/iPadOS 18 must not allow backup to remote systems (iCloud Keychain).
1
Rule
Severity: Medium
Apple iOS/iPadOS 18 must not allow backup to remote systems (Cloud Photo Library).
1
Rule
Severity: Medium
Apple iOS/iPadOS 18 must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Stream or Shared Photo Stream).
1
Rule
Severity: Medium
Apple iOS/iPadOS 18 must not allow backup to remote systems (managed applications data stored in iCloud).
1
Rule
Severity: Medium
Apple iOS/iPadOS 18 must not allow backup to remote systems (enterprise books).
1
Rule
Severity: Medium
Apple iOS/iPadOS 18 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.
1
Rule
Severity: Medium
Apple iOS/iPadOS 18 must disable "Allow USB drive access in Files app" if the authorizing official (AO) has not approved the use of DOD-approved USB storage drives with iOS/iPadOS devices.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules