Skip to content
ATO Pathways
  Log In

CCI-001233

The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation.

Logo
29

Rule

Severity: Medium
Install the Host Intrusion Prevention System (HIPS) Module
Logo
2

Rule

Severity: Medium
Flaw remediation Tanium applications must employ automated mechanisms to determine the state of information system components with regard to flaw remediation using the following frequency: continuously, where HBSS is used; 30 days, for any additional internal network scans not covered by HBSS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
Logo
1

Rule

Severity: Medium
The Tanium application must employ automated mechanisms to determine the state of information system components with regard to flaw remediation using the following frequency: continuously, where HBSS is used; 30 days, for any additional internal network scans not covered by HBSS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
Logo
1

Rule

Severity: Medium
The Tanium application must employ automated mechanisms to determine the state of information system components with regard to flaw remediation using the following frequency: Continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
Logo
1

Rule

Severity: Medium
The macOS system must utilize an ESS solution and implement all DoD required modules.
Logo
3

Rule

Severity: Medium
The macOS system must use an Endpoint Security Solution (ESS) and implement all DOD required modules.
Logo
1

Rule

Severity: Medium
The macOS system must employ automated mechanisms to determine the state of system components.
Logo
1

Rule

Severity: Medium
The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP).
Logo
1

Rule

Severity: Low
The Ubuntu operating system must deploy Endpoint Security for Linux Threat Prevention (ENSLTP).
Logo
1

Rule

Severity: Medium
The operating system must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, 30 days, and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
Logo
1

Rule

Severity: Medium
Windows 10 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
Logo
1

Rule

Severity: Medium
Windows 11 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
Logo
2

Rule

Severity: Medium
Windows Server 2016 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
Logo
1

Rule

Severity: Medium
Windows Server 2019 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
Logo
1

Rule

Severity: Medium
Windows Server 2022 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
Logo
1

Rule

Severity: Medium
The OL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.
Logo
1

Rule

Severity: Medium
The Oracle Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool.
Logo
1

Rule

Severity: Medium
The RHEL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.
Logo
1

Rule

Severity: Medium
RHEL 9 must implement the Endpoint Security for Linux Threat Prevention tool.
Logo
2

Rule

Severity: Medium
The SUSE operating system must implement the Endpoint Security for Linux Threat Prevention tool.
Logo
1

Rule

Severity: Medium
The VMM must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where HBSS is used; 30 days, for any additional internal network scans not covered by HBSS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
Logo
1

Rule

Severity: Medium
SLEM 5 must implement an endpoint security tool.

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules