CCI-001812
The information system prohibits user installation of software without explicit privileged status.
4 rules found Severity: Medium
A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.
1 rule found Severity: Medium
A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set.
1 rule found Severity: Medium
1 rule found Severity: Medium
DB2 must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
6 rules found Severity: Medium
SQL Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.
2 rules found Severity: Medium
Tanium must prohibit user installation of software without explicit privileged status and enforce access restrictions associated with changes to application configuration.
1 rule found Severity: Medium
The Tanium application must prohibit user installation of software without explicit privileged status.
4 rules found Severity: Medium
MongoDB must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.
3 rules found Severity: Medium
PostgreSQL must prohibit user installation of logic modules (functions, trigger procedures, views, etc.) without explicit privileged status.
2 rules found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must set the umask value to 077 for all local interactive user accounts.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must not allow removable media to be used as the boot loader unless approved.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the rsyslog daemon does not accept log messages from other servers unless the server is being used for log aggregation.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Generic Security Service Application Program Interface (GSSAPI) authentication unless needed.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Kerberos authentication unless needed.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must not have the Trivial File Transfer Protocol (TFTP) server package installed if not required for operational support.
1 rule found Severity: High
The EDB Postgres Advanced Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.
2 rules found Severity: Medium
The programs that can be run through a CA IDMS CV must be defined to the CV to prevent installation of unauthorized programs; must have the ability to dynamically register new programs; and must have the ability to secure tasks.
1 rule found Severity: Medium
The commands that allow dynamic definitions of PROGRAM/TASK and the dynamic varying of memory must be secured.
1 rule found Severity: Medium
PostgreSQL must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.
1 rule found Severity: Medium
AIX must turn on enhanced Role-Based Access Control (RBAC) to isolate security functions from nonsecurity functions, to grant system privileges to other operating system admins, and prohibit user installation of system software without explicit privileged status.
1 rule found Severity: Medium
The Juniper EX switch must be configured to prohibit installation of software without explicit privileged status.
1 rule found Severity: Medium
Least privilege access and need to know must be required to access MKE runtime and instantiate container images.
1 rule found Severity: High
Azure SQL Database must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.
1 rule found Severity: Medium
2 rules found Severity: High
1 rule found Severity: High
The MySQL Database Server 8.0 must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.
1 rule found Severity: Medium
Redis Enterprise DBMS must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
Forescout must prohibit installation of software without explicit privileged permission by only authorized individuals.
1 rule found Severity: Medium
The Juniper router must be configured to prohibit installation of software without explicit privileged status.
1 rule found Severity: Medium
The Juniper SRX Services Gateway must implement logon roles to ensure only authorized roles are allowed to install software and updates.
1 rule found Severity: Medium
MariaDB must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.
1 rule found Severity: Medium
2 rules found Severity: High
1 rule found Severity: Medium
Windows Server 2019 must disable the Windows Installer Always install with elevated privileges option.
1 rule found Severity: High
1 rule found Severity: Medium
Windows Server 2022 must disable the Windows Installer Always install with elevated privileges option.
1 rule found Severity: High
Rancher RKE2 must prohibit the installation of patches, updates, and instantiation of container images without explicit privileged status.
1 rule found Severity: Medium
The NSX Manager must assign users/accounts to organization-defined roles configured with approved authorizations.
1 rule found Severity: High
Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.
1 rule found Severity: High