Capacity
CCI-002824
Implement organization-defined controls to protect its memory from unauthorized code execution.
30
Rule
Severity: Medium
Restrict Exposed Kernel Pointer Addresses Access
30
Rule
Severity: Medium
Enable Randomized Layout of Virtual Address Space
16
Rule
Severity: Medium
Enable NX or XD Support in the BIOS
2
Rule
Severity: High
The application must not be vulnerable to overflow attacks.
2
Rule
Severity: Medium
The Mainframe Product must implement security safeguards to protect its memory from unauthorized code execution.
1
Rule
Severity: Medium
Nutanix AOS must implement nonexecutable data to protect its memory from unauthorized code execution.
1
Rule
Severity: Medium
Nutanix AOS must implement address space layout randomization to protect its memory from unauthorized code execution.
2
Rule
Severity: High
The configuration integrity of the container platform must be ensured and runtime policies must be configured.
1
Rule
Severity: Medium
The Ubuntu operating system must implement non-executable data to protect its memory from unauthorized code execution.
3
Rule
Severity: Medium
The Ubuntu operating system must implement address space layout randomization to protect its memory from unauthorized code execution.
2
Rule
Severity: Medium
The Ubuntu operating system must implement nonexecutable data to protect its memory from unauthorized code execution.
2
Rule
Severity: Medium
The container platform must implement organization-defined security safeguards to protect system CPU and memory from resource depletion and unauthorized code execution.
2
Rule
Severity: Medium
The operating system must implement non-executable data to protect its memory from unauthorized code execution.
2
Rule
Severity: Medium
The operating system must implement address space layout randomization to protect its memory from unauthorized code execution.
2
Rule
Severity: Medium
AIX must set Stack Execution Disable (SED) system wide mode to all.
4
Rule
Severity: High
Data Execution Prevention (DEP) must be configured to at least OptOut.
4
Rule
Severity: High
Structured Exception Handling Overwrite Protection (SEHOP) must be enabled.
6
Rule
Severity: Medium
Explorer Data Execution Prevention must be enabled.
2
Rule
Severity: Medium
Windows Server 2019 Explorer Data Execution Prevention must be enabled.
2
Rule
Severity: Medium
Windows Server 2022 Explorer Data Execution Prevention must be enabled.
2
Rule
Severity: Medium
Windows Server 2022 lock pages in memory user right must not be assigned to any groups or accounts.
2
Rule
Severity: Medium
The Oracle Linux operating system must implement virtual address space randomization.
2
Rule
Severity: Medium
OL 8 must implement non-executable data to protect its memory from unauthorized code execution.
2
Rule
Severity: Medium
OL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.
2
Rule
Severity: Medium
OpenShift must protect against or limit the effects of all types of Denial-of-Service (DoS) attacks by defining resource quotas on a namespace.
2
Rule
Severity: Medium
Red Hat Enterprise Linux CoreOS (RHCOS) must implement nonexecutable data to protect its memory from unauthorized code execution.
2
Rule
Severity: Medium
Red Hat Enterprise Linux CoreOS (RHCOS) must implement ASLR (Address Space Layout Randomization) from unauthorized code execution.
2
Rule
Severity: Medium
RHEL 8 must implement non-executable data to protect its memory from unauthorized code execution.
2
Rule
Severity: Medium
RHEL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.
2
Rule
Severity: Medium
RHEL 9 must clear SLUB/SLAB objects to prevent use-after-free attacks.
2
Rule
Severity: Low
RHEL 9 must enable mitigations against processor-based vulnerabilities.
2
Rule
Severity: Medium
RHEL 9 must restrict exposed kernel pointer addresses access.
2
Rule
Severity: Medium
RHEL 9 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.
2
Rule
Severity: Medium
RHEL 9 must implement nonexecutable data to protect its memory from unauthorized code execution.
4
Rule
Severity: Medium
The SUSE operating system must implement kptr-restrict to prevent the leaking of internal kernel addresses.
4
Rule
Severity: Medium
Address space layout randomization (ASLR) must be implemented by the SUSE operating system to protect memory from unauthorized code execution.
2
Rule
Severity: Medium
The VMM must implement non-executable data to protect its memory from unauthorized code execution.
2
Rule
Severity: Medium
The VMM must implement address space layout randomization to protect its memory from unauthorized code execution.
1
Rule
Severity: Medium
The Photon operating system must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.
3
Rule
Severity: Medium
The Photon operating system must implement address space layout randomization to protect its memory from unauthorized code execution.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must implement address space layout randomization to protect its memory from unauthorized code execution.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must implement nonexecutable data to protect its memory from unauthorized code execution.
1
Rule
Severity: Medium
CPU priority must be set appropriately on all containers.
1
Rule
Severity: Medium
Address space layout randomization (ASLR) must be implemented by SLEM 5 to protect memory from unauthorized code execution.
1
Rule
Severity: Medium
SLEM 5 must implement kptr-restrict to prevent the leaking of internal kernel addresses.
1
Rule
Severity: Medium
TOSS must implement non-executable data to protect its memory from unauthorized code execution.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules