Description
Reboot the system and enter the BIOS or Setup configuration menu.
Navigate the BIOS configuration menu and make sure that the option is enabled. The setting may be located
under a Security section. Look for Execute Disable (XD) on Intel-based systems and No Execute (NX)
on AMD-based systems.
Rationale
Computers with the ability to prevent this type of code execution frequently put an option in the BIOS that will
allow users to turn the feature on or off at will.
- ID
xccdf_org.ssgproject.content_rule_bios_enable_execution_restrictions
- References
CSC: Critical Security Controls
COBIT®: Control Objectives for Information and Related Technologies
SP 800-171 Rev. 1: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
CCI: Control Correlation Identifier
ISA-62443-2-1-2009, Security for Industrial Automation and Control Systems Part 2-1: Establishing an Industrial Automation and Control Systems Security Program
ANSI/ISA-62443-3-3 (99.03.03)-2013 Security for industrial automation and control systems Part 3-3: System security requirements and security levels
NIST Special Publication 800-53 (Revision 4): Security and Privacy Controls for Federal Information Systems and Organizations
Framework for Improving Critical Infrastructure Cybersecurity
PCI DSS v4: Payment Card Industry Data Security Standard
GPOS SRG: General Purpose Operating System Security Requirements Guide
App SRG: Application Server Security Requirements Guide