Configure the system security parameters to prevent system misuse or information misappropriation.

Back

CONTROL ID
00881

CONTROL TYPE
Configuration

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Establish, implement, and maintain system hardening procedures., CC ID: 12001

This Control has the following implementation support Control(s):

Configure Hypertext Transfer Protocol security headers in accordance with organizational standards., CC ID: 16488
Configure "Enable Structured Exception Handling Overwrite Protection (SEHOP)" to organizational standards., CC ID: 15385
Configure Microsoft Attack Surface Reduction rules in accordance with organizational standards., CC ID: 16478
Configure "Remote host allows delegation of non-exportable credentials" to organizational standards., CC ID: 15379
Configure "Configure enhanced anti-spoofing" to organizational standards., CC ID: 15376
Configure "Block user from showing account details on sign-in" to organizational standards., CC ID: 15374
Configure "Configure Attack Surface Reduction rules" to organizational standards., CC ID: 15370
Configure "Turn on e-mail scanning" to organizational standards., CC ID: 15361
Configure "Prevent users and apps from accessing dangerous websites" to organizational standards., CC ID: 15359
Configure "Enumeration policy for external devices incompatible with Kernel DMA Protection" to organizational standards., CC ID: 15352
Configure "Prevent Internet Explorer security prompt for Windows Installer scripts" to organizational standards., CC ID: 15351
Store state information from applications and software separately., CC ID: 14767
Configure the "aufs storage" to organizational standards., CC ID: 14461
Configure the "AppArmor Profile" to organizational standards., CC ID: 14496
Configure the "device" argument to organizational standards., CC ID: 14536
Configure the "Docker" group ownership to organizational standards., CC ID: 14495
Configure the "Docker" user ownership to organizational standards., CC ID: 14505
Configure "Allow upload of User Activities" to organizational standards., CC ID: 15338
Configure the system to restrict Core dumps to a protected directory., CC ID: 01513
Configure the system to enable Stack protection., CC ID: 01514
Configure the system to restrict NFS client requests to privileged ports., CC ID: 01515
Configure the system to use better TCP Sequence Numbers., CC ID: 01516
Configure the system to a default secure level., CC ID: 01519
Configure the system to block users from viewing un-owned processes., CC ID: 01520
Configure the system to block users from viewing processes in other groups., CC ID: 01521
Add the "nosuid" option to /etc/rmmount.conf., CC ID: 01532
Configure the system to block non-privileged mountd requests., CC ID: 01533
Add the "nodev" option to the appropriate partitions in /etc/fstab., CC ID: 01534
Add the "nosuid" option and "nodev" option for removable storage media in the /etc/fstab file., CC ID: 01535
Configure the sticky bit on world-writable directories., CC ID: 01540
Verify system files are not world-writable., CC ID: 01546
Verify backup directories containing patches are not accessible., CC ID: 01547
Run hp_checkperms., CC ID: 01548
Run fix-modes., CC ID: 01549
Convert the system to "Trusted Mode", if possible., CC ID: 01550
Configure the sadmind service to a higher Security level., CC ID: 01551
Find files and directories with extended attributes., CC ID: 01552
Configure all.rhosts files to be readable only by their owners., CC ID: 01557
Set the symlink /etc/hosts.equiv file to /dev/null., CC ID: 01558
Configure the default locking Screen saver timeout to a predetermined time period., CC ID: 01570
Configure the Security Center (Domain PCs only)., CC ID: 01967
Configure the system to immediately protect the computer after the Screen saver is activated by setting the time before the Screen saver grace period expires to a predefined amount., CC ID: 04276
Configure the system to require a password before it unlocks the Screen saver software., CC ID: 04443
Enable the safe DLL search mode., CC ID: 04273
Configure the computer to stop generating 8.3 filename formats., CC ID: 04274
Configure the system to use certificate rules for software restriction policies., CC ID: 04266
Configure the "Do not allow drive redirection" setting., CC ID: 04316
Configure the "Turn off the 'Publish to Web' task for files and folders" setting., CC ID: 04328
Configure the "Turn off Internet download for Web publishing and online ordering wizards" setting., CC ID: 04329
Configure the "Turn off Search Companion content file updates" setting., CC ID: 04331
Configure the "Turn off printing over HTTP" setting., CC ID: 04332
Configure the "Turn off downloading of print drivers over HTTP" setting., CC ID: 04333
Configure the "Turn off Windows Update device driver searching" setting., CC ID: 04334
Configure the "Display Error Notification" setting to organizational standards., CC ID: 04335
Configure the "Turn off Windows error reporting" setting to organizational standards., CC ID: 04336
Configure the "Disable software update shell notifications on program launch" setting., CC ID: 04339
Configure the "Make proxy settings per-machine (rather than per-user)" setting., CC ID: 04341
Configure the "Security Zones: Do not allow users to add/delete sites" setting., CC ID: 04342
Configure the "Security Zones: Do not allow users to change policies" setting., CC ID: 04343
Configure the "Security Zones: Use only machine settings" setting., CC ID: 04344
Configure the "Allow software to run or install even if the signature is invalid" setting., CC ID: 04346
Configure the "internet explorer processes (scripted window security restrictions)" setting., CC ID: 04350
Configure the "internet explorer processes (zone elevation protection)" setting., CC ID: 04351
Configure the "Prevent access to registry editing tools" setting., CC ID: 04355
Configure the "DoÂ not preserve zone information in file attachments" setting., CC ID: 04357
Configure the "Hide mechanisms to remove zone information" setting., CC ID: 04358
Configure the "Notify antivirus programs when opening attachments" setting., CC ID: 04359
Configure the "Configure Outlook Express" setting., CC ID: 04360
Configure the "Disable Changing Automatic Configuration settings" setting., CC ID: 04361
Configure the "Disable changing certificate settings" setting., CC ID: 04362
Configure the "Disable changing connection settings" setting., CC ID: 04363
Configure the "Disable changing proxy settings" setting., CC ID: 04364
Configure the "Turn on the auto-complete feature for user names and passwords on forms" setting., CC ID: 04365
Configure the NetWare bindery contexts., CC ID: 04444
Configure the NetWare console's SECURE.NCF settings., CC ID: 04445
Configure the CPU Hog Timeout setting., CC ID: 04446
Configure the "Check Equivalent to Me" setting., CC ID: 04463
Configure the /etc/sshd_config file., CC ID: 04475
Configure the .Mac preferences., CC ID: 04484
Configure the Fast User Switching setting., CC ID: 04485
Configure the Recent Items List (servers, applications, documents) setting., CC ID: 04486
Configure Apple's Dock preferences., CC ID: 04487
Configure the "ulimit" to organizational standards., CC ID: 14499
Configure the Energy Saver preferences., CC ID: 04488
Configure the local system search preferences to directories that do not contain restricted data or restricted information., CC ID: 04492
Digitally sign and encrypt e-mail, as necessary., CC ID: 04493
Manage temporary files, as necessary., CC ID: 04847
Configure the computer-wide, rather than per-user, use of Microsoft Spynet Reporting for Windows Defender properly., CC ID: 05282
Enable or disable the ability of users to perform interactive startups, as appropriate., CC ID: 05283
Set the /etc/passwd file's NIS file inclusions properly., CC ID: 05284
Configure the "Turn off Help Ratings" setting., CC ID: 05285
Configure the "Decoy Admin Account Not Disabled" policy properly., CC ID: 05286
Configure the "Additional restrictions for anonymous connections" policy properly., CC ID: 05287
Configure the "Anonymous access to the registry" policy properly., CC ID: 05288
Configure the File System Checker and Popups setting., CC ID: 05289
Configure the System File Checker setting., CC ID: 05290
Configure the System File Checker Progress Meter setting., CC ID: 05291
Configure the Protect Kernel object attributes properly., CC ID: 05292
Configure the "Deleted Cached Copies of Roaming Profiles" policy properly., CC ID: 05293
Verify that the X*.hosts file lists all authorized X-clients., CC ID: 05294
Verify all files are owned by an existing account and group., CC ID: 05295
Verify programs executed through the aliases file are owned by an appropriate user or group., CC ID: 05296
Verify programs executed through the aliases file are stored in a directory with an appropriate owner., CC ID: 05297
Verify the at directory is owned by an appropriate user or group., CC ID: 05298
Verify the at.allow file is owned by an appropriate user or group., CC ID: 05299
Verify the at.deny file is owned by an appropriate user or group., CC ID: 05300
Verify the crontab directories are owned by an appropriate user or group., CC ID: 05302
Verify the cron.allow file is owned by an appropriate user or group., CC ID: 05303
Verify the cron.deny file is owned by an appropriate user or group., CC ID: 05304
Verify crontab files are owned by an appropriate user or group., CC ID: 05305
Verify the /etc/resolv.conf file is owned by an appropriate user or group., CC ID: 05306
Verify the /etc/named.boot file is owned by an appropriate user or group., CC ID: 05307
Verify the /etc/named.conf file is owned by an appropriate user or group., CC ID: 05308
Verify the /var/named/chroot/etc/named.conf file is owned by an appropriate user or group., CC ID: 05309
Verify home directories are owned by an appropriate user or group., CC ID: 05310
Verify the inetd.conf file is owned by an appropriate user or group., CC ID: 05311
Verify /etc/exports are owned by an appropriate user or group., CC ID: 05312
Verify exported files and exported directories are owned by an appropriate user or group., CC ID: 05313
Restrict the exporting of files and directories, as necessary., CC ID: 16315
Verify the /etc/services file is owned by an appropriate user or group., CC ID: 05314
Verify the /etc/notrouter file is owned by an appropriate user or group., CC ID: 05315
Verify the /etc/samba/smb.conf file is owned by an appropriate user or group., CC ID: 05316
Verify the smbpasswd file and smbpasswd executable are owned by an appropriate user or group., CC ID: 05317
Verify the aliases file is owned by an appropriate user or group., CC ID: 05318
Verify the log file configured to capture critical sendmail messages is owned by an appropriate user or group., CC ID: 05319
Verify Shell files are owned by an appropriate user or group., CC ID: 05320
Verify the snmpd.conf file is owned by an appropriate user or group., CC ID: 05321
Verify the /etc/syslog.conf file is owned by an appropriate user or group., CC ID: 05322
Verify the traceroute executable is owned by an appropriate user or group., CC ID: 05323
Verify the /usr/lib/sendmail file is owned by an appropriate user or group., CC ID: 05324
Verify the /etc/passwd file is owned by an appropriate user or group., CC ID: 05325
Verify the /etc/shadow file is owned by an appropriate user or group., CC ID: 05326
Verify the /etc/security/audit/config file is owned by an appropriate user or group., CC ID: 05327
Verify the /etc/securit/audit/events file is owned by an appropriate user or group., CC ID: 05328
Verify the /etc/security/audit/objects file is owned by an appropriate user or group., CC ID: 05329
Verify the /usr/lib/trcload file is owned by an appropriate user or group., CC ID: 05330
Verify the /usr/lib/semutil file is owned by an appropriate user or group., CC ID: 05331
Verify system files are owned by an appropriate user or group., CC ID: 05332
Verify the default/skeleton dot files are owned by an appropriate user or group., CC ID: 05333
Verify the global initialization files are owned by an appropriate user or group., CC ID: 05334
Verify the /etc/rc.config.d/auditing file is owned by an appropriate user or group., CC ID: 05335
Verify the /etc/init.d file is owned by an appropriate user or group., CC ID: 05336
Verify the /etc/hosts.lpd file is owned by an appropriate user or group., CC ID: 05337
Verify the /etc/auto.master file is owned by an appropriate user or group., CC ID: 05338
Verify the /etc/auto.misc file is owned by an appropriate user or group., CC ID: 05339
Verify the /etc/auto.net file is owned by an appropriate user or group., CC ID: 05340
Verify the boot/grub/grub.conf file is owned by an appropriate user or group., CC ID: 05341
Verify the /etc/lilo.conf file is owned by an appropriate user or group., CC ID: 05342
Verify the /etc/login.access file is owned by an appropriate user or group., CC ID: 05343
Verify the /etc/security/access.conf file is owned by an appropriate user or group., CC ID: 05344
Verify the /etc/sysctl.conf file is owned by an appropriate user or group., CC ID: 05345
Verify the /etc/securetty file is owned by an appropriate user or group., CC ID: 05346
Verify the /etc/audit/auditd.conf file is owned by an appropriate user or group., CC ID: 05347
Verify the audit.rules file is owned by an appropriate user or group., CC ID: 05348
Verify the /etc/group file is owned by an appropriate user or group., CC ID: 05349
Verify the /etc/gshadow file is owned by an appropriate user or group., CC ID: 05350
Verify the /usr/sbin/userhelper file is owned by an appropriate user or group., CC ID: 05351
Verify all syslog log files are owned by an appropriate user or group., CC ID: 05352
Verify the /etc/anacrontab file is owned by an appropriate user or group., CC ID: 05353
Verify the /etc/pki/tls/ldap file is owned by an appropriate user or group., CC ID: 05354
Verify the /etc/pki/tls/ldap/serverkey.pem file is owned by an appropriate user or group., CC ID: 05355
Verify the /etc/pki/tls/CA/cacert.pem file is owned by an appropriate user or group., CC ID: 05356
Verify the /etc/pki/tls/ldap/servercert.pem file is owned by an appropriate user or group., CC ID: 05357
Verify the var/lib/ldap/* files are owned by an appropriate user or group., CC ID: 05358
Verify the /etc/httpd/conf/* files are owned by an appropriate user or group., CC ID: 05359
Verify the /etc/auto_* file is owned by an appropriate user., CC ID: 05360
Verify the /etc/rmmount.conf file is owned by an appropriate user or group., CC ID: 05361
Verify the /var/log/pamlog log is owned by an appropriate user or group., CC ID: 05362
Verify the /etc/security/audit_control file is owned by an appropriate user or group., CC ID: 05363
Verify the /etc/security/audit_class file is owned by an appropriate user or group., CC ID: 05364
Verify the /etc/security/audit_event file is owned by an appropriate user or group., CC ID: 05365
Verify the ASET userlist file is owned by an appropriate user or group., CC ID: 05366
Verify the /var directory is owned by an appropriate user., CC ID: 05367
Verify the /var/log directory is owned by an appropriate user., CC ID: 05368
Verify the /var/adm directory is owned by an appropriate user., CC ID: 05369
Restrict the debug level daemon logging file owner and daemon debug group owner., CC ID: 05370
Restrict the Cron log file owner and Cron group owner., CC ID: 05371
Restrict the system accounting file owner and system accounting group owner., CC ID: 05372
Restrict audit log file ownership and audit group ownership., CC ID: 05373
Set the X server timeout properly., CC ID: 05374
Configure each user's authentication mechanism (system attribute) properly., CC ID: 05375
Enable or disable SeLinux, as appropriate., CC ID: 05376
Set the SELinux state properly., CC ID: 05377
Set the SELinux policy properly., CC ID: 05378
Configure Dovecot properly., CC ID: 05379
Configure the "Prohibit Access of the Windows Connect Now Wizards" setting., CC ID: 05380
Configure the "Allow remote access to the PnP interface" setting., CC ID: 05381
Configure the "Do not create system restore point when new device driver installed" setting., CC ID: 05382
Configure the "Turn Off Access to All Windows Update Feature" setting., CC ID: 05383
Configure the "Turn Off Automatic Root Certificates Update" setting., CC ID: 05384
Configure the "Turn Off Event Views 'Events.asp' Links" setting., CC ID: 05385
Configure "Turn Off Handwriting Recognition Error Reporting" to organizational standards., CC ID: 05386
Configure the "Turn off Help and Support Center 'Did You Know?' content" setting., CC ID: 05387
Configure the "Turn Off Help and Support Center Microsoft Knowledge Base Search" setting., CC ID: 05388
Configure the "Turn Off Internet File Association Service" setting., CC ID: 05389
Configure the "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting., CC ID: 05390
Configure the "Turn off the 'Order Prints' Picture task" setting., CC ID: 05391
Configure the "Turn Off Windows Movie Maker Online Web Links" setting., CC ID: 05392
Configure the "Turn Off Windows Movie Maker Saving to Online Video Hosting Provider" setting., CC ID: 05393
Configure the "Don't Display the Getting Started Welcome Screen at Logon" setting., CC ID: 05394
Configure the "Turn off Windows Startup Sound" setting., CC ID: 05395
Configure the "Allow only Vista or later connections" setting., CC ID: 05396
Configure the "Turn on bandwidth optimization" setting., CC ID: 05397
Configure the "Prevent IIS Installation" setting., CC ID: 05398
Configure the "Turn off Active Help" setting., CC ID: 05399
Configure the "Turn off Untrusted Content" setting., CC ID: 05400
Configure the "Turn off downloading of enclosures" setting., CC ID: 05401
Configure "Allow indexing of encrypted files" to organizational standards., CC ID: 05402
Configure the "Prevent indexing uncached Exchange folders" setting., CC ID: 05403
Configure the "Turn off Windows Calendar" setting., CC ID: 05404
Configure the "Turn off Windows Defender" setting., CC ID: 05405
Configure the "Turn off Heap termination on corruption" setting to organizational standards., CC ID: 05406
Configure the "Turn off shell protocol protected mode" setting to organizational standards., CC ID: 05407
Configure the "Prohibit non-administrators from applying vendor signed updates" setting., CC ID: 05408
Configure the "Report when logon server was not available during user logon" setting., CC ID: 05409
Configure the "Turn off the communication features" setting., CC ID: 05410
Configure the "Turn off Windows Mail application" setting., CC ID: 05411
Configure the "Prevent Windows Media DRM Internet Access" setting., CC ID: 05412
Configure the "Turn off Windows Meeting Space" setting., CC ID: 05413
Configure the "Turn on Windows Meeting Space auditing" setting., CC ID: 05414
Configure the "Disable unpacking and installation of gadgets that are not digitally signed" setting., CC ID: 05415
Configure the "Override the More Gadgets Link" setting., CC ID: 05416
Configure the "Turn Off User Installed Windows Sidebar Gadgets" setting., CC ID: 05417
Configure the "Do not allow Digital Locker to run" setting., CC ID: 05418
Configure the "Turn off Downloading of Game Information" setting., CC ID: 05419
Configure "Turn on Responder (RSPNDR) driver" to organizational standards., CC ID: 05420
Verify ExecShield has been randomly placed in Virtual Memory regions., CC ID: 05436
Enable the ExecShield, as appropriate., CC ID: 05421
Configure Kernel support for the XD/NX processor feature, as appropriate., CC ID: 05422
Configure the XD/NX processor feature in the BIOS, as appropriate., CC ID: 05423
Configure the Shell for the bin account properly., CC ID: 05424
Configure the Shell for the nuucp account properly., CC ID: 05425
Configure the Shell for the smmsp account properly., CC ID: 05426
Configure the Shell for the listen account properly., CC ID: 05427
Configure the Shell for the gdm account properly., CC ID: 05428
Configure the Shell for the webservd account properly., CC ID: 05429
Configure the Shell for the nobody account properly., CC ID: 05430
Configure the Shell for the noaccess account properly., CC ID: 05431
Configure the Shell for the nobody4 account properly., CC ID: 05432
Configure the Shell for the adm account properly., CC ID: 05433
Configure the Shell for the lp account properly., CC ID: 05434
Configure the Shell for the uucp account properly., CC ID: 05435
Set the noexec_user_stack parameter properly., CC ID: 05437
Set the no_exec_user_stack_log parameter properly., CC ID: 05438
Set the noexec_user_stack flag on the user stack properly., CC ID: 05439
Set the TCP max connection limit properly., CC ID: 05440
Set the TCP abort interval properly., CC ID: 05441
Enable or disable the GNOME screenlock, as appropriate., CC ID: 05442
Set the ARP cache cleanup interval properly., CC ID: 05443
Set the ARP IRE scan rate properly., CC ID: 05444
Disable proxy ARP on all interfaces., CC ID: 06570
Set the FileSpaceSwitch variable to an appropriate value., CC ID: 05445
Set the wakeup switchpoint frequency to an appropriate time interval., CC ID: 05446
Enable or disable the setuid option on removable storage media, as appropriate., CC ID: 05447
Configure TCP/IP PMTU Discovery, as appropriate., CC ID: 05991
Configure Secure Shell to enable or disable empty passwords, as appropriate., CC ID: 06016
Configure each user's Screen Saver Executable Name., CC ID: 06027
Configure the NIS+ server to operate at an appropriate security level., CC ID: 06038
Configure the "restrict guest access to system log" policy, as appropriate., CC ID: 06047
Configure the "Block saving of Open XML file types" setting, as appropriate., CC ID: 06048
Enable or disable user-initiated system crashes via the CTRL+SCROLL LOCK+SCROLL LOCK sequence for keyboards., CC ID: 06051
Configure the "Syskey mode" to organizational standards., CC ID: 06052
Configure the Trusted Platform Module (TPM) platform validation profile, as appropriate., CC ID: 06056
Configure the "Allow Remote Shell Access" setting, as appropriate., CC ID: 06057
Configure the "Prevent the computer from joining a homegroup" setting, as appropriate., CC ID: 06058
Enable or disable the authenticator requirement after waking, as appropriate., CC ID: 06059
Enable or disable the standby states, as appropriate., CC ID: 06060
Configure the Trusted Platform Module startup options properly., CC ID: 06061
Configure the system to purge Policy Caches., CC ID: 06569
Separate authenticator files and application system data on different file systems., CC ID: 06790
Configure Application Programming Interfaces to limit or shut down interactivity based upon a rate limit., CC ID: 06811
Configure the "all world-writable directories" user ownership to organizational standards., CC ID: 08714
Configure the "all rsyslog log" files group ownership to organizational standards., CC ID: 08715
Configure the "all rsyslog log" files user ownership to organizational standards., CC ID: 08716
Configure the "Executable stack" setting to organizational standards., CC ID: 08969
Configure the "smbpasswd executable" user ownership to organizational standards., CC ID: 08975
Configure the "traceroute executable" group ownership to organizational standards., CC ID: 08980
Configure the "traceroute executable" user ownership to organizational standards., CC ID: 08981
Configure the "Apache configuration" directory group ownership to organizational standards., CC ID: 08991
Configure the "Apache configuration" directory user ownership to organizational standards., CC ID: 08992
Configure the "/var/log/httpd/" file group ownership to organizational standards., CC ID: 09027
Configure the "/etc/httpd/conf.d" file group ownership to organizational standards., CC ID: 09028
Configure the "/etc/httpd/conf/passwd" file group ownership to organizational standards., CC ID: 09029
Configure the "/usr/sbin/apachectl" file group ownership to organizational standards., CC ID: 09030
Configure the "/usr/sbin/httpd" file group ownership to organizational standards., CC ID: 09031
Configure the "/var/www/html" file group ownership to organizational standards., CC ID: 09032
Configure the "log files" the "/var/log/httpd/" directory user ownership to organizational standards., CC ID: 09034
Configure the "/etc/httpd/conf.d" file ownership to organizational standards., CC ID: 09035
Configure the "/etc/httpd/conf/passwd" file ownership to organizational standards., CC ID: 09036
Configure the "/usr/sbin/apachectl" file ownership to organizational standards., CC ID: 09037
Configure the "/usr/sbin/httpd" file ownership to organizational standards., CC ID: 09038
Configure the "/var/www/html" file ownership to organizational standards., CC ID: 09039
Configure the "httpd.conf" file user ownership to organizational standards., CC ID: 09055
Configure the "httpd.conf" group ownership to organizational standards., CC ID: 09056
Configure the "htpasswd" file user ownership to organizational standards., CC ID: 09058
Configure the "htpasswd" file group ownership to organizational standards., CC ID: 09059
Configure the "files specified by CustomLog" user ownership to organizational standards., CC ID: 09074
Configure the "files specified by CustomLog" group ownership to organizational standards., CC ID: 09075
Configure the "files specified by ErrorLog" user ownership to organizational standards., CC ID: 09076
Configure the "files specified by ErrorLog" group ownership to organizational standards., CC ID: 09077
Configure the "directories specified by ScriptAlias" user ownership to organizational standards., CC ID: 09079
Configure the "directories specified by ScriptAlias" group ownership to organizational standards., CC ID: 09080
Configure the "directories specified by ScriptAliasMatch" user ownership to organizational standards., CC ID: 09082
Configure the "directories specified by ScriptAliasMatch" group ownership to organizational standards., CC ID: 09083
Configure the "directories specified by DocumentRoot" user ownership to organizational standards., CC ID: 09085
Configure the "directories specified by DocumentRoot" group ownership to organizational standards., CC ID: 09086
Configure the "directories specified by Alias" user ownership to organizational standards., CC ID: 09088
Configure the "directories specified by Alias" group ownership to organizational standards., CC ID: 09089
Configure the "directories specified by ServerRoot" user ownership to organizational standards., CC ID: 09091
Configure the "directories specified by ServerRoot" group ownership to organizational standards., CC ID: 09092
Configure the "apache /bin" directory user ownership to organizational standards., CC ID: 09094
Configure the "apache /bin" directory group ownership to organizational standards., CC ID: 09095
Configure the "apache /logs" directory user ownership to organizational standards., CC ID: 09097
Configure the "apache /logs" directory group ownership to organizational standards., CC ID: 09098
Configure the "apache /htdocs" directory user ownership to organizational standards., CC ID: 09100
Configure the "apache /htdocs" directory group ownership to organizational standards., CC ID: 09101
Configure the "apache /cgi-bin" directory group ownership to organizational standards., CC ID: 09104
Configure the "User-specific directories" setting to organizational standards., CC ID: 09123
Configure the "apache process ID" file user ownership to organizational standards., CC ID: 09125
Configure the "apache process ID" file group ownership to organizational standards., CC ID: 09126
Configure the "apache scoreboard" file user ownership to organizational standards., CC ID: 09128
Configure the "apache scoreboard" file group ownership to organizational standards., CC ID: 09129
Configure the "Ownership of the asymmetric keys" setting to organizational standards., CC ID: 09289
Configure the "SQLServer2005ReportServerUser" registry key permissions to organizational standards., CC ID: 09326
Configure the "SQLServerADHelperUser" registry key permissions to organizational standards., CC ID: 09329
Configure the "Tomcat home" directory user ownership to organizational standards., CC ID: 09772
Configure the "group" setting for the "Tomcat installation" to organizational standards., CC ID: 09773
Configure the "tomcat conf/" directory user ownership to organizational standards., CC ID: 09774
Configure the "tomcat conf/" directory group ownership to organizational standards., CC ID: 09775
Configure the "tomcat-users.xml" file user ownership to organizational standards., CC ID: 09776
Configure the "tomcat-users.xml" file group ownership to organizational standards., CC ID: 09777
Configure the "group membership" setting for "Tomcat" to organizational standards., CC ID: 09793
Configure the "Tomcat home" directory group ownership to organizational standards., CC ID: 09798
Configure the "Tomcat home/conf/" directory user ownership to organizational standards., CC ID: 09800
Configure the "Tomcat home/conf/" directory group ownership to organizational standards., CC ID: 09801
Configure the "system" files permissions to organizational standards., CC ID: 09922
Configure the "size limit" setting for the "application log" to organizational standards., CC ID: 10063
Configure the "restrict guest access to security log" setting to organizational standards., CC ID: 10064
Configure the "size limit" setting for the "system log" to organizational standards., CC ID: 10065
Configure the "Automatic Update service" setting to organizational standards., CC ID: 10066
Configure the "Safe DLL Search Mode" setting to organizational standards., CC ID: 10067
Configure the "screensaver" setting to organizational standards., CC ID: 10068
Configure the "screensaver" setting for the "default" user to organizational standards., CC ID: 10069
Configure the "Enable User Control Over Installs" setting to organizational standards., CC ID: 10070
Configure the "Enable User to Browser for Source While Elevated" setting to organizational standards., CC ID: 10071
Configure the "Enable User to Use Media Source While Elevated" setting to organizational standards., CC ID: 10072
Configure the "Allow Administrator to Install from Terminal Services Session" setting to organizational standards., CC ID: 10073
Configure the "Enable User to Patch Elevated Products" setting to organizational standards., CC ID: 10074
Configure the "Cache Transforms in Secure Location" setting to organizational standards., CC ID: 10075
Configure the "Disable Media Player for automatic updates" setting to organizational standards., CC ID: 10076
Configure the "Internet access for Windows Messenger" setting to organizational standards., CC ID: 10077
Configure the "Do Not Automatically Start Windows Messenger" setting to organizational standards., CC ID: 10078
Configure the "Hide Property Pages" setting for the "task scheduler" to organizational standards., CC ID: 10079
Configure the "Prohibit New Task Creation" setting for the "task scheduler" to organizational standards., CC ID: 10080
Configure "Set time limit for disconnected sessions" to organizational standards., CC ID: 10081
Configure the "Set time limit for idle sessions" setting to organizational standards., CC ID: 10082
Configure the "Enable Keep-Alive Messages" setting to organizational standards., CC ID: 10083
Configure the "Automatic Updates detection frequency" setting to organizational standards., CC ID: 10084
Configure the "TCPMaxPortsExhausted" setting to organizational standards., CC ID: 10085
Configure the "built-in Administrator" account to organizational standards., CC ID: 10086
Configure the "Prevent System Maintenance of Computer Account Password" setting to organizational standards., CC ID: 10087
Configure the "Digitally Sign Client Communication (When Possible)" setting to organizational standards., CC ID: 10088
Configure the "number of SYN-ACK retransmissions sent when attempting to respond to a SYN request" setting to organizational standards., CC ID: 10089
Configure the "warning level" setting for the "audit log" to organizational standards., CC ID: 10090
Configure the "Change Password" setting for the "Ctrl+Alt+Del dialog" to organizational standards., CC ID: 10091
Configure the "account description" setting for the "built-in Administrator" account to organizational standards., CC ID: 10092
Configure the "Decoy Admin Account Not Disabled" setting to organizational standards., CC ID: 10201
Configure the "when maximum log size is reached" setting for the "Application log" to organizational standards., CC ID: 10202
Configure the "password filtering DLL" setting to organizational standards., CC ID: 10203
Configure the "Anonymous access to the registry" setting to organizational standards., CC ID: 10204
Configure the "Automatic Execution" setting for the "System Debugger" to organizational standards., CC ID: 10205
Configure the "CD-ROM Autorun" setting to organizational standards., CC ID: 10206
Configure the "ResetBrowser Frames" setting to organizational standards., CC ID: 10207
Configure the "Dr. Watson Crash Dumps" setting to organizational standards., CC ID: 10208
Configure the "File System Checker and Popups" setting to organizational standards., CC ID: 10209
Configure the "System File Checker" setting to organizational standards., CC ID: 10210
Configure the "System File Checker Progress Meter" setting to organizational standards., CC ID: 10211
Configure the "number of TCP/IP Maximum Half-open Sockets" setting to organizational standards., CC ID: 10212
Configure the "number of TCP/IP Maximum Retried Half-open Sockets" setting to organizational standards., CC ID: 10213
Configure the "Protect Kernel object attributes" setting to organizational standards., CC ID: 10214
Configure the "Unsigned Non-Driver Installation Behavior" setting to organizational standards., CC ID: 10215
Configure the "Automatically Log Off Users When Logon Time Expires (local)" setting to organizational standards., CC ID: 10216
Configure the "Local volumes" setting to organizational standards., CC ID: 10217
Configure the "Unused USB Ports" setting to organizational standards., CC ID: 10218
Configure the "Set Safe for Scripting" setting to organizational standards., CC ID: 10219
Configure the "Use of the Recycle Bin on file deletion" setting to organizational standards., CC ID: 10220
Configure the "Membership in the Power Users group" setting to organizational standards., CC ID: 10224
Configure the "AutoBackupLogFiles" setting for the "security log" to organizational standards., CC ID: 10225
Configure the "AutoBackupLogFiles" setting for the "application log" to organizational standards., CC ID: 10226
Configure the "AutoBackupLogFiles" setting for the "system log" to organizational standards., CC ID: 10227
Configure the "Syskey Encryption Key location and password method" setting to organizational standards., CC ID: 10228
Configure the "Os2LibPath environmental variable" setting to organizational standards., CC ID: 10229
Configure the "path to the Microsoft OS/2 version 1.x library" setting to organizational standards., CC ID: 10230
Configure the "location of the OS/2 subsystem" setting to organizational standards., CC ID: 10231
Configure the "location of the POSIX subsystem" setting to organizational standards., CC ID: 10232
Configure the "path to the debugger used for Just-In-Time debugging" setting to organizational standards., CC ID: 10234
Configure the "Distributed Component Object Model (DCOM)" setting to organizational standards., CC ID: 10235
Configure the "The "encryption algorithm" setting for "EFS"" setting to organizational standards., CC ID: 10236
Configure the "Interix Subsystem Startup service startup type" setting to organizational standards., CC ID: 10238
Configure the "Services for Unix Perl Socket service startup type" setting to organizational standards., CC ID: 10247
Configure the "Services for Unix Windows Cron service startup type" setting to organizational standards., CC ID: 10248
Configure the "fDisableCdm" setting to organizational standards., CC ID: 10259
Configure the "fDisableClip" setting to organizational standards., CC ID: 10260
Configure the "Inheritance of the shadow setting" setting to organizational standards., CC ID: 10261
Configure the "remote control configuration" setting to organizational standards., CC ID: 10262
Configure the "fDisableCam" setting to organizational standards., CC ID: 10263
Configure the "fDisableCcm" setting to organizational standards., CC ID: 10264
Configure the "fDisableLPT" setting to organizational standards., CC ID: 10265
Configure the "ActiveX installation policy for sites in Trusted zones" setting to organizational standards., CC ID: 10691
Configure the "Add the Administrators security group to roaming user profiles" setting to organizational standards., CC ID: 10694
Configure the "Administratively assigned offline files" setting to organizational standards., CC ID: 10695
Configure the "Apply policy to removable media" setting to organizational standards., CC ID: 10756
Configure the "Baseline file cache maximum size" setting to organizational standards., CC ID: 10763
Configure the "Check for New Signatures Before Scheduled Scans" setting to organizational standards., CC ID: 10770
Configure the "Check published state" setting to organizational standards., CC ID: 10771
Configure the "Communities" setting to organizational standards., CC ID: 10772
Configure the "Computer location" setting to organizational standards., CC ID: 10773
Configure the "Background Sync" setting to organizational standards., CC ID: 10775
Configure the "Corporate Windows Error Reporting" setting to organizational standards., CC ID: 10777
Configure the "Corrupted File Recovery Behavior" setting to organizational standards., CC ID: 10778
Configure the "Default consent" setting to organizational standards., CC ID: 10780
Configure the "list of IEEE 1667 silos usable on your computer" setting to organizational standards., CC ID: 10792
Configure the "Microsoft SpyNet Reporting" setting to organizational standards., CC ID: 10794
Configure the "MSI Corrupted File Recovery Behavior" setting to organizational standards., CC ID: 10795
Configure the "Reliability WMI Providers" setting to organizational standards., CC ID: 10804
Configure the "Report Archive" setting to organizational standards., CC ID: 10805
Configure the "Report Queue" setting to organizational standards., CC ID: 10806
Configure the "root certificate clean up" setting to organizational standards., CC ID: 10807
Configure the "Security Policy for Scripted Diagnostics" setting to organizational standards., CC ID: 10816
Configure the "list of blocked TPM commands" setting to organizational standards., CC ID: 10822
Configure the "refresh interval for Server Manager" setting to organizational standards., CC ID: 10823
Configure the "server address, refresh interval, and issuer certificate authority of a target Subscription Manager" setting to organizational standards., CC ID: 10824
Configure the "Customize consent settings" setting to organizational standards., CC ID: 10837
Configure the "Default behavior for AutoRun" setting to organizational standards., CC ID: 10839
Configure the "Define Activation Security Check exemptions" setting to organizational standards., CC ID: 10841
Configure the "Define host name-to-Kerberos realm mappings" setting to organizational standards., CC ID: 10842
Configure the "Define interoperable Kerberos V5 realm settings" setting to organizational standards., CC ID: 10843
Configure the "Delay Restart for scheduled installations" setting to organizational standards., CC ID: 10844
Configure the "Delete cached copies of roaming profiles" setting to organizational standards., CC ID: 10845
Configure the "Delete user profiles older than a specified number of days on system restart" setting to organizational standards., CC ID: 10847
Configure the "Diagnostics: Configure scenario retention" setting to organizational standards., CC ID: 10857
Configure the "Directory pruning interval" setting to organizational standards., CC ID: 10858
Configure the "Directory pruning priority" setting to organizational standards., CC ID: 10859
Configure the "Directory pruning retry" setting to organizational standards., CC ID: 10860
Configure the "Disk Diagnostic: Configure custom alert text" setting to organizational standards., CC ID: 10882
Configure the "Display Shutdown Event Tracker" setting to organizational standards., CC ID: 10888
Configure the "Display string when smart card is blocked" setting to organizational standards., CC ID: 10889
Configure the "Do not automatically encrypt files moved to encrypted folders" setting to organizational standards., CC ID: 10924
Configure the "Do not check for user ownership of Roaming Profile Folders" setting to organizational standards., CC ID: 10925
Configure the "Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names" setting to organizational standards., CC ID: 10932
Configure the "Do not send additional data" machine setting should be configured correctly. to organizational standards., CC ID: 10934
Configure the "Domain Controller Address Type Returned" setting to organizational standards., CC ID: 10939
Configure the "Domain Location Determination URL" setting to organizational standards., CC ID: 10940
Configure the "Don't set the always do this checkbox" setting to organizational standards., CC ID: 10941
Configure the "Download missing COM components" setting to organizational standards., CC ID: 10942
Configure the "Dynamic Update" setting to organizational standards., CC ID: 10944
Configure the "Enable client-side targeting" setting to organizational standards., CC ID: 10946
Configure the "Enable NTFS pagefile encryption" setting to organizational standards., CC ID: 10948
Configure the "Enable Persistent Time Stamp" setting to organizational standards., CC ID: 10949
Configure the "Enable Transparent Caching" setting to organizational standards., CC ID: 10950
Configure the "Enable Windows NTP Client" setting to organizational standards., CC ID: 10951
Configure the "Enable Windows NTP Server" setting to organizational standards., CC ID: 10952
Configure the "Encrypt the Offline Files cache" setting to organizational standards., CC ID: 10955
Configure the "Enforce upgrade component rules" setting to organizational standards., CC ID: 10958
Configure the "Events.asp program" setting to organizational standards., CC ID: 10959
Configure the "Events.asp program command line parameters" setting to organizational standards., CC ID: 10960
Configure the "Events.asp URL" setting to organizational standards., CC ID: 10961
Configure the "Exclude credential providers" setting to organizational standards., CC ID: 10962
Configure the "Exclude files from being cached" setting to organizational standards., CC ID: 10963
Configure the "Final DC Discovery Retry Setting for Background Callers" setting to organizational standards., CC ID: 10968
Configure the "For tablet pen input, don't show the Input Panel icon" setting to organizational standards., CC ID: 10973
Configure the "For touch input, don't show the Input Panel icon" setting to organizational standards., CC ID: 10974
Configure the "Force Rediscovery Interval" setting to organizational standards., CC ID: 10975
Configure the "Force selected system UI language to overwrite the user UI language" setting to organizational standards., CC ID: 10976
Configure the "Force the reading of all certificates from the smart card" setting to organizational standards., CC ID: 10977
Configure the "ForwarderResourceUsage" setting to organizational standards., CC ID: 10978
Configure the "Global Configuration Settings" setting to organizational standards., CC ID: 10979
Configure the "Hash Publication for BranchCache" setting to organizational standards., CC ID: 10986
Configure the "Hide entry points for Fast User Switching" setting to organizational standards., CC ID: 10987
Configure the "Hide notifications about RD Licensing problems that affect the RD Session Host server" setting to organizational standards., CC ID: 10988
Configure the "Hide previous versions list for local files" setting to organizational standards., CC ID: 10989
Configure the "Hide previous versions of files on backup location" setting to organizational standards., CC ID: 10991
Configure the "Ignore custom consent settings" setting to organizational standards., CC ID: 10992
Configure the "Ignore Delegation Failure" setting to organizational standards., CC ID: 10993
Configure the "Ignore the default list of blocked TPM commands" setting to organizational standards., CC ID: 10994
Configure the "Ignore the local list of blocked TPM commands" setting to organizational standards., CC ID: 10995
Configure the "Include rarely used Chinese, Kanji, or Hanja characters" setting to organizational standards., CC ID: 10996
Configure the "Initial DC Discovery Retry Setting for Background Callers" setting to organizational standards., CC ID: 10997
Configure the "IP-HTTPS State" setting to organizational standards., CC ID: 11000
Configure the "ISATAP Router Name" setting to organizational standards., CC ID: 11001
Configure the "ISATAP State" setting to organizational standards., CC ID: 11002
Configure the "License server security group" setting to organizational standards., CC ID: 11005
Configure the "List of applications to be excluded" setting to organizational standards., CC ID: 11023
Configure the "Lock Enhanced Storage when the computer is locked" setting to organizational standards., CC ID: 11025
Configure the "Make Parental Controls control panel visible on a Domain" setting to organizational standards., CC ID: 11039
Configure the "MaxConcurrentUsers" setting to organizational standards., CC ID: 11040
Configure the "Maximum DC Discovery Retry Interval Setting for Background Callers" setting to organizational standards., CC ID: 11041
Configure the "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider" setting to organizational standards., CC ID: 11045
Configure the "Negative DC Discovery Cache Setting" setting to organizational standards., CC ID: 11047
Configure the "Non-conforming packets" setting to organizational standards., CC ID: 11053
Configure the "Notify blocked drivers" setting to organizational standards., CC ID: 11054
Configure the "Notify user of successful smart card driver installation" setting to organizational standards., CC ID: 11055
Configure the "Permitted Managers" setting to organizational standards., CC ID: 11062
Configure the "Positive Periodic DC Cache Refresh for Background Callers" setting to organizational standards., CC ID: 11063
Configure the "Positive Periodic DC Cache Refresh for Non-Background Callers" setting to organizational standards., CC ID: 11064
Configure the "Prioritize all digitally signed drivers equally during the driver ranking and selection process" setting to organizational standards., CC ID: 11098
Configure the "Prompt for credentials on the client computer" setting to organizational standards., CC ID: 11108
Configure the "Propagation of extended error information" setting to organizational standards., CC ID: 11110
Configure the "Register PTR Records" setting to organizational standards., CC ID: 11121
Configure the "Registration Refresh Interval" setting to organizational standards., CC ID: 11122
Configure the "Remove Program Compatibility Property Page" setting to organizational standards., CC ID: 11128
Configure the "Remove users ability to invoke machine policy refresh" setting to organizational standards., CC ID: 11129
Configure the "Remove Windows Security item from Start menu" setting to organizational standards., CC ID: 11130
Configure the "Re-prompt for restart with scheduled installations" setting to organizational standards., CC ID: 11131
Configure the "Require secure RPC communication" setting to organizational standards., CC ID: 11134
Configure the "Require strict KDC validation" setting to organizational standards., CC ID: 11135
Configure the "Reverse the subject name stored in a certificate when displaying" setting to organizational standards., CC ID: 11148
Configure the "RPC Troubleshooting State Information" setting to organizational standards., CC ID: 11150
Configure the "Run shutdown scripts visible" setting to organizational standards., CC ID: 11152
Configure the "Run startup scripts asynchronously" setting to organizational standards., CC ID: 11153
Configure the "Run startup scripts visible" setting to organizational standards., CC ID: 11154
Configure the "Scavenge Interval" setting to organizational standards., CC ID: 11158
Configure the "Server Authentication Certificate Template" setting to organizational standards., CC ID: 11170
Configure the "Set BranchCache Distributed Cache mode" setting to organizational standards., CC ID: 11172
Configure the "Set BranchCache Hosted Cache mode" setting to organizational standards., CC ID: 11173
Configure the "Set compression algorithm for RDP data" setting to organizational standards., CC ID: 11174
Configure the "Set percentage of disk space used for client computer cache" setting to organizational standards., CC ID: 11177
Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Global" to organizational standards., CC ID: 11178
Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Site Local" to organizational standards., CC ID: 11180
Configure the "Set the Email IDs to which notifications are to be sent" setting to organizational standards., CC ID: 11184
Configure the "Set the map update interval for NIS subordinate servers" setting to organizational standards., CC ID: 11186
Configure the "Set the Seed Server" setting for "IPv6 Global" to organizational standards., CC ID: 11189
Configure the "Set the Seed Server" setting for "IPv6 Site Local" to organizational standards., CC ID: 11191
Configure the "Set the SMTP Server used to send notifications" setting to organizational standards., CC ID: 11192
Configure the "Set timer resolution" setting to organizational standards., CC ID: 11196
Configure the "Sets how often a DFS Client discovers DC's" setting to organizational standards., CC ID: 11199
Configure the "Short name creation options" setting to organizational standards., CC ID: 11200
Configure the "Site Name" setting to organizational standards., CC ID: 11201
Configure the "Specify a default color" setting to organizational standards., CC ID: 11208
Configure the "Specify idle Timeout" setting to organizational standards., CC ID: 11210
Configure the "Specify maximum amount of memory in MB per Shell" setting to organizational standards., CC ID: 11211
Configure the "Specify maximum number of processes per Shell" setting to organizational standards., CC ID: 11212
Configure the "Specify Shell Timeout" setting to organizational standards., CC ID: 11216
Configure the "Specify Windows installation file location" setting to organizational standards., CC ID: 11225
Configure the "Specify Windows Service Pack installation file location" setting to organizational standards., CC ID: 11226
Configure the "SSL Cipher Suite Order" setting to organizational standards., CC ID: 11227
Configure the "Switch to the Simplified Chinese (PRC) gestures" setting to organizational standards., CC ID: 11230
Configure the "Sysvol share compatibility" setting to organizational standards., CC ID: 11231
Configure the "Tag Windows Customer Experience Improvement data with Study Identifier" setting to organizational standards., CC ID: 11232
Configure the "Teredo Client Port" setting to organizational standards., CC ID: 11236
Configure the "Teredo Default Qualified" setting to organizational standards., CC ID: 11237
Configure the "Teredo Refresh Rate" setting to organizational standards., CC ID: 11238
Configure the "Teredo Server Name" setting to organizational standards., CC ID: 11239
Configure the "Teredo State" setting to organizational standards., CC ID: 11240
Configure the "Time (in seconds) to force reboot" setting to organizational standards., CC ID: 11242
Configure the "Time (in seconds) to force reboot when required for policy changes to take effect" setting to organizational standards., CC ID: 11243
Configure the "Timeout for fast user switching events" setting to organizational standards., CC ID: 11244
Configure the "Traps for public community" setting to organizational standards., CC ID: 11246
Configure the "Trusted Hosts" setting to organizational standards., CC ID: 11249
Configure the "Try Next Closest Site" setting to organizational standards., CC ID: 11250
Configure the "TTL Set in the A and PTR records" setting to organizational standards., CC ID: 11251
Configure the "Turn on Accounting for WSRM" setting to organizational standards., CC ID: 11333
Configure the "Turn on BranchCache" setting to organizational standards., CC ID: 11334
Configure the "Turn on certificate propagation from smart card" setting to organizational standards., CC ID: 11335
Configure the "Turn On Compatibility HTTP Listener" setting to organizational standards., CC ID: 11336
Configure the "Turn On Compatibility HTTPS Listener" setting to organizational standards., CC ID: 11337
Configure the "Turn on definition updates through both WSUS and the Microsoft Malware Protection Center" setting to organizational standards., CC ID: 11338
Configure the "Turn on definition updates through both WSUS and Windows Update" setting to organizational standards., CC ID: 11339
Configure the "Turn on economical application of administratively assigned Offline Files" setting to organizational standards., CC ID: 11342
Configure the "Turn on Mapper I/O (LLTDIO) driver" setting to organizational standards., CC ID: 11346
Configure the "Turn on recommended updates via Automatic Updates" setting to organizational standards., CC ID: 11347
Configure the "Turn on root certificate propagation from smart card" setting to organizational standards., CC ID: 11349
Configure the "Turn on Software Notifications" setting to organizational standards., CC ID: 11352
Configure the "Turn on TPM backup to Active Directory Domain Services" setting to organizational standards., CC ID: 11356
Configure the "Use forest search order" setting for "Key Distribution Center (KDC) searches" to organizational standards., CC ID: 11359
Configure the "Use forest search order" setting for "Kerberos client searches" to organizational standards., CC ID: 11360
Configure the "Use IP Address Redirection" setting to organizational standards., CC ID: 11361
Configure the "Use localized subfolder names when redirecting Start Menu and My Documents" setting to organizational standards., CC ID: 11362
Configure the "Use mandatory profiles on the RD Session Host server" setting to organizational standards., CC ID: 11363
Configure the "Verbose vs normal status messages" setting to organizational standards., CC ID: 11368
Configure the "Verify old and new Folder Redirection targets point to the same share before redirecting" setting to organizational standards., CC ID: 11369
Configure the "Windows Scaling Heuristics State" setting to organizational standards., CC ID: 11372
Configure the "Obtain Software Package Updates with apt-get" setting to organizational standards., CC ID: 11375
Configure the "display a banner before authentication" setting for "LightDM" to organizational standards., CC ID: 11385
Configure the "shadow" group to organizational standards., CC ID: 11386
Configure the "AppArmor" setting to organizational standards., CC ID: 11387

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

Information system assets should be adequately protected from unauthorised access, misuse or fraudulent modification, insertion, deletion, substitution, suppression or disclosure. (§ 4.1.1, Monetary Authority of Singapore: Technology Risk Management Guidelines)
The FI should configure IT systems and devices with security settings that are consistent with the expected level of protection. The FI should establish baseline standards to facilitate consistent application of security configurations to operating systems, databases, network devices and enterprise … (§ 9.3.1, Monetary Authority of Singapore: Technology Risk Management Guidelines)
If using remote access without the use of a passphrase, the 'forced command' option is used to specify what command is executed and parameter checked is enabled. (Security Control: 0488; Revision: 3, Australian Government Information Security Manual)
Device access control software is implemented on workstations and servers to prevent unauthorised devices from being connected. (Security Control: 1418; Revision: 2, Australian Government Information Security Manual)
When using infrared keyboards, infrared ports are positioned to prevent line of sight and reflected communications travelling into an unsecured space. (Security Control: 0222; Revision: 2, Australian Government Information Security Manual)
The procedures for reviewing user accounts, system parameters, and access controls should be included in the Standard Operating Procedures for the information technology security officer. (Control: 0790 Table Row "System integrity audit", Australian Government Information Security Manual: Controls)
The organization must configure the Database Management System software to run as a separate account with the least amount of privileges needed. (Control: 1249, Australian Government Information Security Manual: Controls)
The organization must store particularly sensitive information in a database only when it is absolutely necessary to meet the business requirements. (Control: 1253, Australian Government Information Security Manual: Controls)
The organization should deny users the ability to disable the screen locking mechanism or session locking mechanism, for systems classified below top secret. (Control: 0427 Bullet 6, Australian Government Information Security Manual: Controls)
The organization must deny users the ability to disable the screen locking mechanism or session locking mechanism, for top secret systems. (Control: 0428 Bullet 6, Australian Government Information Security Manual: Controls)
The organization should use parameter checking when it uses the 'forced command' option for remote access. (Control: 0997, Australian Government Information Security Manual: Controls)
The organization must prevent users from disabling the security functions on mobile devices once it has been issued to them. (Control: 0864, Australian Government Information Security Manual: Controls)
The organization should apply Two-Person Control to extremely sensitive Information Technology assets, e.g., Personal Identification Number generation and encryption keys. (¶ 44(k), APRA Prudential Practice Guide 234: Management of security risk in information and information technology)
High-risk AI systems shall be resilient as regards attempts by unauthorised third parties to alter their use or performance by exploiting the system vulnerabilities. (Article 15 4. ¶ 1, Proposal for a Regulation of The European Parliament and of The Council Laying Down Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts)
Security parameters on the network, operating system (host and guest), database and application level (where relevant to the cloud service) are configured appropriately to avoid unauthorised access. If no two-factor authentication or use of one-time passwords is possible, the use of secure passwords… (Section 5.7 IDM-11 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
Interview System Administrators and/or security managers to verify that they have knowledge of common security parameter settings for system components. (§ 2.2.3.a, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
Verify that common security parameter settings are included in the system configuration standards. (§ 2.2.3.b, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
For a sample of system components, verify that common security parameters are set appropriately. (§ 2.2.3.c, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
Verify the system configuration standards include procedures for configuring the system security parameters to prevent misuse. (Testing Procedures § 2.2.d Bullet 5, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
The organization must ensure all system security parameters are configured to prevent misuse. (§ 2.2.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
Interview system administrators and/or security managers to verify that they have knowledge of common security parameter settings for system components. (§ 2.2.3.a Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
Verify that common security parameter settings are included in the system configuration standards. (§ 2.2.3.b Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
For a sample of system components, verify that common security parameters are set appropriately. (§ 2.2.3.c Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
All insecure required services, protocols, and daemons must have additional security features implemented, such as using secured technologies to protect the insecure services. (PCI DSS Requirements § 2.2.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
System security parameters must be configured to prevent misuse. (PCI DSS Requirements § 2.2.4, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
Configure system security parameters to prevent misuse. (2.2.4, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.1 April 2015)
Configure system security parameters to prevent misuse. (2.2.4, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
Configure system security parameters to prevent misuse. (2.2.4, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2)
Do system configuration standards include all of the following: - Changing of all vendor-supplied defaults and elimination of unnecessary default accounts? - Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2 (d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
Are common system security parameters settings included in the system configuration standards? (2.2.4 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
Are security parameter settings set appropriately on system components? (2.2.4 (c), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
Do system configuration standards include all of the following: - Changing of all vendor-supplied defaults and elimination of unnecessary default accounts? - Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2(d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.2)
Are security parameter settings set appropriately on system components? (2.2.4(c), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.2)
Do system configuration standards include all of the following: - Changing of all vendor-supplied defaults and elimination of unnecessary default accounts? - Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2 (d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
Are common system security parameters settings included in the system configuration standards? (2.2.4 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
Are security parameter settings set appropriately on system components? (2.2.4 (c), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
Are security parameter settings set appropriately on system components? (2.2.4(c), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.2)
Do system configuration standards include all of the following: - Changing of all vendor-supplied defaults and elimination of unnecessary default accounts? - Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2(d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.2)
Are security parameter settings set appropriately on system components? (2.2.4 (c), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.1)
Are security parameter settings set appropriately on system components? (2.2.4(c), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.2)
Do system configuration standards include all of the following: - Changing of all vendor-supplied defaults and elimination of unnecessary default accounts? - Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2 (d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
Do system configuration standards include all of the following: - Changing of all vendor-supplied defaults and elimination of unnecessary default accounts? - Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2(d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.2)
Do system configuration standards include all of the following: - Changing of all vendor-supplied defaults and elimination of unnecessary default accounts? - Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2 (d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
Do system configuration standards include all of the following: - Changing of all vendor-supplied defaults and elimination of unnecessary default accounts? - Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2(d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
Examine the system configuration standards to verify that common security parameter settings are included. (2.2.4.b, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
Select a sample of system components and inspect the common security parameters to verify that they are set appropriately and in accordance with the configuration standards. (2.2.4.c, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
Interview system administrators and/or security managers to verify that they have knowledge of common security parameter settings for system components. (2.2.4.a, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
System security parameters are configured to prevent misuse. (2.2.6, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
Examine system configuration standards to verify they include configuring system security parameters to prevent misuse. (2.2.6.a, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
Examine system configurations to verify that common security parameters are set appropriately and in accordance with the system configuration standards. (2.2.6.c, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
Do system configuration standards include implementing additional security features for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2(d) Bullet 4, PCI DSS Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.0)
Do system configuration standards include configuring system security parameters to prevent misuse? (PCI DSS Question 2.2(d) Bullet 5, PCI DSS Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.0)
Are additional security features documented and implemented for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2.3, PCI DSS Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.0)
Do system configuration standards include implementing additional security features for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2(d) Bullet 4, PCI DSS Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.0)
Do system configuration standards include configuring system security parameters to prevent misuse? (PCI DSS Question 2.2(d) Bullet 5, PCI DSS Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.0)
Are additional security features documented and implemented for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2.3, PCI DSS Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.0)
Are additional security features documented and implemented for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2.3, PCI DSS Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.0)
Do system configuration standards include implementing additional security features for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2(d) Bullet 4, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
Do system configuration standards include configuring system security parameters to prevent misuse? (PCI DSS Question 2.2(d) Bullet 5, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
Are additional security features documented and implemented for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2.3, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
Do system configuration standards include implementing additional security features for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2(d) Bullet 4, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
Do system configuration standards include configuring system security parameters to prevent misuse? (PCI DSS Question 2.2(d) Bullet 5, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
Are additional security features documented and implemented for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2.3, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
System security parameters are configured to prevent misuse. (2.2.6, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
System security parameters are configured to prevent misuse. (2.2.6, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
System security parameters are configured to prevent misuse. (2.2.6, Self-Assessment Questionnaire C-VT and Attestation of Compliance for use with PCI DSS Version 4.0)
System security parameters are configured to prevent misuse. (2.2.6, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
System security parameters are configured to prevent misuse. (2.2.6, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
Client workstations should be configured with a non-persistent virtualized operating environment that can be easily and quickly restored periodically. (Critical Control 2.9, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
The organization should configure the wireless clients that handle organizational data or access the organization's networks so they cannot connect to public wireless networks, except for those specifically allowed. (Critical Control 7.16, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
Improve protections and detections of threats from email and web vectors, as these are opportunities for attackers to manipulate human behavior through direct engagement. (CIS Control 9: Email and Web Browser Protections, CIS Controls, V8)
Protection Against Malicious Code. Users need to be aware that malicious code may be introduced into their environment through network connections. Malicious code may not be detected before damage is done unless suitable safeguards are implemented. Malicious code may result in compromise of security… (¶ 13.6, ISO 13335-5 Information technology - Guidelines for the management of IT Security - Part 5: Management guidance on network security, 2001)
The system should ensure that security policy enforcement functions succeed before functions are allowed to proceed. (§ 15.10, § J.10, ISO 15408-2 Common Criteria for Information Technology Security Evaluation Part 2, 2008)
SL 3 â Prevent the unauthorized disclosure of information to an entity actively searching for it using sophisticated means with moderate resources, IACS specific skills and moderate motivation. (8.1 ¶ 1 Bullet 3, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
The Information Assurance Officer should regularly scan the security posture of the system to identify potential security weaknesses. Waiting for security violations to occur and reacting to them is not adequate. ACLs can be used to grant or deny access to objects based on security groups (users, us… (§ 2.1, § 5.6, § 5.6.4, Defense Information Systems Agency UNISYS Security Technical Implementation Guide Version 7 Release 2, 28 August 2006)
The information assurance officer or network security officer must ensure that all access ports are started in the unauthorized state, when 802.1x port authentication is implemented. (§ 3.4.1.3.3 ¶ AC34.045, DISA Access Control STIG, Version 2, Release 3)
The information assurance officer or network security officer must ensure re-authentication occurs every 60 minutes, when 802.1x port authentication is implemented. (§ 3.4.1.3.3 ¶ AC34.050, DISA Access Control STIG, Version 2, Release 3)
The information assurance officer or network security officer must ensure that if Network Access Control is used, all ports are put into an untrusted state that is not inside the normal forwarding path. (§ 3.4.1.4 ¶ AC34.031, DISA Access Control STIG, Version 2, Release 3)
The System Administrator must ensure security measures have been implemented to prevent security incidents from occurring. (§ 3.2, DISA Secure Remote Computing Security Technical Implementation Guide, Version 1 Release 2)
Â§ 2.2 (WIR3250) Configure a filter on the GMI server to block the download of prohibited file types. Ensure that all required wireless email servers and device configuration settings are implemented. Â§ 3.15.2 Prohibited file types must be blocked from being downloaded on to the smartphone, includi… (§ 2.2 (WIR3250), § 3.15.2, App B.2 Row "Site Access/URL Substitutions", DISA Wireless STIG Motorola Good Mobile Wireless Email System Security Checklist, Version 5 Release 2.3)
Authorizations to information contained in an object must be revoked before initial assignment, allocation, or reallocation to a subject from the pool of unused objects. (ECRC-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
Information, including encrypted representations, that is produced by a prior subject's actions must not be available to any subject that gains access to an object that was released back to the system. (ECRC-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
Use of internal tools to detect, identify, and prevent misuse by entity personnel. (App A Objective 13:3h Bullet 4, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
The system boot settings or initialization files must be password-protected. (Exhibit 8 Control 13, IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information)
Build, install, configure, and test dedicated cyber defense hardware. (T0335, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
The organization should prevent the gradual release of unauthorized information over the managed interfaces. (SG.SC-7 Additional Considerations A2, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
The smart grid Information System should fail securely when the boundary protection device has an operational failure. (SG.SC-7 Additional Considerations A6, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
The smart grid Information System should prevent users from bypassing the host-based intrusion detection and prevention capabilities. (SG.SI-4 Additional Considerations A6, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
Build, install, configure, and test dedicated cyber defense hardware. (T0335, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
Designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure. (1798.91.04 (a)(3), California Civil Code Division 3 Part 4 Title 1.81.26 Security of Connected Devices)