STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 5 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← CM-3 — Configuration Change Control

CCI-000318

Definition

Monitor and review activities associated with configuration-controlled changes to the system.

Parent Control

CM-3Configuration Change ControlConfiguration Management

Linked STIG Checks (13)

V-204479CAT IIThe Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204488CAT IIThe Red Hat Enterprise Linux operating system must set the umask value to 077 for all local interactive user accounts.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204501CAT IIThe Red Hat Enterprise Linux operating system must not allow removable media to be used as the boot loader unless approved.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204575CAT IIThe Red Hat Enterprise Linux operating system must be configured so that the rsyslog daemon does not accept log messages from other servers unless the server is being used for log aggregation.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204598CAT IIThe Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Generic Security Service Application Program Interface (GSSAPI) authentication unless needed.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204599CAT IIThe Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Kerberos authentication unless needed.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204621CAT IThe Red Hat Enterprise Linux operating system must not have the Trivial File Transfer Protocol (TFTP) server package installed if not required for operational support.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-803CAT IIThe system must be checked weekly for unauthorized setuid files as well as unauthorized modification to authorized setuid files.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-804CAT IIThe system must be checked weekly for unauthorized setgid files as well as unauthorized modification to authorized setgid files.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-923CAT IIIThe system must be checked for extraneous device files at least weekly.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-230186CAT IIAn active log is not available to keep track of all hardware upgrades and software changes made to the FEP (Front End Processor).z/OS Front End Processor for ACF2 Security Technical Implementation Guide V-224486CAT IIAn active log is not available to keep track of all hardware upgrades and software changes made to the FEP (Front End Processor).z/OS Front End Processor for RACF Security Technical Implementation Guide V-224723CAT IIAn active log is not available to keep track of all hardware upgrades and software changes made to the FEP (Front End Processor).zOS Front End Processor for TSS Security Technical Implementation Guide