STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← CM-5 (1) — Access Restrictions for Change

CCI-001814

Definition

The Information system supports auditing of the enforcement actions.

Parent Control

CM-5 (1)Access Restrictions for ChangeConfiguration Management

Linked STIG Checks (81)

V-222997CAT IIAccessLogValve must be configured for Catalina engine.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252472CAT IIThe macOS system must audit the enforcement actions used to restrict access associated with changes to the system.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257178CAT IIThe macOS system must audit the enforcement actions used to restrict access associated with changes to the system.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-222512CAT IIThe application must audit who makes configuration changes to the application.Application Security and Development Security Technical Implementation Guide V-237323CAT IThe ArcGIS Server must provide audit record generation capability for DoD-defined auditable events within all application components.ArcGIS for Server 10.3 Security Technical Implementation Guide V-219225CAT IIThe Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-260590CAT IIUbuntu 22.04 LTS must have the "auditd" package installed.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260591CAT IIUbuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-261925CAT IIPostgreSQL must produce audit records of its enforcement of access restrictions associated with changes to the configuration of PostgreSQL or database(s).Crunchy Data Postgres 16 Security Technical Implementation Guide V-255572CAT IIThe DBN-6300 must audit the enforcement actions used to restrict access associated with changes to the device.DBN-6300 NDM Security Technical Implementation Guide V-235778CAT IIThe audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235779CAT IIThe host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235831CAT IIAn appropriate Docker Engine - Enterprise log driver plugin must be configured to collect audit events from Universal Control Plane (UCP) and Docker Trusted Registry (DTR).Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-224136CAT IIThe EDB Postgres Advanced Server must generate audit records for DoD-defined auditable events.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213627CAT IIThe EDB Postgres Advanced Server must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the EDB Postgres Advanced Server or database(s).EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-217416CAT IIThe BIG-IP appliance must be configured to audit the enforcement actions used to restrict access associated with changes to the device.F5 BIG-IP Device Management Security Technical Implementation Guide V-266068CAT IIThe F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-230948CAT IIIForescout must audit the enforcement actions used to restrict access associated with changes to the device.Forescout Network Device Management Security Technical Implementation Guide V-266908CAT IIAOS must automatically audit account creation.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-215291CAT IIAIX must disable Kerberos Authentication in ssh config file to enforce access restrictions.IBM AIX 7.x Security Technical Implementation Guide V-215314CAT IIAIX must be configured to use syslogd to log events by TCPD.IBM AIX 7.x Security Technical Implementation Guide V-215334CAT IAIX must disable trivial file transfer protocol.IBM AIX 7.x Security Technical Implementation Guide V-213725CAT IIDB2 must produce audit records of its enforcement of access restrictions associated with changes to the configuration of DB2 or database(s).IBM DB2 V10.5 LUW Security Technical Implementation Guide V-65161CAT IIThe DataPower Gateway must audit the enforcement actions used to restrict access associated with changes to the device.IBM DataPower Network Device Management Security Technical Implementation Guide V-255823CAT IIThe WebSphere Application Server audit event type filters must be configured.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-213543CAT IIProduction JBoss servers must log when failed application deployments occur.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-213544CAT IIProduction JBoss servers must log when successful application deployments occur.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-213874CAT IISQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s).MS SQL Server 2014 Instance Security Technical Implementation Guide V-213989CAT IISQL Server must produce audit records when attempts to modify SQL Server configuration and privileges occur within the database(s).MS SQL Server 2016 Instance Security Technical Implementation Guide V-253733CAT IIMariaDB must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s).MariaDB Enterprise 10.x Security Technical Implementation Guide V-220383CAT IIMarkLogic Server must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s).MarkLogic Server v9 Security Technical Implementation Guide V-255345CAT IIAzure SQL Database must produce audit records of its enforcement of access restrictions associated with changes to the configuration of Azure SQL Database(s).Microsoft Azure SQL Database Security Technical Implementation Guide V-276310CAT IIAzure SQL Managed Instance must produce audit records of its enforcement of access restrictions associated with changes to the configuration of Azure SQL Managed Instance or database(s).Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-228402CAT IIExchange software must be monitored for unauthorized changes.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-259634CAT IIThe Exchange local machine policy must require signed scripts.Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide V-259701CAT IIExchange software must be monitored for unauthorized changes.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-220753CAT IIThe system must be configured to audit Detailed Tracking - PNP Activity successes.Microsoft Windows 10 Security Technical Implementation Guide V-220754CAT IIThe system must be configured to audit Detailed Tracking - Process Creation successes.Microsoft Windows 10 Security Technical Implementation Guide V-253311CAT IIThe system must be configured to audit Detailed Tracking - PNP Activity successes.Microsoft Windows 11 Security Technical Implementation Guide V-253312CAT IIThe system must be configured to audit Detailed Tracking - Process Creation successes.Microsoft Windows 11 Security Technical Implementation Guide V-221160CAT IIMongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252134CAT IIMongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265907CAT IIMongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-221764CAT IIThe Oracle Linux operating system must be configured so that auditing is configured to produce records containing information to establish what type of events occurred, where the events occurred, the source of the events, and the outcome of the events. These audit records must also identify individual identities of group account users.Oracle Linux 7 Security Technical Implementation Guide V-248519CAT IIThe OL 8 audit package must be installed.Oracle Linux 8 Security Technical Implementation Guide V-248520CAT IIOL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.Oracle Linux 8 Security Technical Implementation Guide V-235170CAT IIThe MySQL Database Server 8.0 must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the MySQL Database Server 8.0 or database(s).Oracle MySQL 8.0 Security Technical Implementation Guide V-214082CAT IIPostgreSQL must produce audit records of its enforcement of access restrictions associated with changes to the configuration of PostgreSQL or database(s).PostgreSQL 9.x Security Technical Implementation Guide V-252843CAT IRancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-204479CAT IIThe Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204488CAT IIThe Red Hat Enterprise Linux operating system must set the umask value to 077 for all local interactive user accounts.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204501CAT IIThe Red Hat Enterprise Linux operating system must not allow removable media to be used as the boot loader unless approved.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204575CAT IIThe Red Hat Enterprise Linux operating system must be configured so that the rsyslog daemon does not accept log messages from other servers unless the server is being used for log aggregation.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204598CAT IIThe Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Generic Security Service Application Program Interface (GSSAPI) authentication unless needed.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204599CAT IIThe Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Kerberos authentication unless needed.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204621CAT IThe Red Hat Enterprise Linux operating system must not have the Trivial File Transfer Protocol (TFTP) server package installed if not required for operational support.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-258151CAT IIRHEL 9 audit package must be installed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258152CAT IIRHEL 9 audit service must be enabled.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257560CAT IIOpenShift must enforce access restrictions and support auditing of the enforcement actions.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-275452CAT IThe Riverbed NetIM must enable and configure user audit logging.Riverbed NetIM NDM Security Technical Implementation Guide V-275677CAT IIUbuntu OS must have the "auditd" package installed.Riverbed NetIM OS Security Technical Implementation Guide V-275678CAT IIUbuntu OS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.Riverbed NetIM OS Security Technical Implementation Guide V-261410CAT IISLEM 5 must have the auditing package installed.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261462CAT IISLEM 5 must generate audit records for all uses of privileged functions.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217190CAT IIThe SUSE operating system must have the auditing package installed.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217209CAT IIIThe SUSE operating system must generate audit records for all uses of the privileged functions.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-241012CAT IIThe access to the Tanium SQL database must be restricted. Only the designated database administrator(s) can have elevated privileges to the Tanium SQL database.Tanium 7.0 Security Technical Implementation Guide V-241013CAT IIThe Tanium Server installers account SQL database permissions must be reduced from sysadmin to db_owner.Tanium 7.0 Security Technical Implementation Guide V-234073CAT IIThe access to the Tanium SQL database must be restricted. Only the designated database administrator(s) can have elevated privileges to the Tanium SQL database.Tanium 7.3 Security Technical Implementation Guide V-234074CAT IIThe Tanium Server installers account database permissions must be reduced to an appropriate level.Tanium 7.3 Security Technical Implementation Guide V-253834CAT IIThe access to the Tanium SQL database must be restricted. Only the designated database administrator(s) can have elevated privileges to the Tanium SQL database.Tanium 7.x Security Technical Implementation Guide V-253835CAT IIThe Tanium Server installer's account database permissions must be reduced to an appropriate level.Tanium 7.x Security Technical Implementation Guide V-241165CAT IITrend Deep Security must audit the enforcement actions used to restrict access associated with changes to the application.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242259CAT IThe TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).Trend Micro TippingPoint NDM Security Technical Implementation Guide V-252973CAT IITOSS audit records must contain information to establish what type of events occurred, when the events occurred, the source of events, where events occurred, and the outcome of events.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-240511CAT IIThe SLES for vRealize must audit the enforcement actions used to restrict access associated with changes to the system.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-239606CAT IIThe SLES for vRealize must audit the enforcement actions used to restrict access associated with changes to the system.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256490CAT IIThe Photon operating system must have the auditd service running.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256607CAT IIVMware Postgres must have log collection enabled.VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide V-258808CAT IIThe Photon operating system must enable the auditd service.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-259181CAT IIThe vCenter PostgreSQL service must have log collection enabled.VMware vSphere 8.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide