STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← CM-7 (9) — Least Functionality

CCI-003959

Definition

Prohibit the use or connection of unauthorized hardware components.

Parent Control

CM-7 (9)Least FunctionalityConfiguration Management

Linked STIG Checks (21)

V-268139CAT IINixOS must enable USBguard.Anduril NixOS Security Technical Implementation Guide V-268567CAT IIThe macOS system must authorize USB devices before allowing connection.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277177CAT IIThe macOS system must authorize USB devices before allowing connection.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-260540CAT IIUbuntu 22.04 LTS must disable automatic mounting of Universal Serial Bus (USB) mass storage driver.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270718CAT IIUbuntu 24.04 LTS must disable automatic mounting of Universal Serial Bus (USB) mass storage driver.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-269357CAT IIAlmaLinux OS 9 must be configured to disable USB mass storage.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-263651CAT IIThe operating system must prohibit the use or connection of unauthorized hardware components.General Purpose Operating System Security Requirements Guide V-277983CAT IIWindows Server 2025 must prohibit the use or connection of unauthorized hardware components.Microsoft Windows Server 2025 Security Technical Implementation Guide V-248837CAT IIOL 8 must be configured to disable the ability to use USB mass storage devices.Oracle Linux 8 Security Technical Implementation Guide V-248862CAT IIOL 8 must have the USBGuard installed.Oracle Linux 8 Security Technical Implementation Guide V-248864CAT IIOL 8 must enable the USBGuard.Oracle Linux 8 Security Technical Implementation Guide V-280963CAT IIRHEL 10 must have the USBGuard package enabled.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-258034CAT IIRHEL 9 must be configured to disable USB mass storage.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258035CAT IIRHEL 9 must have the USBGuard package installed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258036CAT IIRHEL 9 must have the USBGuard package enabled.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-275631CAT IIUbuntu OS must disable automatic mounting of Universal Serial Bus (USB) mass storage driver.Riverbed NetIM OS Security Technical Implementation Guide V-253082CAT IITOSS must be configured to disable USB mass storage.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282501CAT IITOSS 5 must be configured to disable USB mass storage.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282593CAT IITOSS 5 must have the USBGuard package installed.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282594CAT IITOSS 5 must have the USBGuard package enabled.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-264316CAT IIThe VMM must prohibit the use or connection of unauthorized hardware components.Virtual Machine Manager Security Requirements Guide