STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← MA-3 (5) — Maintenance Tools

CCI-004188

Definition

Monitor the use of maintenance tools that execute with increased privilege.

Parent Control

MA-3 (5)Maintenance ToolsMaintenance

Linked STIG Checks (23)

V-274018CAT IIAmazon Linux 2023 must produce audit records containing information to establish what type of events occurred.Amazon Linux 2023 Security Technical Implementation GuideV-268091CAT IINixOS must generate audit records for all usage of privileged commands.Anduril NixOS Security Technical Implementation GuideV-268454CAT IIThe macOS system must enable security auditing.Apple macOS 15 (Sequoia) Security Technical Implementation GuideV-277062CAT IIThe macOS system must enable security auditing.Apple macOS 26 (Tahoe) Security Technical Implementation GuideV-260649CAT IIUbuntu 22.04 LTS must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions and other system-level access.Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-270689CAT IIUbuntu 24.04 LTS must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-269129CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Cloud Linux AlmaLinux OS 9 Security Technical Implementation GuideV-263658CAT IIThe operating system must monitor the use of maintenance tools that execute with increased privilege.General Purpose Operating System Security Requirements GuideV-278070CAT IIWindows Server 2025 must be configured to audit Privilege Use - Sensitive Privilege Use successes.Microsoft Windows Server 2025 Security Technical Implementation GuideV-278071CAT IIWindows Server 2025 must be configured to audit Privilege Use - Sensitive Privilege Use failures.Microsoft Windows Server 2025 Security Technical Implementation GuideV-248520CAT IIOL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.Oracle Linux 8 Security Technical Implementation GuideV-271570CAT IIOL 9 must audit uses of the execve system call.Oracle Linux 9 Security Technical Implementation GuideV-281116CAT IIRHEL 10 must generate audit records for successful and unsuccessful uses of the "execve" system call.Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-281140CAT IIRHEL 10 must generate audit records for successful and unsuccessful uses of the "su" command.Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-281141CAT IIRHEL 10 must generate audit records for successful and unsuccessful uses of the "sudo" command.Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-281142CAT IIRHEL 10 must generate audit records for successful and unsuccessful uses of the "sudoedit" command.Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-258152CAT IIRHEL 9 audit service must be enabled.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-275733CAT IIUbuntu OS must prevent all software from executing at higher privilege levels than users executing the software, and the audit system must be configured to audit the execution of privileged functions.Riverbed NetIM OS Security Technical Implementation GuideV-275734CAT IIUbuntu OS must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions, and other system-level access.Riverbed NetIM OS Security Technical Implementation GuideV-216246CAT IIThe audit system must produce records containing sufficient information to establish the identity of any user/subject associated with the event.Solaris 11 SPARC Security Technical Implementation GuideV-216011CAT IIThe audit system must produce records containing sufficient information to establish the identity of any user/subject associated with the event.Solaris 11 X86 Security Technical Implementation GuideV-253052CAT IIThe TOSS audit system must audit local events.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation GuideV-264323CAT IIThe VMM must monitor the use of maintenance tools that execute with increased privilege.Virtual Machine Manager Security Requirements Guide