SRG-OS-000134-GPOS-00068 Controls

STIG IDVersionTitleProduct
ALMA-09-041930V1R2AlmaLinux OS 9 must use a Linux Security Module configured to enforce limits on system services.
ALMA-09-042040V1R2AlmaLinux OS 9 must have the policycoreutils package installed.
OL08-00-010170V2R4OL 8 must use a Linux Security Module configured to enforce limits on system services.
OL08-00-010171V2R4OL 8 must have the "policycoreutils" package installed.
OL08-00-010421V2R4OL 8 must clear the page allocator to prevent use-after-free attacks.
OL08-00-010422V2R4OL 8 must disable virtual syscalls.
OL08-00-010423V2R4OL 8 must clear memory when it is freed to prevent use-after-free attacks.
OL09-00-000200V1R1OL 9 must have policycoreutils package installed.
OL09-00-002393V1R1OL 9 must disable virtual system calls.
OL09-00-002394V1R1OL 9 must clear the page allocator to prevent use-after-free attacks.
RHEL-08-010170V2R3RHEL 8 must use a Linux Security Module configured to enforce limits on system services.
RHEL-08-010171V2R3RHEL 8 must have policycoreutils package installed.
RHEL-08-010421V2R3RHEL 8 must clear the page allocator to prevent use-after-free attacks.
RHEL-08-010422V2R3RHEL 8 must disable virtual syscalls.
RHEL-08-010423V2R3RHEL 8 must clear memory when it is freed to prevent use-after-free attacks.
UBTU-18-010037V2R15The Ubuntu operating system must be configured so that only users who need access to security functions are part of the sudo group.
UBTU-20-010012V2R1The Ubuntu operating system must ensure only users who need access to security functions are part of sudo group.
UBTU-22-432015V2R4Ubuntu 22.04 LTS must ensure only users who need access to security functions are part of sudo group.
UBTU-24-600130V1R1Ubuntu 24.04 LTS must ensure only users who need access to security functions are part of sudo group.
WN10-CC-000037V3R4Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems.
WN10-CC-000200V3R4Administrator accounts must not be enumerated during elevation.
WN10-SO-000250V3R4User Account Control must, at minimum, prompt administrators for consent on the secure desktop.
WN10-SO-000260V3R4User Account Control must be configured to detect application installations and prompt for elevation.
WN10-SO-000265V3R4User Account Control must only elevate UIAccess applications that are installed in secure locations.
WN10-SO-000275V3R4User Account Control must virtualize file and registry write failures to per-user locations.
WN11-CC-000037V2R3Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems.
WN11-CC-000200V2R3Administrator accounts must not be enumerated during elevation.
WN11-SO-000250V2R3User Account Control must prompt administrators for consent on the secure desktop.
WN11-SO-000260V2R3User Account Control must be configured to detect application installations and prompt for elevation.
WN11-SO-000265V2R3User Account Control must only elevate UIAccess applications that are installed in secure locations.
WN11-SO-000275V2R3User Account Control must virtualize file and registry write failures to per-user locations.
WN16-CC-000280V2R9Administrator accounts must not be enumerated during elevation.
WN16-MS-000020V2R9Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems.
WN16-SO-000470V2R9UIAccess applications must not be allowed to prompt for elevation without using the secure desktop.
WN16-SO-000480V2R9User Account Control must, at a minimum, prompt administrators for consent on the secure desktop.
WN16-SO-000500V2R9User Account Control must be configured to detect application installations and prompt for elevation.
WN16-SO-000510V2R9User Account Control must only elevate UIAccess applications that are installed in secure locations.
WN16-SO-000530V2R9User Account Control must virtualize file and registry write failures to per-user locations.
WN19-CC-000240V3R4Windows Server 2019 administrator accounts must not be enumerated during elevation.
WN19-MS-000020V3R4Windows Server 2019 local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain-joined member servers.
WN19-SO-000390V3R4Windows Server 2019 UIAccess applications must not be allowed to prompt for elevation without using the secure desktop.
WN19-SO-000400V3R4Windows Server 2019 User Account Control must, at a minimum, prompt administrators for consent on the secure desktop.
WN19-SO-000420V3R4Windows Server 2019 User Account Control must be configured to detect application installations and prompt for elevation.
WN19-SO-000430V3R4Windows Server 2019 User Account Control (UAC) must only elevate UIAccess applications that are installed in secure locations.
WN19-SO-000450V3R4Windows Server 2019 User Account Control (UAC) must virtualize file and registry write failures to per-user locations.
WN22-CC-000240V2R4Windows Server 2022 administrator accounts must not be enumerated during elevation.
WN22-MS-000020V2R4Windows Server 2022 local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain-joined member servers.
WN22-SO-000390V2R4Windows Server 2022 UIAccess applications must not be allowed to prompt for elevation without using the secure desktop.
WN22-SO-000400V2R4Windows Server 2022 User Account Control (UAC) must, at a minimum, prompt administrators for consent on the secure desktop.
WN22-SO-000420V2R4Windows Server 2022 User Account Control (UAC) must be configured to detect application installations and prompt for elevation.
WN22-SO-000430V2R4Windows Server 2022 User Account Control (UAC) must only elevate UIAccess applications that are installed in secure locations.
WN22-SO-000450V2R4Windows Server 2022 User Account Control (UAC) must virtualize file and registry write failures to per-user locations.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.