SRG-OS-000134-GPOS-00068 Controls

STIG IDVersionTitleProduct
ALMA-09-041930V1R1AlmaLinux OS 9 must use a Linux Security Module configured to enforce limits on system services.
ALMA-09-042040V1R1AlmaLinux OS 9 must have the policycoreutils package installed.
UBTU-18-010037V2R15The Ubuntu operating system must be configured so that only users who need access to security functions are part of the sudo group.
UBTU-20-010012V1R9The Ubuntu operating system must ensure only users who need access to security functions are part of sudo group.
UBTU-24-600130V1R1Ubuntu 24.04 LTS must ensure only users who need access to security functions are part of sudo group.
WN22-CC-000240V2R1Windows Server 2022 administrator accounts must not be enumerated during elevation.
WN22-MS-000020V2R1Windows Server 2022 local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain-joined member servers.
WN22-SO-000390V2R1Windows Server 2022 UIAccess applications must not be allowed to prompt for elevation without using the secure desktop.
WN22-SO-000400V2R1Windows Server 2022 User Account Control (UAC) must, at a minimum, prompt administrators for consent on the secure desktop.
WN22-SO-000420V2R1Windows Server 2022 User Account Control (UAC) must be configured to detect application installations and prompt for elevation.
WN22-SO-000430V2R1Windows Server 2022 User Account Control (UAC) must only elevate UIAccess applications that are installed in secure locations.
WN22-SO-000450V2R1Windows Server 2022 User Account Control (UAC) must virtualize file and registry write failures to per-user locations.
WN10-CC-000037V2R8Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems.
WN10-CC-000200V2R8Administrator accounts must not be enumerated during elevation.
WN10-SO-000250V2R8User Account Control must, at minimum, prompt administrators for consent on the secure desktop.
WN10-SO-000260V2R8User Account Control must be configured to detect application installations and prompt for elevation.
WN10-SO-000265V2R8User Account Control must only elevate UIAccess applications that are installed in secure locations.
WN10-SO-000275V2R8User Account Control must virtualize file and registry write failures to per-user locations.
WN11-CC-000037V2R1Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems.
WN11-CC-000200V2R1Administrator accounts must not be enumerated during elevation.
WN11-SO-000250V2R1User Account Control must prompt administrators for consent on the secure desktop.
WN11-SO-000260V2R1User Account Control must be configured to detect application installations and prompt for elevation.
WN11-SO-000265V2R1User Account Control must only elevate UIAccess applications that are installed in secure locations.
WN11-SO-000275V2R1User Account Control must virtualize file and registry write failures to per-user locations.
UBTU-22-432015V2R1Ubuntu 22.04 LTS must ensure only users who need access to security functions are part of sudo group.
RHEL-08-010170V1R9RHEL 8 must use a Linux Security Module configured to enforce limits on system services.
RHEL-08-010171V1R9RHEL 8 must have policycoreutils package installed.
RHEL-08-010421V1R9RHEL 8 must clear the page allocator to prevent use-after-free attacks.
RHEL-08-010422V1R9RHEL 8 must disable virtual syscalls.
RHEL-08-010423V1R9RHEL 8 must clear SLUB/SLAB objects to prevent use-after-free attacks.
OL09-00-000200V1R1OL 9 must have policycoreutils package installed.
OL09-00-002393V1R1OL 9 must disable virtual system calls.
OL09-00-002394V1R1OL 9 must clear the page allocator to prevent use-after-free attacks.
WN16-CC-000280V2R10Administrator accounts must not be enumerated during elevation.
WN16-MS-000020V2R10Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems.
WN16-SO-000470V2R10UIAccess applications must not be allowed to prompt for elevation without using the secure desktop.
WN16-SO-000480V2R10User Account Control must, at a minimum, prompt administrators for consent on the secure desktop.
WN16-SO-000500V2R10User Account Control must be configured to detect application installations and prompt for elevation.
WN16-SO-000510V2R10User Account Control must only elevate UIAccess applications that are installed in secure locations.
WN16-SO-000530V2R10User Account Control must virtualize file and registry write failures to per-user locations.
WN19-CC-000240V2R8Windows Server 2019 administrator accounts must not be enumerated during elevation.
WN19-MS-000020V2R8Windows Server 2019 local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain-joined member servers.
WN19-SO-000390V2R8Windows Server 2019 UIAccess applications must not be allowed to prompt for elevation without using the secure desktop.
WN19-SO-000400V2R8Windows Server 2019 User Account Control must, at a minimum, prompt administrators for consent on the secure desktop.
WN19-SO-000420V2R8Windows Server 2019 User Account Control must be configured to detect application installations and prompt for elevation.
WN19-SO-000430V2R8Windows Server 2019 User Account Control (UAC) must only elevate UIAccess applications that are installed in secure locations.
WN19-SO-000450V2R8Windows Server 2019 User Account Control (UAC) must virtualize file and registry write failures to per-user locations.
OL08-00-010170V1R9OL 8 must use a Linux Security Module configured to enforce limits on system services.
OL08-00-010171V1R9OL 8 must have the "policycoreutils" package installed.
OL08-00-010421V1R9OL 8 must clear the page allocator to prevent use-after-free attacks.
OL08-00-010422V1R9OL 8 must disable virtual syscalls.
OL08-00-010423V1R9OL 8 must clear SLUB/SLAB objects to prevent use-after-free attacks.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.