SRG-OS-000134-GPOS-00068 Controls

STIG ID Version Title Product
RHEL-08-010170 V1R3 RHEL 8 must use a Linux Security Module configured to enforce limits on system services.
RHEL-08-010171 V1R3 RHEL 8 must have policycoreutils package installed.
RHEL-08-010421 V1R3 RHEL 8 must clear the page allocator to prevent use-after-free attacks.
RHEL-08-010422 V1R3 RHEL 8 must disable virtual syscalls.
RHEL-08-010423 V1R3 RHEL 8 must clear SLUB/SLAB objects to prevent use-after-free attacks.
UBTU-20-010012 V1R12 The Ubuntu operating system must ensure only users who need access to security functions are part of sudo group.
WN11-CC-000037 V2R2 Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems.
WN11-CC-000200 V2R2 Administrator accounts must not be enumerated during elevation.
WN11-SO-000250 V2R2 User Account Control must prompt administrators for consent on the secure desktop.
WN11-SO-000260 V2R2 User Account Control must be configured to detect application installations and prompt for elevation.
WN11-SO-000265 V2R2 User Account Control must only elevate UIAccess applications that are installed in secure locations.
WN11-SO-000275 V2R2 User Account Control must virtualize file and registry write failures to per-user locations.
WN10-CC-000037 V3R2 Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems.
WN10-CC-000200 V3R2 Administrator accounts must not be enumerated during elevation.
WN10-SO-000250 V3R2 User Account Control must, at minimum, prompt administrators for consent on the secure desktop.
WN10-SO-000260 V3R2 User Account Control must be configured to detect application installations and prompt for elevation.
WN10-SO-000265 V3R2 User Account Control must only elevate UIAccess applications that are installed in secure locations.
WN10-SO-000275 V3R2 User Account Control must virtualize file and registry write failures to per-user locations.
WN19-CC-000240 V3R2 Windows Server 2019 administrator accounts must not be enumerated during elevation.
WN19-MS-000020 V3R2 Windows Server 2019 local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain-joined member servers.
WN19-SO-000390 V3R2 Windows Server 2019 UIAccess applications must not be allowed to prompt for elevation without using the secure desktop.
WN19-SO-000400 V3R2 Windows Server 2019 User Account Control must, at a minimum, prompt administrators for consent on the secure desktop.
WN19-SO-000420 V3R2 Windows Server 2019 User Account Control must be configured to detect application installations and prompt for elevation.
WN19-SO-000430 V3R2 Windows Server 2019 User Account Control (UAC) must only elevate UIAccess applications that are installed in secure locations.
WN19-SO-000450 V3R2 Windows Server 2019 User Account Control (UAC) must virtualize file and registry write failures to per-user locations.
UBTU-22-432015 V2R2 Ubuntu 22.04 LTS must ensure only users who need access to security functions are part of sudo group.
WN16-CC-000280 V2R7 Administrator accounts must not be enumerated during elevation.
WN16-MS-000020 V2R7 Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems.
WN16-SO-000470 V2R7 UIAccess applications must not be allowed to prompt for elevation without using the secure desktop.
WN16-SO-000480 V2R7 User Account Control must, at a minimum, prompt administrators for consent on the secure desktop.
WN16-SO-000500 V2R7 User Account Control must be configured to detect application installations and prompt for elevation.
WN16-SO-000510 V2R7 User Account Control must only elevate UIAccess applications that are installed in secure locations.
WN16-SO-000530 V2R7 User Account Control must virtualize file and registry write failures to per-user locations.
WN22-CC-000240 V1R4 Windows Server 2022 administrator accounts must not be enumerated during elevation.
WN22-MS-000020 V1R4 Windows Server 2022 local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain-joined member servers.
WN22-SO-000390 V1R4 Windows Server 2022 UIAccess applications must not be allowed to prompt for elevation without using the secure desktop.
WN22-SO-000400 V1R4 Windows Server 2022 User Account Control (UAC) must, at a minimum, prompt administrators for consent on the secure desktop.
WN22-SO-000420 V1R4 Windows Server 2022 User Account Control (UAC) must be configured to detect application installations and prompt for elevation.
WN22-SO-000430 V1R4 Windows Server 2022 User Account Control (UAC) must only elevate UIAccess applications that are installed in secure locations.
WN22-SO-000450 V1R4 Windows Server 2022 User Account Control (UAC) must virtualize file and registry write failures to per-user locations.
OL08-00-010170 V1R3 OL 8 must use a Linux Security Module configured to enforce limits on system services.
OL08-00-010171 V1R3 OL 8 must have the "policycoreutils" package installed.
OL08-00-010421 V1R3 OL 8 must clear the page allocator to prevent use-after-free attacks.
OL08-00-010422 V1R3 OL 8 must disable virtual syscalls.
OL08-00-010423 V1R3 OL 8 must clear SLUB/SLAB objects to prevent use-after-free attacks.
UBTU-18-010037 V2R11 The Ubuntu operating system must be configured so that only users who need access to security functions are part of the sudo group.