U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

  1. Checklist Repository

Enterprise System Management (ESM) Checklist Version 1, Release 1.3 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
Apple Mac OS X 10.3 cpe:/o:apple:mac_os_x:10.3 (View CVEs)
Apple Mac OS X 10.5 cpe:/o:apple:mac_os_x:10.5 (View CVEs)
Apple Mac OS X 10.6 cpe:/o:apple:mac_os_x:10.6.0 (View CVEs)
Apple Mac OS X 10.6.0 cpe:/o:apple:mac_os_x:10.6.0 (View CVEs)
Apple Mac OS X 10.6.1 cpe:/o:apple:mac_os_x:10.6.1 (View CVEs)
Apple Mac OS X 10.6.2 cpe:/o:apple:mac_os_x:10.6.2 (View CVEs)
Apple Mac OS X 10.6.3 cpe:/o:apple:mac_os_x:10.6.3 (View CVEs)
Apple Mac OS X 10.6.4 cpe:/o:apple:mac_os_x:10.6.4 (View CVEs)
Apple Mac OS X 10.6.5 cpe:/o:apple:mac_os_x:10.6.5 (View CVEs)
Apple Mac OS X 10.6.6 cpe:/o:apple:mac_os_x:10.6.6 (View CVEs)
Apple Mac OS X 10.6.7 cpe:/o:apple:mac_os_x:10.6.7 (View CVEs)
Apple Mac OS X 10.6.8 cpe:/o:apple:mac_os_x:10.6.8 (View CVEs)
FreeBSD cpe:/o:freebsd:freebsd (View CVEs)
FreeBSD 4.10 cpe:/o:freebsd:freebsd:4.10 (View CVEs)
FreeBSD 4.8 cpe:/o:freebsd:freebsd:4.8 (View CVEs)
Microsoft Windows 2000 cpe:/o:microsoft:windows_2000 (View CVEs)
Microsoft Windows 2000 Professional cpe:/o:microsoft:windows_2000:::professional (View CVEs)
Microsoft Windows 7 cpe:/o:microsoft:windows_7 (View CVEs)
Microsoft Windows 7 32-bit cpe:/o:microsoft:windows_7:-:-:x32 (View CVEs)
Microsoft Windows 7 32-bit (X86) cpe:/o:microsoft:windows_7:-:-:x86 (View CVEs)
Microsoft Windows 7 64-bit cpe:/o:microsoft:windows_7:-:-:x64 (View CVEs)
Microsoft Windows 7 64-bit (X64) cpe:/o:microsoft:windows_7:-:-:x64 (View CVEs)
Microsoft Windows 7 x64 (64-bit) cpe:/o:microsoft:windows_7:-:-:x64 (View CVEs)
Microsoft Windows 7 x86 (32-bit) cpe:/o:microsoft:windows_7:-:-:x86 (View CVEs)
Microsoft Windows 8 cpe:/o:microsoft:windows_8:- (View CVEs)
Microsoft Windows 8 x64 (64-bit) cpe:/o:microsoft:windows_8:-:-:x64 (View CVEs)
Microsoft Windows 8 x86 (32-bit) cpe:/o:microsoft:windows_8:-:-:x86 (View CVEs)
Microsoft Windows NT cpe:/o:microsoft:windows_nt (View CVEs)
Microsoft Windows NT 4.0 cpe:/o:microsoft:windows_nt:4.0 (View CVEs)
Microsoft Windows Server 2000 cpe:/o:microsoft:windows_2000:-:-:server (View CVEs)
Microsoft Windows Server 2003 cpe:/o:microsoft:windows_2003_server:- (View CVEs)
Microsoft Windows Server 2003 Service Pack 1 cpe:/o:microsoft:windows_2003_server::sp1 (View CVEs)
Microsoft Windows Server 2003 Service Pack 2 cpe:/o:microsoft:windows_2003_server::sp2 (View CVEs)
Microsoft Windows Server 2003 Service Pack 3 cpe:/o:microsoft:windows_2003_server::sp3 (View CVEs)
Microsoft Windows Server 2008 cpe:/o:microsoft:windows_server_2008:- (View CVEs)
Microsoft Windows Server 2008 R2 cpe:/o:microsoft:windows_server_2008:r2 (View CVEs)
Microsoft Windows Server 2008 R2 Service Pack 1 cpe:/o:microsoft:windows_server_2008:r2:sp1 (View CVEs)
Microsoft Windows Server 2008 Service Pack 2 cpe:/o:microsoft:windows_server_2008:-:sp2 (View CVEs)
Microsoft Windows Server 2008 for 32-bit Systems cpe:/o:microsoft:windows_server_2008:-::x32 (View CVEs)
Microsoft Windows Server 2008 for 64-bit systems cpe:/o:microsoft:windows_server_2008:::x64 (View CVEs)
Microsoft Windows Server 2008 r2 Itanium cpe:/o:microsoft:windows_server_2008:r2::itanium (View CVEs)
Microsoft Windows Server 2008 r2 Service Pack 1 Itanium cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium (View CVEs)
Microsoft Windows Server 2008 r2 x64 cpe:/o:microsoft:windows_server_2008:r2::x64 (View CVEs)
Microsoft Windows Server 2008 r2 x64 Service Pack 1 cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 (View CVEs)
Microsoft Windows Vista cpe:/o:microsoft:windows_vista (View CVEs)
Microsoft Windows Vista Business cpe:/o:microsoft:windows_vista:::business (View CVEs)
Microsoft Windows Vista Enterprise Edition cpe:/o:microsoft:windows_vista:::enterprise (View CVEs)
Microsoft Windows Vista Firewall cpe:/a:microsoft:windows_firewall (View CVEs)
Microsoft Windows Vista Service Pack 2 cpe:/o:microsoft:windows_vista::sp2 (View CVEs)
Microsoft Windows XP cpe:/o:microsoft:windows_xp (View CVEs)
Microsoft Windows XP Pro SP2 cpe:/o:microsoft:windows_xp::sp2:professional (View CVEs)
Microsoft Windows XP Pro SP3 cpe:/o:microsoft:windows-nt:xp:sp3:pro (View CVEs)
Microsoft Windows XP Pro Service Pack 2 cpe:/o:microsoft:windows_xp::sp2:professional (View CVEs)
Microsoft Windows XP Pro Service Pack 3 cpe:/o:microsoft:windows_xp:-:sp3:professional (View CVEs)
Microsoft Windows XP Professional cpe:/o:microsoft:windows_xp:::professional (View CVEs)
Microsoft Windows XP SP2 cpe:/o:microsoft:windows_xp::sp2 (View CVEs)
Microsoft Windows XP Service Pack 3 cpe:/o:microsoft:windows_xp::sp3 (View CVEs)
Oracle Solaris 10 x86 cpe:/o:oracle:solaris:10::x86 (View CVEs)
Red Hat Enterprise Linux 4.0 cpe:/o:redhat:enterprise_linux:4.0 (View CVEs)
Red Hat Enterprise Linux 5 cpe:/o:redhat:enterprise_linux:5 (View CVEs)
Red Hat Enterprise Linux 5.1 cpe:/o:redhat:enterprise_linux:5.1 (View CVEs)
Red Hat Enterprise Linux 6 cpe:/o:redhat:enterprise_linux:6 (View CVEs)
Red Hat Linux cpe:/o:redhat:linux:- (View CVEs)
Red Hat Linux 6.2 cpe:/o:redhat:linux:6.2 (View CVEs)
Sun Solaris cpe:/o:sun:solaris (View CVEs)
Sun Solaris 10 SPARC cpe:/o:sun:sunos:5.10:-:sparc (View CVEs)
Sun Solaris 2.5.1 cpe:/o:sun:solaris:2.5.1 (View CVEs)
Sun Solaris 5.10 cpe:/o:sun:sunos:5.10 (View CVEs)
Sun Solaris 9 cpe:/o:sun:sunos:5.9 (View CVEs)

Checklist Highlights

Checklist Name:
Enterprise System Management (ESM) Checklist
Checklist ID:
449
Version:
Version 1, Release 1.3
Type:
Compliance
Review Status:
Archived
Authority:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
04/10/2007

Checklist Summary:

This document contains procedures that enable qualified personnel to conduct an Enterprise System Management (ESM) Security Readiness Review (SRR). The ESM SRR assesses compliance, in part, with DISA's Recommended Standard Application Security Requirements(Version 1.1 dated May 2006). In order to streamline the SRR process, this Checklist does not cover all of the requirements in that document.DISA Field Security Operations (FSO) conducts ESM SRRs to provide a minimum level of assurance to DISA, Joint Commands, and other Department of Defense (DOD) organizations that their ESM applications are reasonably secure against attacks that would threaten their mission. The complexity of most mission critical ESM applications precludes a comprehensive security review of all possible security functions and vulnerabilities in the time frame allotted for an ESM System SRR. Nonetheless, the SRR helps organizations address the most common ESM vulnerabilities and identify information assurance (IA) issues that pose an unacceptable risk to operations.

Checklist Role:

  • Desktop Operating System
  • Operating System
  • Desktop and Server Operating System
  • Client Operating System

Known Issues:

Not provided.

Target Audience:

This document contains procedures that enable qualified personnel to conduct an Enterprise System Management (ESM) Security Readiness Review (SRR).

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

Department of Defense (DoD) Instruction 8500.2

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

Not provided.

Sponsor:

Not provided.

Licensing:

Not provided.

Change History: 

Version 1, Release 1.3 - 10 April 2007
Corrected Title - 05/26/2017
moved to archive status - 4/15/19

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 04/15/2019