Item Search

NameAudit NamePluginCategory
1.1 Remove extraneous files and directories - /conf/Catalina/localhost/host-manager.xmlCIS Apache Tomcat 8 L2 v1.1.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - /webapps/js-examplesCIS Apache Tomcat 8 L2 v1.1.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - CATALINA_CONF/conf/Catalina/localhost/manager.xmlCIS Apache Tomcat 8 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/examplesCIS Apache Tomcat 8 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

1.1.3.16.1 Configure 'System settings: Optional subsystems'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

1.1.7 Ensure that the --insecure-port argument is set to 0CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1Unix

CONFIGURATION MANAGEMENT

1.1.8 - MobileIron - Disable 'Bluetooth'MobileIron - CIS Google Android 4 v1.0.0 L2MDM

ACCESS CONTROL

1.1.17 - AirWatch - Disable 'Unknown sources'AirWatch - CIS Google Android 4 v1.0.0 L1MDM

ACCESS CONTROL

1.1.19 Ensure that the --authorization-mode argument is not set to AlwaysAllowCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

ACCESS CONTROL

1.2.1 - MobileIron - Disable JavaScript - 'Samsung SAFE'MobileIron - CIS Google Android 4 v1.0.0 L2MDM

ACCESS CONTROL

1.2.2 - AirWatch - Enable 'Show security warnings'AirWatch - CIS Google Android 4 v1.0.0 L1MDM

ACCESS CONTROL

1.2.2 Ensure that the --address argument is set to 127.0.0.1CIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

1.2.3 - MobileIron - Disable 'Form auto-fill' - 'Samsung SAFE'MobileIron - CIS Google Android 4 v1.0.0 L1MDM

CONFIGURATION MANAGEMENT

1.2.3.5 Set 'RPC Runtime Unauthenticated Client Restriction to Apply:' to 'Enabled:Authenticated'CIS Windows 8 L1 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

1.2.4 - AirWatch - Disable Auto Fill for Names and PasswordsAirWatch - CIS Apple iOS 9 v1.0.0 L2MDM

ACCESS CONTROL

1.2.9 - AirWatch - Turn On Do Not TrackAirWatch - CIS Apple iOS 8 v1.0.0 L2MDM

ACCESS CONTROL

1.2.9 - AirWatch - Turn On Do Not TrackAirWatch - CIS Apple iOS 9 v1.0.0 L2MDM

ACCESS CONTROL

1.3 Ensure 'directory browsing' is set to disabledCIS IIS 7 L1 v1.8.0Windows

CONFIGURATION MANAGEMENT

2.1.5 Ensure that the --read-only-port argument is set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.9 Ensure Telnet is disabledCIS Check Point Firewall L1 v1.1.0CheckPoint

CONFIGURATION MANAGEMENT

2.1.12 Ensure that the --cadvisor-port argument is set to 0CIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.13 Ensure that the --cadvisor-port argument is set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.9 Disable Samba Support - Make sure that /etc/sfw/smb.conf does not exist. Note this check is only applicable for Solaris 10 >= 11/06CIS Solaris 10 L1 v5.2Unix

CONFIGURATION MANAGEMENT

2.3.16.1 Ensure 'System settings: Optional subsystems' is set to 'Defined: (blank)'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONFIGURATION MANAGEMENT

2.4.8 Disable File Sharing - AppleFileServerCIS Apple macOS 10.13 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

3.1.5 Ensure that the --insecure-port argument is set to 0CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1Unix

CONFIGURATION MANAGEMENT

3.1.5 Ensure that the --insecure-port argument is set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

3.2 Restrict Recursive Queries - Authoritative Name ServerCIS BIND DNS v3.0.1 Authoritative Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Restrict Recursive Queries - Caching Name ServerCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.4 Prevent execution of expired tasksCIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS LinuxUnix

CONFIGURATION MANAGEMENT

3.3.4 Prevent execution of expired tasksCIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS WindowsWindows

CONFIGURATION MANAGEMENT

4.3 Enable Debug Level Daemon Logging/4.4 Capture syslog AUTH Messages - Check if svc:/system/system-log is onlineCIS Solaris 10 L1 v5.2Unix

AUDIT AND ACCOUNTABILITY

5.1.4 Ensure talk server is not enabledCIS Debian Linux 7 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.3 Ensure daytime is not enabledCIS Debian Linux 7 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.4 Ensure echo is not enabledCIS Debian Linux 7 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.7 Ensure privileged ports are not mapped within containersCIS Docker Community Edition v1.1.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

6.2.11 Ensure no users have .forward filesCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

8.4 Disable the HTTP Statistics ServerCIS BIND DNS v3.0.1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

8.4 Disable the HTTP Statistics ServerCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

8.5 Remove default databasesCIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS WindowsWindows

CONFIGURATION MANAGEMENT

8.5 Remove default databasesCIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS LinuxUnix

CONFIGURATION MANAGEMENT

9.2 Remove Unused SchemasCIS IBM DB2 v10 v1.1.0 Database Level 1IBM_DB2DB

CONFIGURATION MANAGEMENT

9.4 Remove Default DatabasesCIS IBM DB2 v10 v1.1.0 Linux OS Level 1Unix

CONFIGURATION MANAGEMENT

9.4 Remove Default DatabasesCIS IBM DB2 v10 v1.1.0 Linux OS Level 2Unix

CONFIGURATION MANAGEMENT

9.4 Remove Default DatabasesCIS IBM DB2 v10 v1.1.0 Windows OS Level 2Windows

CONFIGURATION MANAGEMENT

9.10 Check for Presence of User .rhosts FilesCIS Solaris 10 L1 v5.2Unix

CONFIGURATION MANAGEMENT

9.21 Check for Presence of User .forward FilesCIS Solaris 11.1 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

Huawei: Disable FTP IPV4TNS Huawei VRP Best Practice AuditHuawei

CONFIGURATION MANAGEMENT

Huawei: Disable FTP IPV6TNS Huawei VRP Best Practice AuditHuawei

CONFIGURATION MANAGEMENT

Huawei: Disable Telnet on IPV6TNS Huawei VRP Best Practice AuditHuawei

CONFIGURATION MANAGEMENT