Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.18 Ensure that the --secure-port argument is not set to 0CIS Red Hat OpenShift Container Platform v1.7.0 L1OpenShift

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.2.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriateCIS Red Hat OpenShift Container Platform v1.7.0 L1OpenShift

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.1 Ensure crypto-policies-scripts package is installedCIS SUSE Linux Enterprise 15 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.1 Ensure system wide crypto policy is not set to legacyCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.1 Ensure system wide crypto policy is not set to legacyCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure system wide crypto policy is not set in sshd configurationCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure system wide crypto policy disables sha1 hash and signature supportCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure system wide crypto policy disables sha1 hash and signature supportCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.4 Ensure system wide crypto policy disables macs less than 128 bitsCIS Red Hat Enterprise Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.4 Ensure system wide crypto policy disables macs less than 128 bitsCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.5 Ensure system wide crypto policy disables cbc for sshCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.5 Ensure system wide crypto policy disables cbc for sshCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.6 Ensure system wide crypto policy disables cbc for sshCIS SUSE Linux Enterprise 15 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.6 Ensure system wide crypto policy disables chacha20-poly1305 for sshCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.7 Ensure system wide crypto policy disables EtM for sshCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.7 Ensure system wide crypto policy disables EtM for sshCIS Red Hat Enterprise Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.7 Ensure system wide crypto policy disables EtM for sshCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.10 Ensure system-wide crypto policy is not legacyCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Ensure that the --auto-tls argument is not set to trueCIS Red Hat OpenShift Container Platform v1.7.0 L1OpenShift

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.1 (L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.1 Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.19 Ensure FIPS 140-2 OpenSSL Cryptography Is UsedCIS Oracle MySQL Community Server 8.4 v1.0.0 L1 DatabaseMySQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.7.3.11 Ensure sshd MACs are configuredCIS IBM AIX 7 v1.0.0 L1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.4 Ensure sshd Ciphers are configuredCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.4 Ensure sshd Ciphers are configuredCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.5 Ensure sshd KexAlgorithms is configuredCIS Red Hat Enterprise Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.5 Ensure sshd KexAlgorithms is configuredCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure sshd Ciphers are configuredCIS Debian Linux 11 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure sshd Ciphers are configuredCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.12 Ensure sshd KexAlgorithms is configuredCIS Debian Linux 11 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.12 Ensure sshd KexAlgorithms is configuredCIS Debian Linux 12 v1.1.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.2.14 Ensure system-wide crypto policy is not over-riddenCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure SSLEnabled is set to True for Sensitive ConnectorsCIS Apache Tomcat 11 v1.0.0 L1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDSMS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure WAL archiving is configured and functionalCIS PostgreSQL 17 v1.0.0 L1 PostgreSQLPostgreSQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Ensure SSL Compression is not EnabledCIS Apache HTTP Server 2.4 v2.2.0 L1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.9 Ensure All Web Content is Accessed via HTTPSCIS Apache HTTP Server 2.4 v2.2.0 L1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1 Ensure 'require_secure_transport' is Set to 'ON' and/or 'have_ssl' is Set to 'YES'CIS MySQL 8.4 Enterprise v1.0.0 L1 DatabaseMySQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1.1 Configure a Server-side Key Store for TLS (SSL_SVR_KEYDB)CIS IBM DB2 11 v1.1.0 Linux OS Level 1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1.11 Enable Remote TLS Connections to Db2 (DB2COMM)CIS IBM DB2 11 v1.1.0 Linux OS Level 1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

9.1 Ensure Replication Traffic is SecuredCIS MySQL 8.4 Enterprise v1.0.0 L1 DatabaseMySQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.1 Ensure All Group Replication Traffic is SecuredCIS MySQL 8.4 Enterprise v1.0.0 L1 DatabaseMySQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.5.4.1 (L1) Ensure 'Configure DNS over HTTPS (DoH) name resolution' is set to 'Enabled: Allow DoH' or higherCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.25.3 (L1) Ensure 'Enable password encryption' is set to 'Enabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.88.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.88.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.88.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.88.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Windows Server 2012 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION