Item Search

Name	Audit Name	Plugin	Category
1.3.1 Ensure 'Image Integrity' is correct	CIS Cisco ASA 9.x Firewall L1 v1.1.0	Cisco	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
1.5.4 Ensure 'MOTD banner' is set	CIS Cisco ASA 9.x Firewall L1 v1.1.0	Cisco	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
1.11.3 Ensure 'snmp-server host' is set to 'version 3'	CIS Cisco ASA 9.x Firewall L1 v1.1.0	Cisco	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabled	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabled	CIS Palo Alto Firewall 11 v1.1.0 L1	Palo_Alto	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
3.1.2.2 If Possible, Limit the BGP Routes Accepted from Peers	CIS Cisco NX-OS v1.2.0 L2	Cisco	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
3.2.5 Ensure broadcast ICMP requests are ignored	CIS Google Container-Optimized OS v1.2.0 L1 Server	Unix	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
3.2.7 Ensure Reverse Path Filtering is enabled	CIS Google Container-Optimized OS v1.2.0 L1 Server	Unix	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
3.2.9 Ensure IPv6 router advertisements are not accepted	CIS Google Container-Optimized OS v1.2.0 L2 Server	Unix	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
3.5 Ensure DOS protection is enabled for untrusted interfaces	CIS Cisco ASA 9.x Firewall L1 v1.1.0	Cisco	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
3.11 Ensure Java applet filtering is enabled	CIS Cisco ASA 9.x Firewall L2 v1.1.0	Cisco	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
5.7.4 The default namespace should not be used	CIS Kubernetes v1.24 Benchmark v1.0.0 L2 Master	Unix	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
5.7.4 The default namespace should not be used	CIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master	Unix	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
5.7.4 The default namespace should not be used	CIS Kubernetes v1.23 Benchmark v1.0.1 L2 Master	Unix	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
6.1 Ensure that SNMP access is allowed to trusted agents IPs only	CIS F5 Networks v1.0.0 L1	F5	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
AMLS-L3-000300 - The Arista Multilayer Switch must only allow incoming communications from authorized sources to be routed to authorized destinations.	DISA STIG Arista MLS DCS-7000 Series RTR v1r4	Arista	SYSTEM AND COMMUNICATIONS PROTECTION
Big Sur - Disable Location Services	NIST macOS Big Sur v1.4.0 - 800-53r4 Low	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
Big Sur - Disable Location Services	NIST macOS Big Sur v1.4.0 - 800-53r5 Low	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
Big Sur - Disable Location Services	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
Big Sur - Disable Location Services	NIST macOS Big Sur v1.4.0 - All Profiles	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
Big Sur - Disable Location Services	NIST macOS Big Sur v1.4.0 - CNSSI 1253	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
Catalina - Disable Location Services	NIST macOS Catalina v1.5.0 - 800-53r4 Low	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
Catalina - Disable Location Services	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
CISC-L2-000210 - The Cisco switch must have all disabled switch ports assigned to an unused VLAN.	DISA STIG Cisco IOS Switch L2S v3r1	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-L2-000230 - The Cisco switch must have the default VLAN pruned from all trunk ports that do not require it.	DISA STIG Cisco IOS Switch L2S v3r1	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-L2-000250 - The Cisco switch must have all user-facing or untrusted ports configured as access switch ports.	DISA STIG Cisco IOS Switch L2S v3r1	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-L2-000250 - The Cisco switch must have all user-facing or untrusted ports configured as access switch ports.	DISA STIG Cisco IOS XE Switch L2S v3r1	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-L2-000260 - The Cisco switch must have the native VLAN assigned to an ID other than the default VLAN for all 802.1q trunk links.	DISA STIG Cisco IOS Switch L2S v3r1	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-RT-000240 - The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception.	DISA Cisco NX OS Switch RTR STIG v3r3	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.	DISA Cisco IOS XE Router RTR STIG v3r3	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-RT-000270 - The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes.	DISA STIG Cisco IOS Switch RTR v3r1	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-RT-000370 - The Cisco perimeter router must be configured to have Cisco Discovery Protocol (CDP) disabled on all external interfaces.	DISA Cisco IOS XR Router RTR STIG v3r2	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-RT-000370 - The Cisco perimeter router must be configured to have Cisco Discovery Protocol (CDP) disabled on all external interfaces.	DISA Cisco IOS XE Router RTR STIG v3r3	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-RT-000750 - The Cisco PE router must be configured to ignore or block all packets with any IP options.	DISA Cisco IOS XR Router RTR STIG v3r2	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-RT-000860 - The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization.	DISA Cisco IOS XE Router RTR STIG v3r3	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-RT-000870 - The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization.	DISA Cisco IOS XR Router RTR STIG v3r2	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-RT-000870 - The Cisco multicast Designated switch (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization.	DISA STIG Cisco IOS XE Switch RTR v3r1	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-RT-000900 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers.	DISA Cisco IOS Router RTR STIG v3r3	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-RT-000900 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers.	DISA Cisco IOS XE Router RTR STIG v3r3	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
CISC-RT-000900 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to only accept MSDP packets from known MSDP peers.	DISA Cisco NX OS Switch RTR STIG v3r3	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
JUNI-RT-000260 - The Juniper perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	DISA STIG Juniper Router RTR v3r2	Juniper	SYSTEM AND COMMUNICATIONS PROTECTION
JUNI-RT-000270 - The Juniper perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - prefix-list	DISA STIG Juniper Router RTR v3r2	Juniper	SYSTEM AND COMMUNICATIONS PROTECTION
JUNI-RT-000890 - The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers - filters	DISA STIG Juniper Router RTR v3r2	Juniper	SYSTEM AND COMMUNICATIONS PROTECTION
JUSX-VN-000028 - The Juniper SRX Services Gateway VPN must disable split-tunneling for remote clients VPNs.	DISA Juniper SRX Services Gateway VPN v3r1	Juniper	SYSTEM AND COMMUNICATIONS PROTECTION
SYMP-AG-000240 - The reverse proxy Symantec ProxySG providing intermediary services for FTP must inspect inbound FTP communications traffic for protocol compliance and protocol anomalies - Forwarding Host	DISA Symantec ProxySG Benchmark ALG v1r3	BlueCoat	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
SYMP-AG-000250 - Symantec ProxySG providing intermediary services for FTP must inspect outbound FTP communications traffic for protocol compliance and protocol anomalies.	DISA Symantec ProxySG Benchmark ALG v1r3	BlueCoat	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
SYMP-AG-000260 - Symantec ProxySG providing intermediary services for HTTP must inspect inbound HTTP traffic for protocol compliance and protocol anomalies - Internal	DISA Symantec ProxySG Benchmark ALG v1r3	BlueCoat	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
SYMP-AG-000270 - Symantec ProxySG providing intermediary services for HTTP must inspect outbound HTTP traffic for protocol compliance and protocol anomalies - External	DISA Symantec ProxySG Benchmark ALG v1r3	BlueCoat	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
WBLC-08-000238 - Oracle WebLogic must fail securely in the event of an operational failure - Listen Port	Oracle WebLogic Server 12c Linux v2r2	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
WBLC-08-000238 - Oracle WebLogic must fail securely in the event of an operational failure - SSL Listen Port	Oracle WebLogic Server 12c Linux v2r2 Middleware	Unix	SYSTEM AND COMMUNICATIONS PROTECTION

Detections

Analytics

Item Search