Item Search

Name	Audit Name	Plugin	Category
1.0.2 Use IP address rather than hostname - 'db2system = IP'	CIS IBM DB2 OS L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
1.0.4 Use non-standard account names - '!= db2inst1'	CIS IBM DB2 OS L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
2.0.2 Secure all database containers	CIS IBM DB2 OS L1 v1.2.0	Unix
2.0.3 Set umask value for DB2 admin user .profile file	CIS IBM DB2 OS L1 v1.2.0	Unix	ACCESS CONTROL
3.1.2 Encrypt user data across the network - 'authentication = Data_Encrypt'	CIS IBM DB2 OS L2 v1.2.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.1.4 Disable data links support - 'datalinks = no'	CIS IBM DB2 OS L2 v1.2.0	Unix	CONFIGURATION MANAGEMENT
3.1.5 Secure default database location - 'DFTDBPATH directory ownership'	CIS IBM DB2 OS L2 v1.2.0	Unix
3.1.6 Secure permission of default database location	CIS IBM DB2 OS L1 v1.2.0	Unix
3.1.8 Secure all diagnostic logs - 'diagpath location'	CIS IBM DB2 OS L1 v1.2.0	Unix	AUDIT AND ACCOUNTABILITY
3.1.9 Require instance name for discovery requests - 'discover = known'	CIS IBM DB2 OS L2 v1.2.0	Unix	CONFIGURATION MANAGEMENT
3.1.10 Disable instance discoverability - 'discover_inst = disable'	CIS IBM DB2 OS L2 v1.2.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.1.11 Authenticate federated users at the instance level - 'fed_noauth = no'	CIS IBM DB2 OS L2 v1.2.0	Unix	ACCESS CONTROL
3.1.14 Set maximum connection limits - 'max_coordagents <= 100'	CIS IBM DB2 OS L2 v1.2.0	Unix	ACCESS CONTROL
3.1.16 Enable server-based authentication - 'srvcon_auth = server'	CIS IBM DB2 OS L2 v1.2.0	Unix	IDENTIFICATION AND AUTHENTICATION
3.2.2 Auto-restart after abnormal termination - 'autorestart = on'	CIS IBM DB2 OS L2 v1.2.0	Unix	CONFIGURATION MANAGEMENT
3.2.6 Establish secure secondary archive location - 'logarchmeth2 location'	CIS IBM DB2 OS L1 v1.2.0	Unix
3.2.8 Establish secure tertiary archive location - 'failarchpath location'	CIS IBM DB2 OS L1 v1.2.0	Unix
3.2.10 Establish secure log mirror location - 'mirrorlogpath location'	CIS IBM DB2 OS L1 v1.2.0	Unix
3.2.11 Establish retention set size for backups - 'num_db_backups <= 100'	CIS IBM DB2 OS L2 v1.2.0	Unix	CONTINGENCY PLANNING, SYSTEM AND INFORMATION INTEGRITY
3.3.1 Establish DAS administrative group - 'dasadm_group name'	CIS IBM DB2 OS L1 v1.2.0	Unix	ACCESS CONTROL
3.3.4 Do not execute expired tasks - 'exec_exp_task = no'	CIS IBM DB2 OS L2 v1.2.0	Unix	CONFIGURATION MANAGEMENT
4.0.3 Review Security Label Component	CIS IBM DB2 OS L1 v1.2.0	Unix
4.6.11.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	CIS Microsoft Intune for Windows 10 v4.0.0 L1	Windows	IDENTIFICATION AND AUTHENTICATION
5.0.1 Enable Backup Redundancy	CIS IBM DB2 OS L2 v1.2.0	Unix
5.0.3 Enable Database Maintenance - 'auto_maint = on'	CIS IBM DB2 OS L2 v1.2.0	Unix	CONFIGURATION MANAGEMENT
5.0.4 Schedule Runstat and Reorg	CIS IBM DB2 OS L1 v1.2.0	Unix
7.0.1 Establish an administrator group - 'sysadm_group value'	CIS IBM DB2 OS L2 v1.2.0	Unix	ACCESS CONTROL
7.0.2 Establish system control group - 'sysctrl_group value'	CIS IBM DB2 OS L2 v1.2.0	Unix	ACCESS CONTROL
7.0.4 Establish system monitoring group - 'sysmon_group users'	CIS IBM DB2 OS L1 v1.2.0	Unix	ACCESS CONTROL
8.0.6 Enable SSL communication with LDAP server	CIS IBM DB2 OS L2 v1.2.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
8.0.8 Secure the permission of the SSLconfig.ini file	CIS IBM DB2 OS L2 v1.2.0	Unix
18.9.11.2.3 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.4 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.11 (BL) Ensure 'Configure minimum PIN length for startup' is set to 'Enabled: 7 or more characters'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	CONFIGURATION MANAGEMENT
18.9.11.2.15 Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.18 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.18 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.9 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.9 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'	CIS Microsoft Windows 10 Stand-alone v3.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.9 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.1.10 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	CIS Microsoft Windows 11 Stand-alone v4.0.0 BL	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.8 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.9 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.9 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.3.10 (BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.3.10 (BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'	CIS Microsoft Windows 11 Stand-alone v4.0.0 BL	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.3.13 (BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

Detections

Analytics

Item Search