Item Search

NameAudit NamePluginCategory
1.1.5 Ensure noexec option set on /tmp partitionCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

1.4.1.3 Ensure known default accounts do not existCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.5.1.3 Ensure remote login warning banner is configured properlyCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.1.1.1 Ensure time synchronization is in useCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

2.1.2 Ensure X Window System is not installedCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.1.3 Ensure NFS and RPC are not enabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.6 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL

2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

SYSTEM AND COMMUNICATIONS PROTECTION

2.2.13 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set to 'FALSE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

2.2.13 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set to 'FALSE'CIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

2.2.14 Ensure 'SQL92_SECURITY' Is Set to 'TRUE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

2.2.17 Ensure 'PDB_OS_CREDENTIAL' is NOT nullCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL

2.3.2 Set 'ip address' for 'ntp server'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

AUDIT AND ACCOUNTABILITY

3.2.5 Ensure broadcast ICMP requests are ignoredCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL

3.5 Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

IDENTIFICATION AND AUTHENTICATION

3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL

4.1 Ensure All Default Passwords Are ChangedCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

IDENTIFICATION AND AUTHENTICATION

4.1.1.1 Ensure correct container image is set for stackdriver logging agentCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.2.2 Ensure journald is configured to write logfiles to persistent diskCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

4.3 Ensure 'DBA_USERS.AUTHENTICATION_TYPE' Is Not Set to 'EXTERNAL' for Any UserCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL

4.6 Ensure No Public Database Links ExistCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.1.1 Ensure permissions on /etc/ssh/sshd_config are configuredCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

5.1.1.3 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Encryption" PackagesCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.1.3 Ensure permissions on SSH public host key files are configuredCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

5.1.3.2 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'DBA_%'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.1.8 Ensure SSH IgnoreRhosts is enabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.14 Ensure only strong MAC algorithms are usedCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.2.1 Ensure '%ANY%' Is Revoked from Unauthorized 'GRANTEE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.2.3 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'OUTLN'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.2.7 Ensure 'AUDIT SYSTEM' Is Revoked from Unauthorized 'GRANTEE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.2.11 Ensure 'ALTER SYSTEM' Is Revoked from Unauthorized 'GRANTEE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.2.12 Ensure 'CREATE ANY LIBRARY' Is Revoked from Unauthorized 'GRANTEE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.2.15 Ensure 'GRANT ANY ROLE' Is Revoked from Unauthorized 'GRANTEE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.3.1.3 Ensure password expiration warning days is 7 or moreCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.3.1.4 Ensure inactive password lock is 30 days or lessCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.3.2 Ensure 'EXECUTE_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.3.3 Ensure default group for the root account is GID 0CIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.1.6 Ensure the 'PUBLIC DATABASE LINK' Audit Option Is EnabledCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.7 Ensure permissions on /etc/group- are configuredCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.1.10 Ensure the 'SELECT ANY DICTIONARY' Audit Option Is EnabledCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.12 Ensure the 'GRANT ANY PRIVILEGE' Audit Option Is EnabledCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.13 Ensure the 'DROP ANY PROCEDURE' Audit Option Is EnabledCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.17 Ensure the 'TRIGGER' Audit Option Is EnabledCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.2.12 Ensure no users have .netrc filesCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.2.14 Ensure no users have .rhosts filesCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.2.18 Ensure no duplicate user names existCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

6.2.19 Ensure no duplicate group names existCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

DTAVSEL-010 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan all file types.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6Unix

SYSTEM AND INFORMATION INTEGRITY

WN12-AD-000005-DC - Domain created Active Directory Organizational Unit (OU) objects must have proper access control permissions.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

ACCESS CONTROL