Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.1 (L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL

2.3.7.5 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

IDENTIFICATION AND AUTHENTICATION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.9.1 (L1) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL

2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL

2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only)CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

9.1.1 (L1) Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.1.4 (L1) Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.1.7 (L1) Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION

9.3.2 (L1) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.3.10 (L1) Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION

17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.5.4 (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.6.1 (L1) Ensure 'Audit Detailed File Share' is set to include 'Failure'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION

17.7.1 (L1) Ensure 'Audit Audit Policy Change' is set to include 'Success'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.7.2 (L1) Ensure 'Audit Authentication Policy Change' is set to include 'Success'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only)CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

18.2.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' (MS only)CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL

18.3.1 (L1) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled' (MS only)CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL

18.3.5 (L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

SYSTEM AND INFORMATION INTEGRITY

18.4.1 (L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.4.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.4.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.5.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.5.10.2 (L2) Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.5.11.3 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL

18.5.20.1 (L2) Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.5.20.2 (L2) Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.6.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

SYSTEM AND INFORMATION INTEGRITY

18.8.22.1.5 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.22.1.6 (L2) Ensure 'Turn off Internet File Association service' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.22.1.9 (L2) Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.22.1.10 (L2) Ensure 'Turn off the 'Order Prints' picture task' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.22.1.13 (L2) Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.22.1.14 (L2) Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.34.6.1 (L1) Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL

18.8.36.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.37.2 (L2) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' (MS only)CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.48.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.53.1.1 (L2) Ensure 'Enable Windows NTP Client' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.9.65.3.3.1 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.65.3.3.4 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.65.3.10.1 (L2) Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less, but not Never (0)'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

ACCESS CONTROL

18.9.102.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

19.6.6.1.1 (L2) Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

19.7.47.2.1 (L2) Ensure 'Prevent Codec Download' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

CIS Microsoft IIS 8 Benchmark v1.5.1 Level 1CIS IIS 8.0 v1.5.1 Level 1Windows