Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.6.1 Ensure system wide crypto policy is not set to legacyCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.1 Ensure system wide crypto policy is not set to legacyCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure system wide crypto policy is not set in sshd configurationCIS SUSE Linux Enterprise 15 v2.0.1 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.4 Ensure system wide crypto policy disables macs less than 128 bitsCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.5 Ensure system wide crypto policy disables cbc for sshCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.5 Ensure system wide crypto policy disables cbc for sshCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.6 Ensure system wide crypto policy disables chacha20-poly1305 for sshCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.7 Ensure system wide crypto policy disables chacha20-poly1305 for sshCIS SUSE Linux Enterprise 15 v2.0.1 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.7 Ensure system wide crypto policy disables EtM for sshCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.3 Ensure 'ACCEPT_SHA1_CERTS' Is Configured CorrectlyCIS Oracle Database 23ai v1.0.0 L1 RDBMS On Linux Host OSUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.3 Ensure 'ACCEPT_SHA1_CERTS' Is Configured CorrectlyCIS Oracle Database 23ai v1.0.0 L1 RDBMS On Windows Server Host OSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.2 Ensure 'ACCEPT_SHA1_CERTS' Is NOT SetCIS Oracle Database 23ai v1.0.0 L1 RDBMS On Windows Server Host OSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.3 Ensure 'ALLOWED_WEAK_CERT_ALGORITHMS' Is NOT SetCIS Oracle Database 23ai v1.0.0 L1 RDBMS On Linux Host OSUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.10 Ensure 'SQLNET.CRYPTO_CHECKSUM_CLIENT' Is Set To 'REQUIRED'CIS Oracle Database 23ai v1.0.0 L1 RDBMS On Windows Server Host OSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.1 (L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.7 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.7 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.7 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.7 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.8 (L1) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higherCIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.9 (L1) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higherCIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.9 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.10 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.10 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.11 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.11.36.4.9.2 (L1) Ensure 'Require secure RPC communication' is set to 'Enabled'CIS Microsoft Intune for Windows 10 v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.11.36.4.9.4 (L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'CIS Microsoft Intune for Windows 10 v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.11.55.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Intune for Windows 11 v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.11.55.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Intune for Windows 11 v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.4 Ensure sshd Ciphers are configuredCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.4 Ensure sshd Ciphers are configuredCIS SUSE Linux Enterprise 15 v2.0.1 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.5 Ensure sshd KexAlgorithms is configuredCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3.15 Ensure only strong Ciphers are usedCIS Amazon Linux 2 STIG v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.1.3 Ensure 'SMB channel encryption' is set to 'AES-256-GCM' or higher for SMB file sharesCIS Microsoft Azure Foundations v4.0.0 L1microsoft_azure

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.3.7 Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'CIS Microsoft Azure Foundations v4.0.0 L1microsoft_azure

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.57.3.9.3 (L1) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.57.3.9.4 (L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.57.3.9.4 (L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

49.25 (L1) Ensure 'Network Security Minimum Session Security For NTLMSSP Based Clients' is set to 'Require NTLM and 128-bit encryption'CIS Microsoft Intune for Windows 11 v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION