Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.5 Ensure valid certificate is set for browser-based administrator interfaceCIS Palo Alto Firewall 11 v1.1.0 L2Palo_Alto

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.1 Ensure system wide crypto policy is not set to legacyCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure system wide crypto policy disables sha1 hash and signature supportCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure system wide crypto policy disables cbc for sshCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure system wide crypto policy disables cbc for sshCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.4 Ensure system wide crypto policy disables macs less than 128 bitsCIS Oracle Linux 8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Windows Server 2012 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain ControllerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.7 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'CIS Microsoft Windows Server 2019 v4.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.8 (L1) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higherCIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.8 (L1) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higherCIS Microsoft Windows Server 2019 v4.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.9 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.9 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Microsoft Windows Server 2019 v4.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.10 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Microsoft Windows Server 2019 v4.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.5.1.3 Ensure all user storage CoreStorage volumes are encryptedCIS Apple macOS 10.14 v2.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.22 Ensure sshd crypto_policy is not setCIS Oracle Linux 8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.22 Ensure sshd crypto_policy is not setCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3 Ensure 'Block Project-Wide SSH Keys' Is Enabled for VM InstancesCIS Google Cloud Platform v3.0.0 L1GCP

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.2.13 Ensure only strong ciphers are usedCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.2.15 Ensure only strong Key Exchange algorithms are usedCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3.2 Ensure all user storage CoreStorage volumes are encryptedCIS Apple macOS 14.0 Sonoma v2.1.0 L1Unix

IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3.2 Ensure all user storage CoreStorage volumes are encryptedCIS Apple macOS 15.0 Sequoia v1.1.0 L1Unix

IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

5.4.1 Ensure password creation requirements are configured - minlenCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.4.1 Ensure password creation requirements are configured - ocreditCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

IDENTIFICATION AND AUTHENTICATION

5.4.1 Ensure password creation requirements are configured - system-auth try_first_passCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

6.4 Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSLCIS Google Cloud Platform v3.0.0 L1GCP

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2019 v4.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

APPL-14-003008 The macOS system must restrict maximum password lifetime to 60 days.DISA Apple macOS 14 (Sonoma) STIG v2r3Unix

IDENTIFICATION AND AUTHENTICATION

CASA-ND-000520 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one uppercase character be used.DISA STIG Cisco ASA NDM v2r2Cisco

IDENTIFICATION AND AUTHENTICATION

GEN000540 - Users must not be able to change passwords more than once every 24 hours.DISA STIG AIX 6.1 v1r14Unix

IDENTIFICATION AND AUTHENTICATION

GEN000585 - The system must enforce the entire password during authentication - 'Verify no password hashes in the /etc/security/passwd'DISA STIG AIX 6.1 v1r14Unix

IDENTIFICATION AND AUTHENTICATION

GEN000595 - Password hashes must have been generated using a FIPS 140-2 hashing algorithm - 'Verify no password hashes in /etc/passwd'DISA STIG AIX 6.1 v1r14Unix

IDENTIFICATION AND AUTHENTICATION

GEN000595 - The password hashes must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - '/etc/shadow'DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

IDENTIFICATION AND AUTHENTICATION

GEN000740 - All non-interactive/automated processing account passwords must be changed at least once per year or be locked.DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

IDENTIFICATION AND AUTHENTICATION

GEN000800 - The system must prohibit the reuse of passwords within five iterations.DISA STIG AIX 6.1 v1r14Unix

IDENTIFICATION AND AUTHENTICATION

GEN002000 - There must be no .netrc files on the system.DISA STIG AIX 6.1 v1r14Unix

IDENTIFICATION AND AUTHENTICATION

GEN003850 - The telnet daemon must not be running.DISA STIG AIX 6.1 v1r14Unix

IDENTIFICATION AND AUTHENTICATION

GEN008050 - The /etc/ldap.conf file (or equivalent) must not contain passwords - 'ldapsslkeypwd: is not unencrypted'DISA STIG AIX 6.1 v1r14Unix

IDENTIFICATION AND AUTHENTICATION

MADB-10-003750 - If MariaDB authentication using passwords is employed, MariaDB must enforce the DOD standards for password lifetime.DISA MariaDB Enterprise 10.x v2r3 DBMySQLDB

IDENTIFICATION AND AUTHENTICATION

RHEL-09-611065 - RHEL 9 must enforce password complexity by requiring that at least one lowercase character be used.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-09-611090 - RHEL 9 passwords must be created with a minimum of 15 characters.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-09-611115 - RHEL 9 must require the change of at least eight characters when passwords are changed.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

IDENTIFICATION AND AUTHENTICATION

UBTU-24-400310 - Ubuntu 24.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.DISA Canonical Ubuntu 24.04 LTS STIG v1r1Unix

IDENTIFICATION AND AUTHENTICATION

UBTU-24-400320 - Ubuntu 24.04 LTS must enforce a minimum 15-character password length.DISA Canonical Ubuntu 24.04 LTS STIG v1r1Unix

IDENTIFICATION AND AUTHENTICATION

VCSA-80-000069 - The vCenter Server passwords must be at least 15 characters in length.DISA VMware vSphere 8.0 vCenter STIG v2r2VMware

IDENTIFICATION AND AUTHENTICATION