Item Search

Name	Audit Name	Plugin	Category
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictive	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master	Unix	ACCESS CONTROL, MEDIA PROTECTION
1.1.15 Ensure that the scheduler.conf file permissions are set to 600 or more restrictive	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master	Unix	ACCESS CONTROL, MEDIA PROTECTION
1.2.23 Ensure that the --service-account-lookup argument is set to true	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master	Unix	ACCESS CONTROL, MEDIA PROTECTION
2.2 Verify world writable directories provide unlink() protection	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
2.2.1.9 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'	MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.2.1.10 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'	MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.2.1.10 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'	AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.2.1.11 Ensure 'Allow Handoff' is set to 'Disabled'	MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L2	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.2.1.13 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled'	AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.5 Ensure that the --peer-client-cert-auth argument is set to true	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master	Unix	ACCESS CONTROL, MEDIA PROTECTION
2.7.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'	AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.9 Ensure 'Trustworthy' Database Property is set to 'Off'	CIS SQL Server 2016 Database L1 DB v1.4.0	MS_SQLDB	ACCESS CONTROL, MEDIA PROTECTION
3.2 Ensure CONNECT permissions on the 'guest' user is Revoked within all SQL Server databases	CIS SQL Server 2017 Database L1 AWS RDS v1.3.0	MS_SQLDB	ACCESS CONTROL, MEDIA PROTECTION
3.2 Ensure CONNECT permissions on the 'guest' user is Revoked within all SQL Server databases	CIS SQL Server 2022 Database L1 AWS RDS v1.1.0	MS_SQLDB	ACCESS CONTROL, MEDIA PROTECTION
3.2.1.1 Ensure 'Allow screenshots and screen recording' is set to 'Disabled'	MobileIron - CIS Apple iOS 17 Institution Owned L2	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.2.1.22 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'	AirWatch - CIS Apple iOS 17 Institution Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.2.1.22 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'	AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.2.1.22 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'	MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.2.9 CDE - /etc/dt/config/Xconfig permissions and ownership - /etc/dt/config/Xconfig permissions and ownership	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.6.2.2 /etc/mail/sendmail.cf - permissions and ownership	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.7.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'	AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled'	AirWatch - CIS Apple iOS 17 Institution Owned L2	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled'	MobileIron - CIS Apple iPadOS 17 Institutionally Owned L2	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.7.2.1 crontab entries - owned by userid - owned by userid	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.7.2.5 /etc/inetd.conf	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.7.2.14 /var/tmp/dpid2.log	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.1.3 If proxy kubeconfig file exists ensure permissions are set to 600 or more restrictive	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.1.5 Ensure that the --kubeconfig kubelet.conf file permissions are set to 600 or more restrictive	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.1.7 Ensure that the certificate authorities file permissions are set to 600 or more restrictive	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.2.4 Ensure permissions on all logfiles are configured	CIS Debian 8 Workstation L1 v2.0.2	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.4 Restrict access to Tomcat logs directory	CIS Apache Tomcat 10 L1 v1.1.0 Middleware	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.7 Restrict access to Tomcat web application directory	CIS Apache Tomcat 9 L1 v1.2.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.7 Restrict access to Tomcat web application directory	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.8 Restrict access to Tomcat catalina.properties	CIS Apache Tomcat 10 L1 v1.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.8 Restrict access to Tomcat catalina.properties	CIS Apache Tomcat 10 L1 v1.1.0 Middleware	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.11 Restrict access to Tomcat logging.properties	CIS Apache Tomcat 10 L1 v1.1.0 Middleware	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.12 Restrict access to Tomcat server.xml	CIS Apache Tomcat 10 L1 v1.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.13 Restrict access to Tomcat tomcat-users.xml	CIS Apache Tomcat 10 L1 v1.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.13 Restrict access to Tomcat tomcat-users.xml	CIS Apache Tomcat 10 L1 v1.1.0 Middleware	Unix	ACCESS CONTROL, MEDIA PROTECTION
5.1.1 Ensure Home Folders Are Secure	CIS Apple macOS 11.0 Big Sur v4.0.0 L1	Unix	ACCESS CONTROL, MEDIA PROTECTION
5.1.6 Ensure No World Writable Files Exist in the Library Folder	CIS Apple macOS 10.15 Catalina v3.0.0 L2	Unix	ACCESS CONTROL, MEDIA PROTECTION
7.4 Ensure directory in context.xml is a secure location - configuration	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	ACCESS CONTROL, MEDIA PROTECTION
7.4 Ensure directory in context.xml is a secure location - permissions	CIS Apache Tomcat 9 L1 v1.2.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
7.5 Ensure No Users Have Wildcard Hostnames	CIS MariaDB 10.6 Database L1 v1.1.0	MySQLDB	ACCESS CONTROL, MEDIA PROTECTION
8.1 Restrict runtime access to sensitive packages	CIS Apache Tomcat 10 L1 v1.1.0 Middleware	Unix	ACCESS CONTROL, MEDIA PROTECTION
DG0008-ORACLE11 - Application objects should be owned by accounts authorized for ownership.	DISA STIG Oracle 11 Instance v9r1 Database	OracleDB	ACCESS CONTROL
DG0051-ORACLE11 - Database job/batch queues should be reviewed regularly to detect unauthorized database job submissions - 'max_job_slave_processes limit is set'	DISA STIG Oracle 11 Instance v9r1 Database	OracleDB	ACCESS CONTROL
DG0085-ORACLE11 - The DBA role should not be assigned excessive or unauthorized privileges.	DISA STIG Oracle 11 Instance v9r1 Database	OracleDB	ACCESS CONTROL
DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle install account is not a member of the oracle group'	DISA STIG Oracle 11 Installation v9r1 Linux	Unix	ACCESS CONTROL

Detections

Analytics

Item Search