Item Search

NameAudit NamePluginCategory
1.1.3.10.10 Set 'Network access: Remotely accessible registry paths' to the following listCIS Windows 8 L1 v1.0.0Windows

ACCESS CONTROL

2.2.26 Ensure 'Deny log on as a batch job' to include 'Guests' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

2.2.26 Ensure 'Deny log on as a service' to include 'No one' (STIG DC only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

2.2.29 Ensure 'Deny log on as a service' to include 'No one' (STIG DC only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL

2.2.29 Ensure 'Deny log on as a service' to include 'No one' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

2.3.11.8 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption' - Require NTLMv2 session security, Require 128-bit encryptionCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.9 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption' - Require NTLMv2 session security, Require 128-bit encryptionCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.3.1 Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)' - Enabled: Disable driver (recommended)CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.3.6 (L1) Ensure 'Extended Protection for LDAP Authentication (Domain Controllers only)' is set to 'Enabled: Enabled, always (recommended)' (DC Only)CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

18.3.6 (L1) Ensure 'Extended Protection for LDAP Authentication (Domain Controllers only)' is set to 'Enabled: Enabled, always (recommended)' (DC Only)CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

18.9.11.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL

18.9.11.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.10.9.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

ACCESS CONTROL

18.10.10.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v4.0.0 BLWindows

ACCESS CONTROL

18.10.10.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

ACCESS CONTROL

18.10.10.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

ACCESS CONTROL

18.10.10.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

ACCESS CONTROL

18.10.10.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v4.0.0 BitLockerWindows

ACCESS CONTROL

18.10.10.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

ACCESS CONTROL

20.2 Ensure 'Active Directory AdminSDHolder object is configured with proper audit settings' (STIG DC only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

AUDIT AND ACCOUNTABILITY

20.2 Ensure 'Active Directory AdminSDHolder object is configured with proper audit settings' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

AUDIT AND ACCOUNTABILITY

20.2 Ensure 'Active Directory AdminSDHolder object is configured with proper audit settings' (STIG DC only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL

20.5 Ensure 'Active Directory Domain object is configured with proper audit settings' (STIG DC only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

AUDIT AND ACCOUNTABILITY

20.5 Ensure 'Active Directory Domain object is configured with proper audit settings' (STIG DC only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL

20.5 Ensure 'Active Directory Domain object is configured with proper audit settings' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

AUDIT AND ACCOUNTABILITY

20.7 Ensure 'Active Directory Group Policy objects have proper access control permissions' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

20.7 Ensure 'Active Directory Group Policy objects have proper access control permissions' (STIG DC only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

20.7 Ensure 'Active Directory Group Policy objects have proper access control permissions' (STIG DC only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL

20.8 Ensure 'Active Directory Infrastructure object is configured with proper audit settings' (STIG DC only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

AUDIT AND ACCOUNTABILITY

20.8 Ensure 'Active Directory Infrastructure object is configured with proper audit settings' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

AUDIT AND ACCOUNTABILITY

20.8 Ensure 'Active Directory Infrastructure object is configured with proper audit settings' (STIG DC only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL

20.15 Ensure 'Data files owned by users must be on a different logical partition from the directory server data files' (STIG DC only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

SYSTEM AND COMMUNICATIONS PROTECTION

20.15 Ensure 'Data files owned by users must be on a different logical partition from the directory server data files' (STIG DC only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

SYSTEM AND COMMUNICATIONS PROTECTION

20.15 Ensure 'Data files owned by users must be on a different logical partition from the directory server data files' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

SYSTEM AND COMMUNICATIONS PROTECTION

20.24 Ensure 'Domain Controllers run on a machine dedicated to that function' (STIG DC only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

CONFIGURATION MANAGEMENT

20.24 Ensure 'Domain Controllers run on a machine dedicated to that function' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

CONFIGURATION MANAGEMENT

20.24 Ensure 'Domain Controllers run on a machine dedicated to that function' (STIG DC only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

CONFIGURATION MANAGEMENT

20.32 Ensure 'krbtgt account password' is no more than '180 days old' (STIG DC only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION

20.32 Ensure 'krbtgt account password' is no more than '180 days old' (STIG DC only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

20.32 Ensure 'krbtgt account password' is no more than '180 days old' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

AADC-CN-000280 - Adobe Acrobat Pro DC Continuous access to unknown websites must be restricted.DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1Windows

CONFIGURATION MANAGEMENT

AADC-CN-001075 - The Adobe Acrobat Pro DC Continuous latest security-related software updates must be installed.DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1Windows

SYSTEM AND INFORMATION INTEGRITY

ARDC-CL-000120 - Adobe Reader DC must disable Service Upgrades.DISA STIG Adobe Acrobat Reader DC Classic Track v2r1Windows

CONFIGURATION MANAGEMENT

JUSX-VN-000019 - The Juniper SRX Services Gateway VPN must use multifactor authentication (e.g., DoD PKI) for network access to non-privileged accounts.DISA Juniper SRX Services Gateway VPN v3r1Juniper

IDENTIFICATION AND AUTHENTICATION

Network security: Allow Local System to use computer identity for NTLMMSCT Windows 10 v1507 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Network security: Allow Local System to use computer identity for NTLMMSCT Windows Server 2012 R2 DC v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Network security: Allow Local System to use computer identity for NTLMMSCT Windows Server 2016 MS v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Network security: Allow Local System to use computer identity for NTLMMSCT Windows Server 2012 R2 MS v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Network security: Allow Local System to use computer identity for NTLMMSCT Windows Server 2016 DC v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-004300 - SQL Server must be configured to generate audit records for DoD-defined auditable events within all DBMS/database components.DISA STIG SQL Server 2016 Instance DB Audit v3r4MS_SQLDB

AUDIT AND ACCOUNTABILITY