Item Search

Name	Audit Name	Plugin	Category
1.1.37 (L1) Ensure 'Maximum SSL version enabled' is set to 'Enabled: TLS 1.3'	CIS Mozilla Firefox ESR GPO v1.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only)	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.1 (L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'	CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.2 (L1) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.2 (L1) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.2 (L1) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.8.3 Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.11.5 (L1) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.11.9 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.11.9 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.11.9 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.11.10 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.11.10 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.11.55.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'	CIS Microsoft Intune for Windows 10 v3.0.1 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.11.55.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'	CIS Microsoft Intune for Windows 10 v3.0.1 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.11.55.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'	CIS Microsoft Intune for Windows 11 v3.0.1 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.10 Ensure the upstream traffic server certificate is trusted	CIS NGINX Benchmark v2.1.0 L2 Loadbalancer	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.12 Ensure session resumption is disabled to enable perfect forward security	CIS NGINX Benchmark v2.1.0 L2 Proxy	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.13 Ensure HTTP/2.0 is used	CIS NGINX Benchmark v2.1.0 L2 Webserver	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.2 Ensure Weak Protocols are Disabled	CIS MongoDB 7 v1.1.0 L1 MongoDB	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.2.6 Ensure sshd Ciphers are configured	CIS Oracle Linux 7 v4.0.0 L1 Workstation	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.4 Set Security TLS Version Maximum	CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.6.4.1 (L1) Ensure 'Configure DNS over HTTPS (DoH) name resolution' is set to 'Enabled: Allow DoH' or higher	CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.102.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.102.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.56.3.9.2 (L1) Ensure 'Require secure RPC communication' is set to 'Enabled'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.56.3.9.2 (L1) Ensure 'Require secure RPC communication' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.56.3.9.4 (L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.56.3.9.5 (L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.88.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'	CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.88.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.88.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.88.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.88.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.88.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.88.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.88.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.88.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.88.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.88.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.88.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.88.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.88.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
45.25 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send LM and NTLMv2 responses only. Refuse LM and NTLM'	CIS Microsoft Intune for Windows 10 v3.0.1 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
GEN005512 - The SSH client must only use message authentication codes (MACs) that employ FIPS 140-2 cryptographic hash algorithms.	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit	Unix	ACCESS CONTROL
GEN007980 - If using LDAP for auth or account information, must use a TLS connection using FIPS 140-2 approved algorithms - 'tls_ciphers'	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit	Unix	ACCESS CONTROL

Detections

Analytics

Item Search