Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.3 Ensure a customer created Customer Master Key (CMK) is created for the Database-TierCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0amazon_aws

ACCESS CONTROL

1.11 Ensure Web Tier ELB is using HTTPS listenerCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0amazon_aws

IDENTIFICATION AND AUTHENTICATION

1.16 Ensure all S3 buckets have policy to require server-side and in transit encryption for all objects stored in bucket.CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1 Disable Bluetooth, if no paired devices existCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix
2.1.1 Disable Bluetooth, if no paired devices exist - Bluetooth is disabledCIS Apple OSX 10.11 El Capitan L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

2.1.1 Disable Bluetooth, if no paired devices exist - Bluetooth is pairedCIS Apple OSX 10.11 El Capitan L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

2.8 Ensure monitoring and alerting exists for new share exposuresCIS Snowflake Foundations v1.0.0 L1Snowflake

AUDIT AND ACCOUNTABILITY

3.1 Ensure each Auto-Scaling Group has an associated Elastic Load BalancerCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

CONFIGURATION MANAGEMENT

3.7 Ensure Relational Database Service backup retention policy is setCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

CONTINGENCY PLANNING

3.13 Ensure all CloudFront Distributions require HTTPS between CloudFront and your Web-Tier ELB originCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

4.1 Ensure a SNS topic is created for sending out notifications from Cloudtwatch Alarms and Auto-Scaling GroupsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

4.2 Ensure a SNS topic is created for sending out notifications from RDS eventsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

5.1 Ensure all resources are correctly taggedCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

CONFIGURATION MANAGEMENT

5.2 Ensure AWS Elastic Load Balancer logging is enabledCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

AUDIT AND ACCOUNTABILITY

6.2 Ensure a DNS alias record for the root domainCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.6 Ensure subnets for the Web tier are createdCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.15 Ensure Routing Table associated with App tier subnet have the default route (0.0.0.0/0) defined to allow connectivityCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.19 Create the Web tier Security Group and ensure it allows inbound connections from Web tier ELB Security Group for explicit portsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.20 Ensure Web tier Security Group has no inbound rules for CIDR of 0 (Global Allow)CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.28 Ensure EC2 instances within App Tier have no Elastic / Public IP addresses associatedCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

Big Sur - Disable Accounts after 35 Days of InactivityNIST macOS Big Sur v1.4.0 - 800-171Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

Big Sur - Disable Accounts after 35 Days of InactivityNIST macOS Big Sur v1.4.0 - All ProfilesUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

Big Sur - Disable Accounts after 35 Days of InactivityNIST macOS Big Sur v1.4.0 - CNSSI 1253Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

Catalina - Disable Accounts after 35 Days of InactivityNIST macOS Catalina v1.5.0 - 800-53r5 HighUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

Catalina - Disable Accounts after 35 Days of InactivityNIST macOS Catalina v1.5.0 - CNSSI 1253Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

FireEye - AAA LDAP binding user should not be an adminTNS FireEyeFireEye

ACCESS CONTROL

FireEye - AAA user mapping sourceTNS FireEyeFireEye

CONFIGURATION MANAGEMENT

FireEye - FENet patch updates are applied automaticallyTNS FireEyeFireEye

SYSTEM AND INFORMATION INTEGRITY

FireEye - FireEye Web MPS versionTNS FireEyeFireEye

CONFIGURATION MANAGEMENT

FireEye - Greylist URL listTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

FireEye - Inline blocking mode configurationTNS FireEyeFireEye

SYSTEM AND COMMUNICATIONS PROTECTION

FireEye - Inline blocking network whitelistsTNS FireEyeFireEye

SYSTEM AND COMMUNICATIONS PROTECTION

FireEye - Inline blocking signature policy exceptionsTNS FireEyeFireEye

SYSTEM AND COMMUNICATIONS PROTECTION

FireEye - Interface configurationTNS FireEyeFireEye

SYSTEM AND COMMUNICATIONS PROTECTION

FireEye - IPMI is enabledTNS FireEyeFireEye

CONFIGURATION MANAGEMENT

FireEye - List patchesTNS FireEyeFireEye

SYSTEM AND INFORMATION INTEGRITY

FireEye - Login bannerTNS FireEyeFireEye

ACCESS CONTROL

FireEye - Usernames admin listTNS FireEyeFireEye

ACCESS CONTROL

FireEye - Usernames listTNS FireEyeFireEye

ACCESS CONTROL

FireEye - Workorder statsTNS FireEyeFireEye

AUDIT AND ACCOUNTABILITY

Monterey - Disable Accounts after 35 Days of InactivityNIST macOS Monterey v1.0.0 - 800-171Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

Monterey - Disable Accounts after 35 Days of InactivityNIST macOS Monterey v1.0.0 - 800-53r4 LowUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

Monterey - Disable Accounts after 35 Days of InactivityNIST macOS Monterey v1.0.0 - CNSSI 1253Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

RHEL-06-000285 - The system must have a host-based intrusion detection tool installed - MFEhiplsmDISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

SYMP-AG-000240 - The reverse proxy Symantec ProxySG providing intermediary services for FTP must inspect inbound FTP communications traffic for protocol compliance and protocol anomalies - Forwarding HostDISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000240 - The reverse proxy Symantec ProxySG providing intermediary services for FTP must inspect inbound FTP communications traffic for protocol compliance and protocol anomalies - Review ProxiesDISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000270 - Symantec ProxySG providing intermediary services for HTTP must inspect outbound HTTP traffic for protocol compliance and protocol anomalies - InternalDISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000660 - Symantec ProxySG providing content filtering must send an alert to, at a minimum, the ISSO and ISSM when detection events occur.DISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

SYSTEM AND INFORMATION INTEGRITY

WBLC-02-000069 - Oracle WebLogic must generate audit records for the DoD-selected list of auditable events - HTTP Access LogOracle WebLogic Server 12c Linux v2r2 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

WBLC-02-000069 - Oracle WebLogic must generate audit records for the DoD-selected list of auditable events.Oracle WebLogic Server 12c Windows v2r2Windows

AUDIT AND ACCOUNTABILITY