Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.3 Ensure noexec option set on /tmp partitionCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.20 Ensure removable media partitions include noexec optionCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.22 Ensure nosuid option set on removable media partitionsCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.4.3 Ensure authentication required for single user modeCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.4 Ensure prelink is not installedCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1.2 Ensure SELinux is not disabled in bootloader configurationCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.6.1.4 Ensure the SELinux mode is enforcing or permissiveCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.6.3 Enable Randomized Virtual Memory Region Placement - kernel.randomize_va_space = 2CIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.1.1 Ensure xinetd is not installedCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.2.1.3 Ensure ntp is configuredCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

2.2.4 Ensure CUPS is not installedCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.2.14 Ensure NIS server is not installedCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.2.16 Ensure mail transfer agent is configured for local-only modeCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.2.18 Ensure rpcbind is not installed or the rpcbind services are maskedCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

3.3 Enable Strong TCP Sequence Number Generation - TCP_STRONG_ISS = 2CIS Solaris 11.1 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.5 Ensure suspicious packets are loggedCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

3.3.9 Ensure TCP SYN Cookies is enabledCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.5.1.2 Ensure iptables-services not installed with firewalldCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1.3 Ensure nftables either not installed or masked with firewalldCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.2 Ensure firewalld is either not installed or masked with nftablesCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.5 Ensure an nftables table existsCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.8 Ensure nftables outbound and established connections are configuredCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.11 Ensure nftables rules are permanentCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.1.3 Ensure firewalld is either not installed or masked with iptablesCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.2.3 Ensure iptables rules exist for all open portsCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.3.3 Ensure ip6tables firewall rules exist for all open portsCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.3.6 Ensure ip6tables is enabled and runningCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Verify that TLS CA certificate file permissions are set to 444 or more restrictiveCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.2.1.3 Ensure rsyslog default file permissions configuredCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

4.2.2.1 Ensure journald is configured to send logs to rsyslogCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.5 Ensure permissions on /etc/cron.weekly are configuredCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

5.3.13 Ensure SSH PermitEmptyPasswords is disabledCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.3.14 Ensure SSH PermitUserEnvironment is disabledCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.3.15 Ensure only strong Ciphers are usedCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3.21 Ensure SSH warning banner is configuredCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.7 Ensure that the EC2 Metadata Service only allows IMDSv2CIS Amazon Web Services Foundations v5.0.0 L1amazon_aws

CONFIGURATION MANAGEMENT

6.2.9 Ensure root is the only UID 0 accountCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.2.12 Ensure users own their home directoriesCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is UsedCIS PostgreSQL 13 OS v1.2.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is UsedCIS PostgreSQL 16 OS v1.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.4.1 Ensure 'Configure NetBIOS settings' is set to 'Enabled: Disable NetBIOS name resolution on public networks'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain ControllerWindows

CONFIGURATION MANAGEMENT

18.6.4.1 Ensure 'Configure NetBIOS settings' is set to 'Enabled: Disable NetBIOS name resolution on public networks'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.6.4.2 (L1) Ensure 'Configure NetBIOS settings' is set to 'Enabled: Disable NetBIOS name resolution on public networks'CIS Microsoft Windows Server 2019 v4.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.9.25.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.9.25.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

IDENTIFICATION AND AUTHENTICATION

18.10.79.1 (L1) Ensure 'Enable ESS with Supported Peripherals' is set to 'Enabled: 1'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions.DISA Cisco IOS XR Router NDM STIG v3r3Cisco

MAINTENANCE

MYS8-00-006200 - The MySQL Database Server 8.0 must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations.DISA Oracle MySQL 8.0 v2r2 DBMySQLDB

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-015700 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes.DISA STIG SQL Server 2016 Instance OS Audit v3r4Windows

SYSTEM AND COMMUNICATIONS PROTECTION