1.9 Ensure Days of non-use before lock-out is set to 30 | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
1.10 Ensure 'Install unknown apps' is set to 'Disabled' | AirWatch - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
1.10 Ensure 'Install unknown apps' is set to 'Disabled' | MobileIron - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
1.10.2 Ensure 'logging to monitor' is disabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
1.13 Ensure Allow access again after time is set to 300 or more seconds | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
2.1.1 Ensure 'Login Banner' is set - message banner msgvalue | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
2.1.1 Ensure 'Login Banner' is set - message banner on | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
2.1.3 Ensure Core Dump is enabled | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.5 Ensure unused interfaces are disabled | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.6 Ensure DNS server is configured - tertiary | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.10 Ensure DHCP is disabled | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
2.2.2 Ensure SNMP version is set to v3-Only | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
2.2.3 Ensure SNMP traps is enabled - coldStart | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
2.2.3 Ensure SNMP traps is enabled - configurationChange | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
2.2.3 Ensure SNMP traps is enabled - linkUpLinkDown | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
2.2.3 Ensure SNMP traps is enabled - lowDiskSpace | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
2.3.1 Ensure NTP is enabled and IP address is set for Primary and Secondary NTP server - ntp active | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
2.3.1 Ensure NTP is enabled and IP address is set for Primary and Secondary NTP server - ntp server secondary | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
2.4.2 Ensure 'Snapshot' is set | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
2.4.3 Configuring Scheduled Backups | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
2.5.1 Ensure CLI session timeout is set to less than or equal to 10 minutes | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
2.5.4 Ensure Radius or TACACS+ server is configured - aaa server | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
2.5.5 Ensure allowed-client is set to those necessary for device management | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2 Configure a Default Drop/Cleanup Rule | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.1.14 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
3.3 Use Checkpoint Sections and Titles | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
3.4 Ensure Hit count is Enable for the rules | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SECURITY ASSESSMENT AND AUTHORIZATION |
3.5 Ensure no Allow Rule with Any in Destination filed present in the Firewall Rules | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
3.6 Ensure no Allow Rule with Any in Source filed present in the Firewall Rules | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
3.7 Ensure no Allow Rule with Any in Services filed present in the Firewall Rules | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
3.10 Ensure Drop Out of State TCP Packets is enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SECURITY ASSESSMENT AND AUTHORIZATION |
3.11 Ensure Drop Out of State ICMP Packets is enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SECURITY ASSESSMENT AND AUTHORIZATION |
3.18 Ensure Allow bi-directional NAT is enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
3.19 Ensure Automatic ARP Configuration NAT is enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
3.20 Ensure Logging is enabled for Track Options of Global Properties | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
4.7 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
5.3 Ensure a client list is set for SNMPv1/v2 communities | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
18.8.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
18.8.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
OL6-00-000013 - The system package management tool must cryptographically verify the authenticity of system software packages during installation. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
RHEL-06-000013 - The system package management tool must cryptographically verify the authenticity of system software packages during installation. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
RHEL-06-000530 - The Red Hat Enterprise Linux operating system must mount /dev/shm with the nodev option. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
RHEL-07-021320 - The Red Hat Enterprise Linux operating system must use a separate file system for /var. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
RHEL-07-030760 - The Red Hat Enterprise Linux operating system must audit all uses of the postdrop command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
RHEL-07-040680 - The Red Hat Enterprise Linux operating system must be configured to prevent unrestricted mail relaying. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
RHEV: Administrative Roles | Tenable RedHat Enterprise Virtualization | RHEV | |
RHEV: Roles | Tenable RedHat Enterprise Virtualization | RHEV | |
RHEV: Storage Domains | Tenable RedHat Enterprise Virtualization | RHEV | |
RHEV: Users | Tenable RedHat Enterprise Virtualization | RHEV | |
WPAW-00-000600 - All high-value IT resources must be assigned to a specific administrative tier to separate highly sensitive resources from less sensitive resources. | DISA MS Windows Privileged Access Workstation v3r1 | Windows | CONFIGURATION MANAGEMENT |