Item Search

NameAudit NamePluginCategory
1.9 Ensure Days of non-use before lock-out is set to 30CIS Check Point Firewall L1 v1.1.0CheckPoint

ACCESS CONTROL

1.10 Ensure 'Install unknown apps' is set to 'Disabled'AirWatch - CIS Google Android v1.3.0 L1MDM

CONFIGURATION MANAGEMENT

1.10 Ensure 'Install unknown apps' is set to 'Disabled'MobileIron - CIS Google Android v1.3.0 L1MDM

CONFIGURATION MANAGEMENT

1.10.2 Ensure 'logging to monitor' is disabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.13 Ensure Allow access again after time is set to 300 or more secondsCIS Check Point Firewall L1 v1.1.0CheckPoint

ACCESS CONTROL

2.1.1 Ensure 'Login Banner' is set - message banner msgvalueCIS Check Point Firewall L1 v1.1.0CheckPoint

ACCESS CONTROL

2.1.1 Ensure 'Login Banner' is set - message banner onCIS Check Point Firewall L1 v1.1.0CheckPoint

ACCESS CONTROL

2.1.3 Ensure Core Dump is enabledCIS Check Point Firewall L1 v1.1.0CheckPoint

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.5 Ensure unused interfaces are disabledCIS Check Point Firewall L1 v1.1.0CheckPoint

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.6 Ensure DNS server is configured - tertiaryCIS Check Point Firewall L1 v1.1.0CheckPoint

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.10 Ensure DHCP is disabledCIS Check Point Firewall L1 v1.1.0CheckPoint

CONFIGURATION MANAGEMENT

2.2.2 Ensure SNMP version is set to v3-OnlyCIS Check Point Firewall L1 v1.1.0CheckPoint

CONFIGURATION MANAGEMENT

2.2.3 Ensure SNMP traps is enabled - coldStartCIS Check Point Firewall L1 v1.1.0CheckPoint

AUDIT AND ACCOUNTABILITY

2.2.3 Ensure SNMP traps is enabled - configurationChangeCIS Check Point Firewall L1 v1.1.0CheckPoint

AUDIT AND ACCOUNTABILITY

2.2.3 Ensure SNMP traps is enabled - linkUpLinkDownCIS Check Point Firewall L1 v1.1.0CheckPoint

AUDIT AND ACCOUNTABILITY

2.2.3 Ensure SNMP traps is enabled - lowDiskSpaceCIS Check Point Firewall L1 v1.1.0CheckPoint

AUDIT AND ACCOUNTABILITY

2.3.1 Ensure NTP is enabled and IP address is set for Primary and Secondary NTP server - ntp activeCIS Check Point Firewall L1 v1.1.0CheckPoint

AUDIT AND ACCOUNTABILITY

2.3.1 Ensure NTP is enabled and IP address is set for Primary and Secondary NTP server - ntp server secondaryCIS Check Point Firewall L1 v1.1.0CheckPoint

AUDIT AND ACCOUNTABILITY

2.4.2 Ensure 'Snapshot' is setCIS Check Point Firewall L1 v1.1.0CheckPoint

CONFIGURATION MANAGEMENT

2.4.3 Configuring Scheduled BackupsCIS Check Point Firewall L1 v1.1.0CheckPoint

CONFIGURATION MANAGEMENT

2.5.1 Ensure CLI session timeout is set to less than or equal to 10 minutesCIS Check Point Firewall L1 v1.1.0CheckPoint

ACCESS CONTROL

2.5.4 Ensure Radius or TACACS+ server is configured - aaa serverCIS Check Point Firewall L1 v1.1.0CheckPoint

ACCESS CONTROL

2.5.5 Ensure allowed-client is set to those necessary for device managementCIS Check Point Firewall L2 v1.1.0CheckPoint

SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Configure a Default Drop/Cleanup RuleCIS Check Point Firewall L2 v1.1.0CheckPoint

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1.14 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled'MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally OwnedMDM

CONFIGURATION MANAGEMENT

3.3 Use Checkpoint Sections and TitlesCIS Check Point Firewall L1 v1.1.0CheckPoint

CONFIGURATION MANAGEMENT

3.4 Ensure Hit count is Enable for the rulesCIS Check Point Firewall L2 v1.1.0CheckPoint

SECURITY ASSESSMENT AND AUTHORIZATION

3.5 Ensure no Allow Rule with Any in Destination filed present in the Firewall RulesCIS Check Point Firewall L2 v1.1.0CheckPoint

CONFIGURATION MANAGEMENT

3.6 Ensure no Allow Rule with Any in Source filed present in the Firewall RulesCIS Check Point Firewall L2 v1.1.0CheckPoint

CONFIGURATION MANAGEMENT

3.7 Ensure no Allow Rule with Any in Services filed present in the Firewall RulesCIS Check Point Firewall L2 v1.1.0CheckPoint

CONFIGURATION MANAGEMENT

3.10 Ensure Drop Out of State TCP Packets is enabledCIS Check Point Firewall L2 v1.1.0CheckPoint

SECURITY ASSESSMENT AND AUTHORIZATION

3.11 Ensure Drop Out of State ICMP Packets is enabledCIS Check Point Firewall L2 v1.1.0CheckPoint

SECURITY ASSESSMENT AND AUTHORIZATION

3.18 Ensure Allow bi-directional NAT is enabledCIS Check Point Firewall L2 v1.1.0CheckPoint

CONFIGURATION MANAGEMENT

3.19 Ensure Automatic ARP Configuration NAT is enabledCIS Check Point Firewall L2 v1.1.0CheckPoint

CONFIGURATION MANAGEMENT

3.20 Ensure Logging is enabled for Track Options of Global PropertiesCIS Check Point Firewall L1 v1.1.0CheckPoint

AUDIT AND ACCOUNTABILITY

4.7 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1MDM

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

5.3 Ensure a client list is set for SNMPv1/v2 communitiesCIS Juniper OS Benchmark v2.1.0 L1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

18.8.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

18.8.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

OL6-00-000013 - The system package management tool must cryptographically verify the authenticity of system software packages during installation.DISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

RHEL-06-000013 - The system package management tool must cryptographically verify the authenticity of system software packages during installation.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000530 - The Red Hat Enterprise Linux operating system must mount /dev/shm with the nodev option.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-07-021320 - The Red Hat Enterprise Linux operating system must use a separate file system for /var.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEL-07-030760 - The Red Hat Enterprise Linux operating system must audit all uses of the postdrop command.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

RHEL-07-040680 - The Red Hat Enterprise Linux operating system must be configured to prevent unrestricted mail relaying.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEV: Administrative RolesTenable RedHat Enterprise VirtualizationRHEV
RHEV: RolesTenable RedHat Enterprise VirtualizationRHEV
RHEV: Storage DomainsTenable RedHat Enterprise VirtualizationRHEV
RHEV: UsersTenable RedHat Enterprise VirtualizationRHEV
WPAW-00-000600 - All high-value IT resources must be assigned to a specific administrative tier to separate highly sensitive resources from less sensitive resources.DISA MS Windows Privileged Access Workstation v3r1Windows

CONFIGURATION MANAGEMENT