Item Search

NameAudit NamePluginCategory
2.6.7 Monitor Location Services Access - evaluate applicationCIS Apple macOS 10.12 L2 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

3.1 Ensure that an account-level network policy has been configured to only allow access from trusted IP addressesCIS Snowflake Foundations v1.0.0 L2Snowflake

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.3.5 Ensure events that modify the system's network environment are collectedCIS CentOS Linux 8 Server L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.3.5 Ensure events that modify the system's network environment are collectedCIS CentOS Linux 8 Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.2 Enable "Show Wi-Fi status in menu bar"CIS Apple OSX 10.9 L1 v1.3.0Unix

CONFIGURATION MANAGEMENT

4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1MDM
4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1MDM

SYSTEM AND INFORMATION INTEGRITY

4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1MDM

SYSTEM AND INFORMATION INTEGRITY

4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1MDM
4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1MDM
4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1MDM
4.3.8 Ensure nftables default deny firewall policyCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3.8 Ensure nftables default deny firewall policyCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3.8 Ensure nftables default deny firewall policyCIS Debian Linux 12 v1.1.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.7 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'MobileIron - CIS Apple iOS 17 Institution Owned L1MDM

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

5.2.3.5 Ensure events that modify the system's network environment are collectedCIS Red Hat Enterprise Linux 7 v4.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.2.3.5 Ensure events that modify the system's network environment are collectedCIS Oracle Linux 7 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.2.3.5 Ensure events that modify the system's network environment are collectedCIS Oracle Linux 8 Workstation L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.5 Ensure events that modify the system's network environment are collectedCIS AlmaLinux OS 8 Workstation L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.5 Ensure events that modify the system's network environment are collectedCIS CentOS Linux 7 v4.0.0 L2 WorkstationUnix

AUDIT AND ACCOUNTABILITY

5.2.3.5 Ensure events that modify the system's network environment are collectedCIS Rocky Linux 8 Workstation L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.5 Ensure events that modify the system's network environment are collectedCIS Amazon Linux 2 v3.0.0 L2Unix

AUDIT AND ACCOUNTABILITY

5.2.3.5 Ensure events that modify the system's network environment are collectedCIS Red Hat EL8 Server L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.5 Ensure events that modify the system's network environment are collectedCIS Oracle Linux 8 Server L2 v3.0.0Unix

AUDIT AND ACCOUNTABILITY

5.2.3.5 Ensure events that modify the system's network environment are collectedCIS Rocky Linux 8 Server L2 v2.0.0Unix

AUDIT AND ACCOUNTABILITY

6.3.3.5 Ensure events that modify the system's network environment are collectedCIS Rocky Linux 9 v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

11.02 AMM - 'Monitor AMM'CIS v1.1.0 Oracle 11g OS Windows Level 1Windows
18.9.7.1.2 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes'CIS Microsoft Windows 10 Enterprise v4.0.0 BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.7.1.9 (L1) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

AIOS-16-707400 - The Apple iOS/iPadOS 16 allow list must be configured to not include applications with the following characteristics:AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1MDM

CONFIGURATION MANAGEMENT

AIOS-16-707400 - The Apple iOS/iPadOS 16 allow list must be configured to not include applications with the following characteristics:MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1MDM

CONFIGURATION MANAGEMENT

AIOS-17-707400 - Apple iOS/iPadOS 17 allow list must be configured to not include applications with the following characteristics:AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1MDM

CONFIGURATION MANAGEMENT

DTAVSEL-007 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find potentially unwanted programs.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5Unix

SYSTEM AND INFORMATION INTEGRITY

GEN000950 - The root account's list of preloaded libraries must be empty.DISA STIG AIX 5.3 v1r2Unix

CONFIGURATION MANAGEMENT

GEN000950 - The root account's list of preloaded libraries must be empty.DISA STIG AIX 6.1 v1r14Unix

CONFIGURATION MANAGEMENT

GEN000950 - The root account's list of preloaded libraries must be empty.DISA STIG Solaris 10 X86 v2r4Unix

CONFIGURATION MANAGEMENT

GEN000950-ESXI5-444 - The root accounts list of preloaded libraries must be empty.DISA STIG VMWare ESXi Server 5 STIG v2r1VMware

CONFIGURATION MANAGEMENT

Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClassesMSCT Windows 11 v1.0.0Windows

MEDIA PROTECTION

Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClassesRetroactiveMSCT Windows 11 v1.0.0Windows

MEDIA PROTECTION

RHEL-07-030580 - The Red Hat Enterprise Linux operating system must audit all uses of the chcon command.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

RHEL-07-030660 - The Red Hat Enterprise Linux operating system must audit all uses of the chage command.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

RHEL-07-030770 - The Red Hat Enterprise Linux operating system must audit all uses of the postqueue command.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

RHEL-07-041003 - The Red Hat Enterprise Linux operating system must implement certificate status checking for PKI authentication.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

IDENTIFICATION AND AUTHENTICATION

SOL-11.1-040260 - The default umask for FTP users must be 077.DISA STIG Solaris 11 SPARC v3r1Unix

CONFIGURATION MANAGEMENT

SPLK-CL-000160 - Splunk Enterprise must be configured to send an immediate alert to the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity - at a minimum when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity.DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST APISplunk

AUDIT AND ACCOUNTABILITY

vCenter : monitor-admin-assignmentVMWare vSphere 5.X Hardening GuideVMware