2.6.7 Monitor Location Services Access - evaluate application | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.1 Ensure that an account-level network policy has been configured to only allow access from trusted IP addresses | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
4.1.3.5 Ensure events that modify the system's network environment are collected | CIS CentOS Linux 8 Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.3.5 Ensure events that modify the system's network environment are collected | CIS CentOS Linux 8 Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.2 Enable "Show Wi-Fi status in menu bar" | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | |
4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | SYSTEM AND INFORMATION INTEGRITY |
4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | SYSTEM AND INFORMATION INTEGRITY |
4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | |
4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | |
4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | |
4.3.8 Ensure nftables default deny firewall policy | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
4.3.8 Ensure nftables default deny firewall policy | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
4.3.8 Ensure nftables default deny firewall policy | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
4.7 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
5.2.3.5 Ensure events that modify the system's network environment are collected | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.5 Ensure events that modify the system's network environment are collected | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.5 Ensure events that modify the system's network environment are collected | CIS Oracle Linux 8 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.5 Ensure events that modify the system's network environment are collected | CIS AlmaLinux OS 8 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.5 Ensure events that modify the system's network environment are collected | CIS CentOS Linux 7 v4.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.5 Ensure events that modify the system's network environment are collected | CIS Rocky Linux 8 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.5 Ensure events that modify the system's network environment are collected | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.5 Ensure events that modify the system's network environment are collected | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.5 Ensure events that modify the system's network environment are collected | CIS Oracle Linux 8 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.5 Ensure events that modify the system's network environment are collected | CIS Rocky Linux 8 Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
6.3.3.5 Ensure events that modify the system's network environment are collected | CIS Rocky Linux 9 v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
11.02 AMM - 'Monitor AMM' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
18.9.7.1.2 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
18.9.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
18.9.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
18.9.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
18.9.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
18.9.7.1.9 (L1) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
AIOS-16-707400 - The Apple iOS/iPadOS 16 allow list must be configured to not include applications with the following characteristics: | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | CONFIGURATION MANAGEMENT |
AIOS-16-707400 - The Apple iOS/iPadOS 16 allow list must be configured to not include applications with the following characteristics: | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1 | MDM | CONFIGURATION MANAGEMENT |
AIOS-17-707400 - Apple iOS/iPadOS 17 allow list must be configured to not include applications with the following characteristics: | AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1 | MDM | CONFIGURATION MANAGEMENT |
DTAVSEL-007 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find potentially unwanted programs. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
GEN000950 - The root account's list of preloaded libraries must be empty. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
GEN000950 - The root account's list of preloaded libraries must be empty. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
GEN000950 - The root account's list of preloaded libraries must be empty. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
GEN000950-ESXI5-444 - The root accounts list of preloaded libraries must be empty. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClasses | MSCT Windows 11 v1.0.0 | Windows | MEDIA PROTECTION |
Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClassesRetroactive | MSCT Windows 11 v1.0.0 | Windows | MEDIA PROTECTION |
RHEL-07-030580 - The Red Hat Enterprise Linux operating system must audit all uses of the chcon command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
RHEL-07-030660 - The Red Hat Enterprise Linux operating system must audit all uses of the chage command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
RHEL-07-030770 - The Red Hat Enterprise Linux operating system must audit all uses of the postqueue command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
RHEL-07-041003 - The Red Hat Enterprise Linux operating system must implement certificate status checking for PKI authentication. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
SOL-11.1-040260 - The default umask for FTP users must be 077. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
SPLK-CL-000160 - Splunk Enterprise must be configured to send an immediate alert to the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity - at a minimum when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity. | DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST API | Splunk | AUDIT AND ACCOUNTABILITY |
vCenter : monitor-admin-assignment | VMWare vSphere 5.X Hardening Guide | VMware | |