Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.16 Ensure that the --secure-port argument is not set to 0CIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.3.5 Ensure that the --root-ca-file argument is set as appropriateCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.1 Ensure system wide crypto policy is not set to legacyCIS Red Hat Enterprise Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure system wide crypto policy is not set in sshd configurationCIS Red Hat Enterprise Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure system wide crypto policy is not set in sshd configurationCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure system wide crypto policy is not set in sshd configurationCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure system wide crypto policy disables sha1 hash and signature supportCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.4 Ensure system wide crypto policy disables macs less than 128 bitsCIS Red Hat Enterprise Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.5 Ensure system wide crypto policy disables cbc for sshCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.6 Ensure system wide crypto policy disables chacha20-poly1305 for sshCIS Red Hat Enterprise Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.6 Ensure system wide crypto policy disables chacha20-poly1305 for sshCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.10.1 (L1) Ensure 'Allow Basic authentication for HTTP' is set to 'Disabled'CIS Microsoft Edge v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.7 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.9 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.6.1 Ensure 'VPN' is 'Configured'MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1MDM

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Require Client-Side Certificates (X.509)CIS MariaDB 10.6 Database L2 v1.1.0MySQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Specify Secure Remote Shell Command (DB2RSHCMD)CIS IBM DB2 11 v1.1.0 Windows OS Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.6.1 Ensure 'VPN' is 'Configured'AirWatch - CIS Apple iOS 17 Institution Owned L1MDM

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.6.1 Ensure 'VPN' is 'Configured'MobileIron - CIS Apple iOS 17 Institution Owned L1MDM

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.10 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certCIS Kubernetes v1.20 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.11 Ensure that the --rotate-certificates argument is not set to falseCIS Kubernetes v1.23 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.4 Ensure sshd Ciphers are configuredCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.4 Ensure sshd Ciphers are configuredCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.5 Ensure sshd KexAlgorithms is configuredCIS SUSE Linux Enterprise 15 v2.0.1 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.5 Ensure sshd KexAlgorithms is configuredCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.10 DB2AUTH Registry VariableCIS IBM DB2 11 v1.1.0 Linux OS Level 1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.1 Ensure bidirectional CHAP authentication for iSCSI traffic is enabledCIS VMware ESXi 6.7 v1.3.0 Level 1VMware

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databasesCIS SQL Server 2016 Database L1 AWS RDS v1.4.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databasesCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databasesCIS SQL Server 2022 Database L1 AWS RDS v1.1.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS SQL Server 2022 Database L1 AWS RDS v1.1.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure Database Backups are EncryptedCIS SQL Server 2022 Database L2 DB v1.1.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1.10 Enable TLS Communication Between HADR Primary and Standby Instances (HADR_SSL_LABEL)CIS IBM DB2 11 v1.1.0 Linux OS Level 1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1.10 Enable TLS Communication Between HADR Primary and Standby Instances (HADR_SSL_LABEL)CIS IBM DB2 11 v1.1.0 Windows OS Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.1 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.2 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.57.3.9.4 (L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.57.3.9.5 (L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

GEN003830 - The rlogind service must not be running.DISA STIG AIX 6.1 v1r14Unix

ACCESS CONTROL

GEN005507 - The SSH daemon must only use message authentication codes (MACs) that employ FIPS 140-2 cryptographic hash algorithms.DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

ACCESS CONTROL

GEN005510 - The SSH client must be configured to only use FIPS 140-2 approved ciphers.DISA STIG AIX 6.1 v1r14Unix

ACCESS CONTROL

GEN005510 - The SSH client must be configured to only use FIPS 140-2 approved ciphers.DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

ACCESS CONTROL

GEN007980 - If using LDAP for auth or account information, must use a TLS connection using FIPS 140-2 algorithms - 'ssl start_tls'DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

ACCESS CONTROL