Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.3 Do not use development tools in productionCIS Docker 1.6 v1.0.0 L1 LinuxUnix

CONFIGURATION MANAGEMENT

1.6.4 Ensure that the seccomp profile is set to docker/default in your pod definitionsCIS Kubernetes 1.11 Benchmark v1.3.0 L2Unix
1.6.4 Ensure that the seccomp profile is set to docker/default in your pod definitionsCIS Kubernetes 1.13 Benchmark v1.4.1 L2Unix
1.6.5 Ensure that the seccomp profile is set to docker/default in your pod definitionsCIS Kubernetes 1.7.0 Benchmark v1.1.0 L2Unix
1.6.5 Ensure that the seccomp profile is set to docker/default in your pod definitionsCIS Kubernetes 1.8 Benchmark v1.2.0 L2Unix
1.7 Ensure MariaDB is Run Under a Sandbox EnvironmentCIS MariaDB 10.6 on Linux L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.7 Ensure MySQL is Run Under a Sandbox EnvironmentCIS MySQL 8.0 Community Linux OS L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.7 Ensure MySQL is Run Under a Sandbox EnvironmentCIS Oracle MySQL Community Server 8.4 v1.0.0 L2 OS LinuxUnix

SYSTEM AND COMMUNICATIONS PROTECTION

1.7 Ensure MySQL is Run Under a Sandbox EnvironmentCIS MySQL 8.0 Enterprise Linux OS L2 v1.4.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.7 Ensure MySQL is Run Under a Sandbox EnvironmentCIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL OS LinuxUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.3.3 Verify Display Sleep is set to a value larger than the Screen SaverCIS Apple OSX 10.11 El Capitan L1 v1.1.0Unix

ACCESS CONTROL

2.3.3 Verify Display Sleep is set to a value larger than the Screen SaverCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

ACCESS CONTROL

2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL

2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL

2.4 Ensure 'Protect RE' Firewall Filter includes explicit terms for all ProtocolsCIS Juniper OS Benchmark v2.1.0 L2Juniper

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2 Include TSIG key in named.conf 'TSIG key 1 permissions'CIS ISC BIND 9.0/9.5 v2.0.0Unix
3.3.2 Include TSIG key in named.conf 'TSIG key 2 permissions'CIS ISC BIND 9.0/9.5 v2.0.0Unix
3.6 Implement DNSSEC 'INCLUDE'CIS ISC BIND 9.0/9.5 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.3.2.9 Ensure mrouted is not in useCIS IBM AIX 7 v1.0.0 L2Unix

CONFIGURATION MANAGEMENT

4.5 Configure Solaris Auditing - active audit policiesCIS Solaris 11.2 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.5 Configure Solaris Auditing - active non-attributable audit flagsCIS Solaris 11.2 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.5 Configure Solaris Auditing - active user default audit flagsCIS Solaris 11.2 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.5 Configure Solaris Auditing - audit condition=auditingCIS Solaris 11.2 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.5 Configure Solaris Auditing - configured audit policiesCIS Solaris 11.2 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.5 Configure Solaris Auditing - configured non-attributable audit flagsCIS Solaris 11.2 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.5 Configure Solaris Auditing - configured user default audit flagsCIS Solaris 11.2 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.5 Configure Solaris Auditing - not_terminatedCIS Solaris 11.2 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.5 Configure Solaris Auditing - p_minfreeCIS Solaris 11.2 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.5 Configure Solaris Auditing - PluginCIS Solaris 11.2 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

4.5 Configure Solaris Auditing - userattr audit_flags rootCIS Solaris 11.2 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

5.5.1 Ensure Container-Optimized OS (cos_containerd) is used for GKE node imagesCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

CONFIGURATION MANAGEMENT

CIS FreeBSD Benchmark v1.0.5CIS FreeBSD v1.0.5Unix
CIS_Aliyun_Linux_2_L1_v1.0.0.audit from CIS Aliyun Linux 2 Benchmark v1.0.0CIS Aliyun Linux 2 L1 v1.0.0Unix
CIS_Aliyun_Linux_2_L2_v1.0.0.audit from CIS Aliyun Linux 2 Benchmark v1.0.0CIS Aliyun Linux 2 L2 v1.0.0Unix
CIS_Palo_Alto_Firewall_8_Benchmark_L2_v1.0.0.audit from CIS Palo Alto Firewall 8 Benchmark v1.0.0CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0Palo_Alto
CIS_Palo_Alto_Firewall_9_Benchmark_v1.1.0_L1.audit from CIS Palo Alto Firewall 9 Benchmark v1.1.0CIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto
CIS_Palo_Alto_Firewall_9_Benchmark_v1.1.0_L2.audit from CIS Palo Alto Firewall 9 Benchmark v1.1.0CIS Palo Alto Firewall 9 v1.1.0 L2Palo_Alto
CIS_Palo_Alto_Firewall_10_Benchmark_v1.2.0_L1.audit from CIS Palo Alto Firewall 10 Benchmark v1.2.0CIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto
CIS_Palo_Alto_Firewall_10_Benchmark_v1.2.0_L2.audit from CIS Palo Alto Firewall 10 Benchmark v1.2.0CIS Palo Alto Firewall 10 v1.2.0 L2Palo_Alto
CIS_Palo_Alto_Firewall_11_Benchmark_v1.1.0_L1.audit from CIS Palo Alto Firewall 11 Benchmark v1.1.0CIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto
CIS_Palo_Alto_Firewall_11_Benchmark_v1.1.0_L2.audit from CIS Palo Alto Firewall 11 Benchmark v1.1.0CIS Palo Alto Firewall 11 v1.1.0 L2Palo_Alto
DKER-EE-002070 - The Docker Enterprise default seccomp profile must not be disabled.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-002160 - Docker Enterprise incoming container traffic must be bound to a specific host interface.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-002970 - The Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP).DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2Unix

ACCESS CONTROL

DKER-EE-005060 - Docker Swarm must have the minimum number of manager nodes.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-005070 - Docker Enterprise Swarm manager auto-lock key must be rotated periodically.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-005180 - Docker Enterprise docker.service file permissions must be set to 644 or more restrictive.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-006280 - Docker Enterprise Universal Control Plane (UCP) must be configured to use TLS 1.2.DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2Unix

ACCESS CONTROL