Item Search

Name	Audit Name	Plugin	Category
1.1.5 Ensure 'Password Policy' is enabled	CIS Cisco ASA 9.x Firewall L1 v1.1.0	Cisco	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
1.10 Do not create access keys during initial setup for IAM users with a console password	CIS Amazon Web Services Foundations v5.0.0 L1	amazon_aws	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
2.7 Ensure that a unique Certificate Authority is used for etcd	CIS Kubernetes v1.10.0 L2 Master	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
2.7 Ensure that a unique Certificate Authority is used for etcd	CIS Kubernetes v1.23 Benchmark v1.0.1 L2 Master	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
2.7 Ensure that a unique Certificate Authority is used for etcd	CIS Kubernetes v1.24 Benchmark v1.0.0 L2 Master	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
2.7 Ensure that a unique Certificate Authority is used for etcd	CIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
5.3.1 (L2) Ensure 'Privileged Identity Management' is used to manage roles	CIS Microsoft 365 Foundations v5.0.0 L2 E5	microsoft_azure	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
5.3.4 (L1) Ensure approval is required for Global Administrator role activation	CIS Microsoft 365 Foundations v5.0.0 L1 E5	microsoft_azure	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
5.3.5 (L1) Ensure approval is required for Privileged Role Administrator activation	CIS Microsoft 365 Foundations v5.0.0 L1 E5	microsoft_azure	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
6.2.15 Ensure all groups in /etc/passwd exist in /etc/group	CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
6.2.15 Ensure all groups in /etc/passwd exist in /etc/group	CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
6.2.15 Ensure all groups in /etc/passwd exist in /etc/group	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
6.12 Ensure that 'User consent for applications' is set to 'Do not allow user consent'	CIS Microsoft Azure Foundations v4.0.0 L1	microsoft_azure	ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION
6.16 Ensure that 'Guest invite restrictions' is set to 'Only users assigned to specific admin roles can invite guest users'	CIS Microsoft Azure Foundations v4.0.0 L2	microsoft_azure	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION
6.25 Ensure that 'Subscription leaving Microsoft Entra tenant' and 'Subscription entering Microsoft Entra tenant' is set to 'Permit no one'	CIS Microsoft Azure Foundations v4.0.0 L2	microsoft_azure	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION
17.5.4 (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION
17.5.4 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION
Big Sur - Disable Accounts after 35 Days of Inactivity	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
Big Sur - Disable Accounts after 35 Days of Inactivity	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
Big Sur - Disable Accounts after 35 Days of Inactivity	NIST macOS Big Sur v1.4.0 - 800-53r4 High	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
Big Sur - Disable Accounts after 35 Days of Inactivity	NIST macOS Big Sur v1.4.0 - 800-53r4 Low	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
Big Sur - Disable Accounts after 35 Days of Inactivity	NIST macOS Big Sur v1.4.0 - 800-53r5 High	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
Catalina - Disable Accounts after 35 Days of Inactivity	NIST macOS Catalina v1.5.0 - 800-171	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
Catalina - Disable Accounts after 35 Days of Inactivity	NIST macOS Catalina v1.5.0 - All Profiles	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
Catalina - Disable Accounts after 35 Days of Inactivity	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
Catalina - Disable Accounts after 35 Days of Inactivity	NIST macOS Catalina v1.5.0 - 800-53r4 Low	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
Catalina - Disable Accounts after 35 Days of Inactivity	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
F5BI-DM-000227 - The BIG-IP appliance must be configured to dynamically manage user accounts.	DISA F5 BIG-IP Device Management STIG v2r4	F5	CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION
Monterey - Disable Accounts after 35 Days of Inactivity	NIST macOS Monterey v1.0.0 - 800-53r4 High	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
Monterey - Disable Accounts after 35 Days of Inactivity	NIST macOS Monterey v1.0.0 - 800-53r5 High	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
Monterey - Disable Accounts after 35 Days of Inactivity	NIST macOS Monterey v1.0.0 - 800-53r5 Moderate	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
Monterey - Disable Accounts after 35 Days of Inactivity	NIST macOS Monterey v1.0.0 - 800-53r4 Moderate	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
MS.AAD.1.1v1 - Legacy authentication SHALL be blocked.	CISA SCuBA Microsoft 365 Entra ID v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.AAD.3.2v1 - If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users.	CISA SCuBA Microsoft 365 Entra ID v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY
MS.AAD.3.3v1 - If phishing-resistant MFA has not been enforced and Microsoft Authenticator is enabled, it SHALL be configured to show login context information.	CISA SCuBA Microsoft 365 Entra ID v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY
MS.DEFENDER.4.1v2 - A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked.	CISA SCuBA Microsoft 365 Defender v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.EXO.4.3v1 - The DMARC point of contact for aggregate reports SHALL include `[email protected]`.	CISA SCuBA Microsoft 365 Exchange Online v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
MS.EXO.4.4v1 - An agency point of contact SHOULD be included for aggregate and failure reports.	CISA SCuBA Microsoft 365 Exchange Online v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
MS.EXO.16.1v1 - At a minimum, the following alerts SHALL be enabled:	CISA SCuBA Microsoft 365 Exchange Online v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.SHAREPOINT.1.1v1 - External sharing for SharePoint SHALL be limited to Existing guests or Only people in your organization.	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.SHAREPOINT.1.2v1 - External sharing for OneDrive SHALL be limited to Existing guests or Only people in your organization.	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.SHAREPOINT.1.4v1 - Guest access SHALL be limited to the email the invitation was sent to.	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.TEAMS.5.2v1 - Agencies SHOULD only allow installation of third-party apps approved by the agency.	CISA SCuBA Microsoft 365 Teams v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND INFORMATION INTEGRITY
MS.TEAMS.5.3v1 - Agencies SHOULD only allow installation of custom apps approved by the agency.	CISA SCuBA Microsoft 365 Teams v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND INFORMATION INTEGRITY
MS.TEAMS.6.1v1 - A DLP solution SHALL be enabled. The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft.	CISA SCuBA Microsoft 365 Teams v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.TEAMS.6.2v1 - The DLP solution SHALL protect personally identifiable information (PII)	CISA SCuBA Microsoft 365 Teams v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

Detections

Analytics

Item Search