Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.5.5 (L1) Ensure 'Locked' is set to 'Enabled'CIS Mozilla Firefox ESR GPO v1.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

1.18 Ensure that all expired SSL/TLS certificates stored in AWS IAM are removedCIS Amazon Web Services Foundations v5.0.0 L1amazon_aws

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

2.1.3 Ensure all data in Amazon S3 has been discovered, classified, and secured when necessaryCIS Amazon Web Services Foundations v5.0.0 L2amazon_aws

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

3.2.1 (L1) Ensure DLP policies are enabledCIS Microsoft 365 Foundations v5.0.0 L1 E5microsoft_azure

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

3.2.1 (L1) Ensure DLP policies are enabledCIS Microsoft 365 Foundations v5.0.0 L1 E3microsoft_azure

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

3.2.2 (L1) Ensure DLP policies are enabled for Microsoft TeamsCIS Microsoft 365 Foundations v5.0.0 L1 E5microsoft_azure

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

3.2.11 Establish retention set size for backups - 'num_db_backups <= 100'CIS IBM DB2 OS L2 v1.2.0Unix

CONTINGENCY PLANNING, SYSTEM AND INFORMATION INTEGRITY

4.4 Ensure that the MIN_DATA_RETENTION_TIME_IN_DAYS account parameter is set to 7 or higherCIS Snowflake Foundations v1.0.0 L2Snowflake

AUDIT AND ACCOUNTABILITY, CONTINGENCY PLANNING, SYSTEM AND INFORMATION INTEGRITY

4.8 Ensure that the PREVENT_UNLOAD_TO_INLINE_URL account parameter is set to trueCIS Snowflake Foundations v1.0.0 L1Snowflake

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION, SYSTEM AND INFORMATION INTEGRITY

4.11.36.4.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Intune for Windows 10 v4.0.0 L1Windows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

4.11.36.4.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Intune for Windows 11 v4.0.0 L1Windows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

7.4 Ensure all data in BigQuery has been classifiedCIS Google Cloud Platform v3.0.0 L2GCP

AUDIT AND ACCOUNTABILITY, RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

8.6.1 (L2) Ensure nonpersistent disks are limitedCIS VMware ESXi 7.0 v1.4.0 L2VMware

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND INFORMATION INTEGRITY

8.6.1 Ensure nonpersistent disks are limitedCIS VMware ESXi 6.7 v1.3.0 Level 2VMware

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND INFORMATION INTEGRITY

9.3.1 Ensure that the Expiration Date is set for all Keys in RBAC Key VaultsCIS Microsoft Azure Foundations v4.0.0 L1microsoft_azure

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

9.3.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults.CIS Microsoft Azure Foundations v4.0.0 L1microsoft_azure

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

9.3.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key VaultsCIS Microsoft Azure Foundations v4.0.0 L1microsoft_azure

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

9.3.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key VaultsCIS Microsoft Azure Foundations v4.0.0 L1microsoft_azure

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NGWindows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

18.10.57.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

18.10.57.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1Windows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

18.10.57.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

18.10.57.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

18.10.57.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

18.10.57.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1Windows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

18.10.57.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

18.10.57.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.4.1v2 - A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.4.2v1 - The custom policy SHOULD be applied to Exchange, OneDrive, SharePoint, Teams chat, and Devices.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.4.3v1 - The action for the custom policy SHOULD be set to block sharing sensitive information with everyone.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.4.6v1 - The custom policy SHOULD include an action to block access to sensitiveCISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.6.2v1 - Microsoft Purview Audit (Premium) logging SHALL be enabled for ALL users.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.6.3v1 - Audit logs SHALL be maintained for at least the minimum duration dictated by OMB M-21-31.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.8.1v2 - A DLP solution SHALL be used.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.8.3v1 - The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.8.4v1 - At a minimum, the DLP solution SHALL restrict sharing credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) via email.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.13.1v1 - Mailbox auditing SHALL be enabled.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, INCIDENT RESPONSE, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.1.2v1 - External sharing for OneDrive SHALL be limited to Existing guests or Only people in your organization.CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.1.3v1 - External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs.CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.1.4v1 - Guest access SHALL be limited to the email the invitation was sent to.CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.2.2v1 - File and folder default sharing permissions SHALL be set to View.CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.3.1v1 - Expiration days for Anyone links SHALL be set to 30 days or less.CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.3.2v1 - The allowable file and folder permissions for links SHALL be set to View only.CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.SHAREPOINT.3.3v1 - Reauthentication days for people who use a verification code SHALL be set to 30 days or less.CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.TEAMS.6.1v1 - A DLP solution SHALL be enabled. The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft.CISA SCuBA Microsoft 365 Teams v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.TEAMS.6.2v1 - The DLP solution SHALL protect personally identifiable information (PII)CISA SCuBA Microsoft 365 Teams v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY