Item Search

NameAudit NamePluginCategory
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessCIS Oracle Server 18c DB Traditional Auditing v1.1.0OracleDB

ACCESS CONTROL

2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessCIS Oracle Server 18c DB Unified Auditing v1.1.0OracleDB

ACCESS CONTROL

2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessCIS Oracle Server 12c DB Traditional Auditing v3.0.0OracleDB

ACCESS CONTROL

2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessCIS Oracle Server 12c DB Unified Auditing v3.0.0OracleDB

ACCESS CONTROL

3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'CIS Oracle Server 18c DB Unified Auditing v1.1.0OracleDB

ACCESS CONTROL

3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'CIS Oracle Server 12c DB Unified Auditing v3.0.0OracleDB

ACCESS CONTROL

3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'CIS Oracle Server 12c DB Traditional Auditing v3.0.0OracleDB

ACCESS CONTROL

3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'CIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

ACCESS CONTROL

3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'CIS Oracle Server 12c DB Traditional Auditing v3.0.0OracleDB

ACCESS CONTROL

3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'CIS Oracle Server 12c DB Unified Auditing v3.0.0OracleDB

ACCESS CONTROL

3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'CIS Oracle Server 18c DB Traditional Auditing v1.1.0OracleDB

ACCESS CONTROL

3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'CIS Oracle Server 18c DB Unified Auditing v1.1.0OracleDB

ACCESS CONTROL

3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'CIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

ACCESS CONTROL

3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'CIS Oracle Server 18c DB Traditional Auditing v1.1.0OracleDB

ACCESS CONTROL

3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'CIS Oracle Server 18c DB Unified Auditing v1.1.0OracleDB

ACCESS CONTROL

3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'CIS Oracle Server 12c DB Traditional Auditing v3.0.0OracleDB

ACCESS CONTROL

3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'CIS Oracle Server 12c DB Unified Auditing v3.0.0OracleDB

ACCESS CONTROL

3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'CIS Oracle Server 18c DB Unified Auditing v1.1.0OracleDB

ACCESS CONTROL

3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL

4.4.1 Ensure custom authselect profile is usedCIS Amazon Linux 2023 Server L1 v1.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

4.4.2.1 Ensure active authselect profile includes pam modulesCIS Rocky Linux 8 Server L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

4.4.2.1 Ensure active authselect profile includes pam modulesCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

4.4.2.1 Ensure active authselect profile includes pam modulesCIS Red Hat EL8 Server L1 v3.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

4.4.2.1 Ensure active authselect profile includes pam modulesCIS Rocky Linux 8 Workstation L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

4.4.2.1 Ensure active authselect profile includes pam modulesCIS Oracle Linux 8 Workstation L1 v3.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

4.4.2.1 Ensure active authselect profile includes pam modulesCIS Red Hat EL8 Workstation L1 v3.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

5.2.1 Ensure Password Account Lockout Threshold Is ConfiguredCIS Apple macOS 11.0 Big Sur v4.0.0 L1Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configuredCIS Debian 9 Workstation L1 v1.0.1Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configured - account pam_tally2.soCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configured - account pam_tally2.soCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configured - account pam_tally2.soCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configured - auth pam_tally2.soCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configured - pam_tally2.soCIS Debian Family Workstation L1 v1.0.0Unix

ACCESS CONTROL

5.3.2 Lockout for failed password attempts - 'auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900'CIS Distribution Independent Linux Workstation L1 v2.0.0Unix

ACCESS CONTROL

5.3.2 Lockout for failed password attempts - 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900'CIS Distribution Independent Linux Workstation L1 v2.0.0Unix

ACCESS CONTROL

5.3.2 Lockout for failed password attempts - 'auth required pam_tally2.so onerr=fail audit silent deny=5 unlock_time=900'CIS Distribution Independent Linux Workstation L1 v2.0.0Unix

ACCESS CONTROL

5.3.2 Lockout for failed password attempts - 'auth sufficient pam_unix.so'CIS Distribution Independent Linux Workstation L1 v2.0.0Unix

ACCESS CONTROL

5.3.2 Lockout for failed password attempts - password-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900'CIS Distribution Independent Linux Workstation L1 v2.0.0Unix

ACCESS CONTROL

5.3.2.1 Ensure active authselect profile includes pam modulesCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

5.3.2.1 Ensure active authselect profile includes pam modulesCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

5.3.2.1 Ensure active authselect profile includes pam modulesCIS Red Hat Enterprise Linux 9 v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

5.3.2.1 Ensure active authselect profile includes pam modulesCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

5.3.2.1 Ensure active authselect profile includes pam modulesCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

5.4.1 Ensure custom authselect profile is usedCIS CentOS Linux 8 Server L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

5.4.1 Ensure custom authselect profile is usedCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

5.4.1 Ensure custom authselect profile is usedCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

6.3.2 Set Lockout for Failed Password Attempts - auth required pam_tally2.so deny=5 onerr=failCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

ACCESS CONTROL

6.3.3 Use pam_deny.so to Deny Services - auth requisite pam_deny.so /etc/pam.d/sshdCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

ACCESS CONTROL

7.3 Disable the dnssec-accept-expired OptionCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

ACCESS CONTROL

7.3 Disable the dnssec-accept-expired OptionCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

ACCESS CONTROL