Detections
Analytics

Item Search

NameAudit NamePluginCategory
F5BI-DM-000263 - The BIG-IP appliance must be configured to use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B.DISA F5 BIG-IP Device Management STIG v2r4F5

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

GEN006480 - The system must have a host-based intrusion detection tool installed.DISA STIG for Oracle Linux 5 v2r1Unix

SYSTEM AND INFORMATION INTEGRITY

MS.AAD.3.1v1 - Phishing-resistant MFA SHALL be enforced for all users.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.5.3v1 - An admin consent workflow SHALL be configured for applications.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.5.4v1 - Group owners SHALL NOT be allowed to consent to applications.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.7.1v1 - A minimum of two users and a maximum of eight users SHALL be provisioned with the Global Administrator role.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.7.4v1 - Permanent active role assignments SHALL NOT be allowed for highly privileged roles.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.7.6v1 - Activation of the Global Administrator role SHALL require approval.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.7.7v1 - Eligible and Active highly privileged role assignments SHALL trigger an alert.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.7.8v1 - User activation of the Global Administrator role SHALL trigger an alert.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.7.9v1 - User activation of other highly privileged roles SHOULD trigger an alert.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.8.2v1 - Only users with the Guest Inviter role SHOULD be able to invite guest users.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

MS.AAD.8.3v1 - Guest invites SHOULD only be allowed to specific external domains that have been authorized by the agency for legitimate business purposes.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.1.1v1 - The standard and strict preset security policies SHALL be enabled.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.1.2v1 - All users SHALL be added to Exchange Online Protection (EOP) in either the standard or strict preset security policy.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.1.3v1 - All users SHALL be added to Defender for Office 365 protection in either the standard or strict preset security policy.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.1.4v1 - Sensitive accounts SHALL be added to Exchange Online Protection in the strict preset security policy.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.1.5v1 - Sensitive accounts SHALL be added to Defender for Office 365 protection in the strict preset security policy.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.2.1v1 - User impersonation protection SHOULD be enabled for sensitive accounts in both the standard and strict preset policies.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.2.2v1 - Domain impersonation protection SHOULD be enabled for domains owned by the agency in both the standard and strict preset policies.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.DEFENDER.2.3v1 - Domain impersonation protection SHOULD be added for important partners in both the standard and strict preset policies.CISA SCuBA Microsoft 365 Defender v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.2.2v2 - An SPF policy SHALL be published for each domain that fails all non-approved senders.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.3.1v1 - DKIM SHOULD be enabled for all domains.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.4.1v1 - A DMARC policy SHALL be published for every second-level domain.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.4.2v1 - The DMARC message rejection option SHALL be p=reject.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.7.1v1 - External sender warnings SHALL be implemented.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.9.1v2 - Emails SHALL be filtered by attachment file types.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.9.3v2 - Disallowed file types SHALL be determined and enforced.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.9.4v1 - Alternatively chosen filtering solutions SHOULD offer services comparable to Microsoft Defender's Common Attachment Filter.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.9.5v1 - At a minimum, click-to-run files SHOULD be blocked (e.g., .exe, .cmd, and .vbe).CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.10.1v1 - Emails SHALL be scanned for malware.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.10.2v1 - Emails identified as containing malware SHALL be quarantined or dropped.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.10.3v1 - Email scanning SHALL be capable of reviewing emails after delivery.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.11.1v1 - Impersonation protection checks SHOULD be used.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.11.2v1 - User warnings, comparable to the user safety tips included with EOP, SHOULD be displayed.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.11.3v1 - The phishing protection solution SHOULD include an AI-based phishing detection tool comparable to EOP Mailbox Intelligence.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.14.1v2 - A spam filter SHALL be enabled.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.14.2v1 - Spam and high confidence spam SHALL be moved to either the junk email folder or the quarantine folder.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.14.3v1 - Allowed domains SHALL NOT be added to inbound anti-spam protection policies.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.14.4v1 - If a third-party party filtering solution is used, the solution SHOULD offer services comparable to the native spam filtering offered by Microsoft.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.15.1v1 - URL comparison with a block-list SHOULD be enabled.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.15.2v1 - Direct download links SHOULD be scanned for malware.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.15.3v1 - User click tracking SHOULD be enabled.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.TEAMS.2.2v1 - Unmanaged users SHALL NOT be enabled to initiate contact with internal users.CISA SCuBA Microsoft 365 Teams v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.TEAMS.2.3v1 - Internal users SHOULD NOT be enabled to initiate contact with unmanaged users.CISA SCuBA Microsoft 365 Teams v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.TEAMS.4.1v1 - Teams email integration SHALL be disabled.CISA SCuBA Microsoft 365 Teams v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.TEAMS.7.1v1 - Attachments included with Teams messages SHOULD be scanned for malware.CISA SCuBA Microsoft 365 Teams v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.TEAMS.7.2v1 - Users SHOULD be prevented from opening or downloading files detected as malware.CISA SCuBA Microsoft 365 Teams v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

PANW-NM-000131 - The Palo Alto Networks security platform must use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW CJCSM 6510.01B.DISA STIG Palo Alto NDM v3r3Palo_Alto

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

RHEL-07-020019 - The Red Hat Enterprise Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY