Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1 Secure Login and Telnet Disabling - Enable SSH serverTenable ZTE ROSNGZTE_ROSNG

CONFIGURATION MANAGEMENT

1.2 Password Security Policy - a) The default password length shouldn't be below 8 charactersTenable ZTE ROSNGZTE_ROSNG

IDENTIFICATION AND AUTHENTICATION

1.2 Password Security Policy - e) Check for strong-password max-lengthTenable ZTE ROSNGZTE_ROSNG

IDENTIFICATION AND AUTHENTICATION

1.2.2.1 Configure 'Point and Print Restrictions'CIS Windows 8 L1 v1.0.0Windows

CONFIGURATION MANAGEMENT

1.5 FTP/SFTP Access Authorization - login-type-allowedTenable ZTE ROSNGZTE_ROSNG

CONFIGURATION MANAGEMENT

3.1 Authentication and Verification of OSPF Routing Protocols - message-digest-keyTenable ZTE ROSNGZTE_ROSNG

IDENTIFICATION AND AUTHENTICATION

3.2 Authentication and Verification of ISIS Routing Protocols - authentication-type hmac-md5Tenable ZTE ROSNGZTE_ROSNG

IDENTIFICATION AND AUTHENTICATION

4.2.1.5 Ensure rsyslog is not configured to receive logs from a remote clientCIS Debian 9 Server L1 v1.0.1Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.2.1.7 Ensure rsyslog is not configured to receive logs from a remote clientCIS Debian Family Workstation L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

5.6.1 Enable Customer-Managed Encryption Keys (CMEK) for GKE Persistent Disks (PD)CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2GCP

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.10.5 Enable Security PostureCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

CONFIGURATION MANAGEMENT

6.1.2.1.2 Ensure systemd-journal-upload authentication is configuredCIS Debian Linux 12 v1.1.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.1.2.1.2 Ensure systemd-journal-upload authentication is configuredCIS Debian Linux 12 v1.1.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.1.2.1.3 Ensure systemd-journal-upload is enabled and activeCIS Debian Linux 12 v1.1.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.1.2.1.3 Ensure systemd-journal-upload is enabled and activeCIS Debian Linux 12 v1.1.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.2 Ensure systemd-journal-upload authentication is configuredCIS Red Hat Enterprise Linux 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.2 Ensure systemd-journal-upload authentication is configuredCIS Red Hat Enterprise Linux 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.3 Ensure systemd-journal-upload is enabled and activeCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.3 Ensure systemd-journal-upload is enabled and activeCIS Red Hat Enterprise Linux 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.3 Ensure systemd-journal-upload is enabled and activeCIS SUSE Linux Enterprise 15 v2.0.1 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.3 Ensure systemd-journal-upload is enabled and activeCIS SUSE Linux Enterprise 15 v2.0.1 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.3 Ensure systemd-journal-upload is enabled and activeCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.3 Ensure systemd-journal-upload is enabled and activeCIS Red Hat Enterprise Linux 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.3 Ensure systemd-journal-upload is enabled and activeCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

6.2.2.1.3 Ensure systemd-journal-upload is enabled and activeCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

18.5.8.1 Ensure 'Enable insecure guest logons' is set to 'Disabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT

DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker pathsDISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker servicesDISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

DKER-EE-001840 - Experimental features in the Docker Engine - Enterprise component of Docker Enterprise must be disabled.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-004040 - The Docker Enterprise default ulimit must not be overwritten at runtime unless approved in the System Security Plan (SSP).DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-004130 - Docker Enterprise older Universal Control Plane (UCP) and Docker Trusted Registry (DTR) images must be removed from all cluster nodes upon upgrading.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

SYSTEM AND INFORMATION INTEGRITY

DTAM060 - McAfee VirusScan On-Demand scan log file size must be restricted and be configured to at least 10MB - bLimitSizeDISA McAfee VirusScan 8.8 Managed Client STIG v6r1Windows

SYSTEM AND INFORMATION INTEGRITY

EX16-ED-000610 - Exchange services must be documented and unnecessary services must be removed or disabled.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5Windows

CONFIGURATION MANAGEMENT

EX16-ED-000610 - Exchange services must be documented and unnecessary services must be removed or disabled.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6Windows

CONFIGURATION MANAGEMENT

First Hop Security - Router Advertisement Guard - Admin StatusTenable Cisco ACICisco_ACI

CONFIGURATION MANAGEMENT

JUEX-NM-000480 - The Juniper EX switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).DISA Juniper EX Series Network Device Management v2r3Juniper

IDENTIFICATION AND AUTHENTICATION

Management Access Policy - HTTPS - SSL Protocols - TLSv1.1Tenable Cisco ACICisco_ACI

SYSTEM AND COMMUNICATIONS PROTECTION

Network Security - Enable the default-address-selection optionJuniper Hardening JunOS 12 Devices ChecklistJuniper

CONFIGURATION MANAGEMENT

Number of changes allowed within the change interval (changes)Tenable Cisco ACICisco_ACI

IDENTIFICATION AND AUTHENTICATION

Password Strength Check - Password Minimum LengthTenable Cisco ACICisco_ACI

IDENTIFICATION AND AUTHENTICATION

Password Strength Check - Password Strength Test TypeTenable Cisco ACICisco_ACI

IDENTIFICATION AND AUTHENTICATION

Policies - Pod - Date and Time Policy - Administrative StateTenable Cisco ACICisco_ACI
Policies - Pod - Date and Time Policy - HostTenable Cisco ACICisco_ACI

AUDIT AND ACCOUNTABILITY

SNMP Destination - VersionTenable Cisco ACICisco_ACI

CONFIGURATION MANAGEMENT

Syslog Remote Destination - HostTenable Cisco ACICisco_ACI

AUDIT AND ACCOUNTABILITY

System Alias and Banners - Controller CLI BannerTenable Cisco ACICisco_ACI

ACCESS CONTROL

WN16-SO-000390 - Windows Server 2016 must be configured to at least negotiate signing for LDAP client signing.DISA Microsoft Windows Server 2016 STIG v2r10Windows

CONFIGURATION MANAGEMENT

WN19-CC-000360 - Windows Server 2019 Remote Desktop Services must always prompt a client for passwords upon connection.DISA Microsoft Windows Server 2019 STIG v3r4Windows

IDENTIFICATION AND AUTHENTICATION

WN19-SO-000320 - Windows Server 2019 must be configured to at least negotiate signing for LDAP client signing.DISA Microsoft Windows Server 2019 STIG v3r4Windows

CONFIGURATION MANAGEMENT

WN22-CC-000360 - Windows Server 2022 Remote Desktop Services must always prompt a client for passwords upon connection.DISA Microsoft Windows Server 2022 STIG v2r4Windows

IDENTIFICATION AND AUTHENTICATION