Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.4 Set 'login authentication for 'line vty'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

ACCESS CONTROL

1.1.5 Set 'login authentication for 'ip http'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

ACCESS CONTROL

1.1.5 Set 'login authentication for 'line tty'CIS Cisco IOS 12 L1 v4.0.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.196 RHEL-09-254010CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT IIUnix

CONFIGURATION MANAGEMENT

2.1.3 Ensure 'BGP authentication' is enabledCIS Cisco ASA 9.x Firewall L2 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.4.1 Set 'neighbor password'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.11 Ensure ipv6 router advertisements are not acceptedCIS Debian Linux 12 v1.1.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

3.3.11 Ensure ipv6 router advertisements are not acceptedCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

3.3.11 Ensure ipv6 router advertisements are not acceptedCIS Red Hat Enterprise Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

3.3.11 Ensure ipv6 router advertisements are not acceptedCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

3.3.11 Ensure ipv6 router advertisements are not acceptedCIS SUSE Linux Enterprise 15 v2.0.1 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

3.3.11 Ensure ipv6 router advertisements are not acceptedCIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIGUnix

CONFIGURATION MANAGEMENT

3.3.11 Ensure ipv6 router advertisements are not acceptedCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

3.3.11 Ensure ipv6 router advertisements are not acceptedCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

3.3.11 Ensure ipv6 router advertisements are not acceptedCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

3.3.11 Ensure ipv6 router advertisements are not acceptedCIS Ubuntu Linux 20.04 LTS v3.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

3.3.11 Ensure ipv6 router advertisements are not acceptedCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

3.3.11 Ensure ipv6 router advertisements are not acceptedCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

3.3.11 Ensure ipv6 router advertisements are not acceptedCIS Ubuntu Linux 20.04 LTS v3.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

3.3.11 Ensure ipv6 router advertisements are not acceptedCIS SUSE Linux Enterprise 15 v2.0.1 L1 ServerUnix

CONFIGURATION MANAGEMENT

3.121 - The system does not have a backup administrator accountDISA Windows Vista STIG v6r41Windows

CONFIGURATION MANAGEMENT

4.5.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'CIS Microsoft Intune for Windows 10 v4.0.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.4.7 Ensure minimum and maximum requirements are set for password changes - maxrepeatCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

IDENTIFICATION AND AUTHENTICATION

5.140 - The HBSS McAfee Agent is not installed. - FrameworkServiceDISA Windows Vista STIG v6r41Windows

CONFIGURATION MANAGEMENT

6.17 Set Retry Limit for Account LockoutCIS Oracle Solaris 11.4 L1 v1.1.0Unix

ACCESS CONTROL

AIOS-14-011000 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch.MobileIron - DISA Apple iOS/iPadOS 14 v1r3MDM

ACCESS CONTROL, CONFIGURATION MANAGEMENT

ARST-RT-000210 - The multicast Rendezvous Point (RP) Arista router must be configured to filter Protocol Independent Multicast (PIM) Register and Join messages received from the Designated Router (DR) for any undesirable multicast groups and sources.DISA Arista MLS EOS 4.X Router STIG v2r2Arista

ACCESS CONTROL

CASA-ND-000490 - The Cisco ASA must be configured to enforce a minimum 15-character password length.DISA STIG Cisco ASA NDM v2r4Cisco

IDENTIFICATION AND AUTHENTICATION

CASA-ND-001180 - The Cisco ASA must be configured to protect against known types of denial-of-service (DoS) attacks by enabling the Threat Detection feature - DoS attacks by enabling the Threat Detection feature.DISA STIG Cisco ASA NDM v2r4Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-ND-001210 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.DISA STIG Cisco ASA NDM v2r4Cisco

AUDIT AND ACCOUNTABILITY

CASA-ND-001230 - The Cisco ASA must be configured to generate audit records for privileged activities or other system-level access.DISA STIG Cisco ASA NDM v2r4Cisco

AUDIT AND ACCOUNTABILITY

CIS_Cisco_Firewall_v8.x_Level_1_v4.2.0.audit for Cisco ASA 8 from CIS Cisco Firewall v8.x Benchmark v4.2.0CIS Cisco Firewall v8.x L1 v4.2.0Cisco
CIS_Cisco_Firewall_v8.x_Level_1_v4.2.0.audit for Cisco Firewall v8.x from CIS Cisco Firewall v8.x Benchmark v4.2.0CIS Cisco Firewall v8.x L1 v4.2.0Cisco
CIS_Cisco_IOS_12_v4.0.0_Level_1.audit for Cisco IOS 12 from CIS Cisco IOS 12 Benchmark v4.0.0CIS Cisco IOS 12 L1 v4.0.0Cisco
CIS_Cisco_IOS_15_v4.1.1_Level_2.audit from CIS Cisco IOS 15 BenchmarkCIS Cisco IOS 15 L2 v4.1.1Cisco
CIS_v4.1.0_Cisco_Firewall_ASA_9_Level_1.audit for Cisco ASA 9 from CIS Cisco Firewall Benchmark v4.1.0CIS Cisco Firewall ASA 9 L1 v4.1.0Cisco
CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes.DISA Cisco IOS Switch NDM STIG v3r7Cisco

ACCESS CONTROL

CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes.DISA Cisco IOS XE Switch NDM STIG v3r6Cisco

ACCESS CONTROL

CISC-ND-000580 - The Cisco switch must be configured to enforce password complexity by requiring that at least one lower-case character be used.DISA Cisco NX OS Switch NDM STIG v3r6Cisco

IDENTIFICATION AND AUTHENTICATION

CISC-ND-001030 - The Cisco switch must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources.DISA Cisco IOS XE Switch NDM STIG v3r6Cisco

AUDIT AND ACCOUNTABILITY

CISC-RT-000394 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values.DISA Cisco IOS XE Switch RTR STIG v3r4Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

EX13-EG-000190 - The Exchange Sender Reputation filter must be enabled.DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6Windows

SYSTEM AND INFORMATION INTEGRITY

Include Refresh in Session RecordsTenable Cisco ACICisco_ACI

AUDIT AND ACCOUNTABILITY

JUNI-RT-000385 - The Juniper perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - hop-by-hopDISA STIG Juniper Router RTR v3r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUNI-RT-000570 - The Juniper MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.DISA STIG Juniper Router RTR v3r2Juniper

CONTINGENCY PLANNING

Password Strength Check - EnabledTenable Cisco ACICisco_ACI

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-004300 - SQL Server must be configured to generate audit records for DoD-defined auditable events within all DBMS/database components.DISA MS SQL Server 2016 Instance STIG v3r6 MS_SQLDBMS_SQLDB

AUDIT AND ACCOUNTABILITY

System Alias and Banners - Controller CLI BannerTenable Cisco ACICisco_ACI

ACCESS CONTROL

System Alias and Banners - Switch CLI BannerTenable Cisco ACICisco_ACI

ACCESS CONTROL

WN12-SO-000044 - The system must be configured to disable the Internet Router Discovery Protocol (IRDP).DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION