Item Search

NameAudit NamePluginCategory
1.1 Ensure packages are obtained from authorized repositoriesCIS PostgreSQL 12 OS v1.1.0Unix

CONFIGURATION MANAGEMENT, MAINTENANCE

1.1 Ensure packages are obtained from authorized repositoriesCIS PostgreSQL 14 OS v 1.2.0Unix

CONFIGURATION MANAGEMENT, MAINTENANCE

3.1.5 Ensure the filename pattern for log files is set correctlyCIS PostgreSQL 10 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.5 Ensure the filename pattern for log files is set correctlyCIS PostgreSQL 14 DB v 1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.5 Ensure the filename pattern for log files is set correctlyCIS PostgreSQL 11 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.5 Ensure the filename pattern for log files is set correctlyCIS PostgreSQL 9.5 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.7 Ensure 'log_truncate_on_rotation' is enabledCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.7 Ensure 'log_truncate_on_rotation' is enabledCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.7 Ensure 'log_truncate_on_rotation' is enabledCIS PostgreSQL 10 DB v1.0.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.7 Ensure 'log_truncate_on_rotation' is enabledCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.7 Ensure 'log_truncate_on_rotation' is enabledCIS PostgreSQL 17 v1.0.0 L1 PostgreSQLPostgreSQLDB

AUDIT AND ACCOUNTABILITY

4.4 Rebuild the images to include security patchesCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.5 Ensure The Latest Version of The Password File Is UsedCIS Oracle Database 23ai v1.0.0 L1 RDBMSOracleDB

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databasesCIS SQL Server 2012 Database L1 DB v1.6.0MS_SQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databasesCIS Microsoft SQL Server 2019 v1.5.0 L1 Database EngineMS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databasesCIS SQL Server 2008 R2 DB Engine L1 v1.7.0MS_SQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databasesCIS SQL Server 2012 Database L1 AWS RDS v1.6.0MS_SQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databasesCIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDSMS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

9.6 Secure the permission of the IBMLDAPSecurity.ini fileCIS IBM DB2 v10 v1.1.0 Linux OS Level 1Unix
9.6 Secure the permission of the IBMLDAPSecurity.ini fileCIS IBM DB2 v10 v1.1.0 Windows OS Level 1Windows
9.6 Secure the permission of the IBMLDAPSecurity.ini fileCIS IBM DB2 v10 v1.1.0 Linux OS Level 2Unix
9.6 Set 'Turn off Crash Detection' to 'Enabled'CIS IE 9 v1.0.0Windows

CONFIGURATION MANAGEMENT

APPL-14-002006 The macOS system must disable Unix-to-Unix Copy Protocol service.DISA Apple macOS 14 (Sonoma) STIG v2r3Unix

ACCESS CONTROL

CD12-00-009100 - Access to external executables must be disabled or restricted.DISA STIG Crunchy Data PostgreSQL DB v3r1PostgreSQLDB

CONFIGURATION MANAGEMENT

CD12-00-010300 - PostgreSQL must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.DISA STIG Crunchy Data PostgreSQL DB v3r1PostgreSQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'Tenable Cisco Firepower Best Practices AuditCisco

ACCESS CONTROL

Ensure 'EIGRP authentication' is enabledTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure 'HTTP session timeout' is less than or equal to '5' minutesTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure 'Image Authenticity' is correctTenable Cisco Firepower Best Practices AuditCisco

SYSTEM AND INFORMATION INTEGRITY

Ensure 'SNMP traps' is enabled - authenticationTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure 'SNMP traps' is enabled - linkdownTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure 'SNMP traps' is enabled - linkupTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure 'TLS 1.0' is set for HTTPS accessTenable Cisco Firepower Best Practices AuditCisco

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure email logging is configured for critical to emergencyTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure packet fragments are restricted for untrusted interfacesTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

Ensure that the 'local-infile' database flag for a Cloud Databases Mysql instance is set to '0'Tenable Best Practices RackSpace v2.0.0Rackspace

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure that the 'skip_show_database' database flag for a Cloud Databases Mysql instance is set to '1'Tenable Best Practices RackSpace v2.0.0Rackspace

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure timezone is properly configuredTenable Cisco Firepower Best Practices AuditCisco

CONFIGURATION MANAGEMENT

EP11-00-003210 - EDB Postgres Advanced Server software modules, to include stored procedures, functions, and triggers must be monitored to discover unauthorized changes.EDB PostgreSQL Advanced Server v11 DB Audit v2r4PostgreSQLDB

CONFIGURATION MANAGEMENT

EPAS-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1Unix

AUDIT AND ACCOUNTABILITY

EPAS-00-004600 - The EDB Postgres Advanced Server must enforce authorized access to all PKI private keys stored/used by the EDB Postgres Advanced Server.EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1Unix

IDENTIFICATION AND AUTHENTICATION

EPAS-00-006100 - Access to database files must be limited to relevant processes and to authorized, administrative users.EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

O121-C2-014100 - The DBMS must support organizational requirements to enforce password complexity by the number of uppercase characters used.DISA STIG Oracle 12c v3r2 DatabaseOracleDB

IDENTIFICATION AND AUTHENTICATION

PGS9-00-009100 - Access to external executables must be disabled or restricted.DISA STIG PostgreSQL 9.x on RHEL DB v2r5PostgreSQLDB

CONFIGURATION MANAGEMENT

PGS9-00-011800 - PostgreSQL must map the PKI-authenticated identity to an associated user account.DISA STIG PostgreSQL 9.x on RHEL OS v2r5Unix

IDENTIFICATION AND AUTHENTICATION

PPS9-00-002800 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion.EDB PostgreSQL Advanced Server OS Linux Audit v2r3Unix

AUDIT AND ACCOUNTABILITY

PPS9-00-004600 - The EDB Postgres Advanced Server must enforce authorized access to all PKI private keys stored/utilized by the EDB Postgres Advanced Server.EDB PostgreSQL Advanced Server OS Linux Audit v2r3Unix

IDENTIFICATION AND AUTHENTICATION

PPS9-00-006100 - Access to database files must be limited to relevant processes and to authorized, administrative users.EDB PostgreSQL Advanced Server OS Linux Audit v2r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

Review the list of Database BackupsTenable Best Practices RackSpace v2.0.0Rackspace

CONTINGENCY PLANNING

vCenter : monitor-admin-assignmentVMWare vSphere 5.X Hardening GuideVMware