Item Search

Name	Audit Name	Plugin	Category
2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	CONFIGURATION MANAGEMENT
2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows Server 2022 v4.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows Server 2022 v4.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.3 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.3 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'	CIS Microsoft Windows Server 2022 v4.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.3 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.11.7 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	IDENTIFICATION AND AUTHENTICATION
3.8 Ensure Windows BUILTIN groups are not SQL Logins	CIS SQL Server 2008 R2 DB Engine L1 v1.7.0	MS_SQLDB	ACCESS CONTROL
3.9 Ensure Windows BUILTIN groups are not SQL Logins	CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS	MS_SQLDB	ACCESS CONTROL, MEDIA PROTECTION
3.9 Ensure Windows BUILTIN groups are not SQL Logins	CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine	MS_SQLDB	ACCESS CONTROL, MEDIA PROTECTION
3.9 Ensure Windows BUILTIN groups are not SQL Logins	CIS SQL Server 2012 Database L1 AWS RDS v1.6.0	MS_SQLDB	ACCESS CONTROL
3.9 Ensure Windows BUILTIN groups are not SQL Logins	CIS SQL Server 2014 Database L1 AWS RDS v1.5.0	MS_SQLDB	ACCESS CONTROL
3.9 Ensure Windows BUILTIN groups are not SQL Logins	CIS SQL Server 2012 Database L1 DB v1.6.0	MS_SQLDB	ACCESS CONTROL
3.9 Ensure Windows BUILTIN groups are not SQL Logins	CIS SQL Server 2014 Database L1 DB v1.5.0	MS_SQLDB	ACCESS CONTROL
17.3.2 Ensure 'Audit Process Creation' is set to include 'Success'	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC	Windows	AUDIT AND ACCOUNTABILITY
20.19 Ensure 'Directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity' (STIG DC only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC	Windows	ACCESS CONTROL
20.19 Ensure 'Directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity' (STIG DC only)	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC	Windows	ACCESS CONTROL
20.19 Ensure 'Directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity' (STIG DC only)	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC	Windows	ACCESS CONTROL
20.59 Ensure 'Software certificate installation files must be removed'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC	Windows	CONFIGURATION MANAGEMENT
20.59 Ensure 'Software certificate installation files must be removed'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	CONFIGURATION MANAGEMENT
20.59 Ensure 'Software certificate installation files must be removed'	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC	Windows	CONFIGURATION MANAGEMENT
20.59 Ensure 'Software certificate installation files must be removed'	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS	Windows	CONFIGURATION MANAGEMENT
20.64 Ensure 'TFTP Client' is 'not installed'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	CONFIGURATION MANAGEMENT
20.64 Ensure 'TFTP Client' is 'not installed'	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC	Windows	CONFIGURATION MANAGEMENT
20.64 Ensure 'TFTP Client' is 'not installed' (STIG only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC	Windows	CONFIGURATION MANAGEMENT
20.64 Ensure 'TFTP Client' is 'not installed' (STIG only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS	Windows	CONFIGURATION MANAGEMENT
49.12 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Intune for Windows 11 v4.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
49.12 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Intune for Windows 10 v4.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
49.15 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Intune for Windows 11 v4.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
49.16 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'	CIS Microsoft Intune for Windows 10 v4.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
49.22 (L1) Ensure 'Network Security: Allow PKU2U authentication requests' is set to 'Block'	CIS Microsoft Intune for Windows 10 v4.0.0 L1	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) - EncryptionMethodWithXtsFdv	MSCT Windows 10 1803 v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) - EncryptionMethodWithXtsFdv	MSCT Windows 10 1809 v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) - EncryptionMethodWithXtsOs	MSCT Windows 10 1803 v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) - EncryptionMethodWithXtsRdv	MSCT Windows 10 1803 v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) - EncryptionMethodWithXtsRdv	MSCT Windows 10 1809 v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
LSA Protection	MSCT Windows 11 v24H2 v1.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
MYS8-00-002400 - The MySQL Database Server 8.0 must generate audit records when privileges/permissions are added.	DISA Oracle MySQL 8.0 v2r2 DB	MySQLDB	AUDIT AND ACCOUNTABILITY
PPS9-00-002300 - The EDB Postgres Advanced Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.	EDB PostgreSQL Advanced Server OS Linux Audit v2r3	Unix	AUDIT AND ACCOUNTABILITY
WDigest Authentication	MSCT Windows Server 2016 DC v1.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
WN10-CC-000063 - Windows 10 systems must use either Group Policy or an approved Mobile Device Management (MDM) product to enforce STIG compliance.	DISA Microsoft Windows 10 STIG v3r4	Windows	CONFIGURATION MANAGEMENT
WN11-CC-000063 - Windows 11 systems must use either Group Policy or an approved Mobile Device Management (MDM) product to enforce STIG compliance.	DISA Microsoft Windows 11 STIG v2r3	Windows	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search