Item Search

Name	Audit Name	Plugin	Category
1.1.3 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS	Windows	IDENTIFICATION AND AUTHENTICATION
1.1.3 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0' (STIG only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS	Windows	IDENTIFICATION AND AUTHENTICATION
1.1.3 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0' (STIG only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC	Windows	IDENTIFICATION AND AUTHENTICATION
1.3 Ensure Apache Is Installed From the Appropriate Binaries	CIS Apache HTTP Server 2.4 v2.2.0 L1	Unix	CONFIGURATION MANAGEMENT
1.7.2 Ensure GDM login banner is configured	CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation	Unix	ACCESS CONTROL
1.7.2 Ensure GDM login banner is configured	CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server	Unix	ACCESS CONTROL
1.7.2 Ensure GDM login banner is configured	CIS Debian Linux 12 v1.1.0 L1 Workstation	Unix	ACCESS CONTROL
1.7.2 Ensure GDM login banner is configured	CIS Debian Linux 12 v1.1.0 L1 Server	Unix	ACCESS CONTROL
1.7.4 Ensure GDM screen locks when the user is idle	CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server	Unix	ACCESS CONTROL
1.7.4 Ensure GDM screen locks when the user is idle	CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation	Unix	ACCESS CONTROL
1.7.4 Ensure GDM screen locks when the user is idle	CIS Debian Linux 12 v1.1.0 L1 Server	Unix	ACCESS CONTROL
1.7.4 Ensure GDM screen locks when the user is idle	CIS Debian Linux 12 v1.1.0 L1 Workstation	Unix	ACCESS CONTROL
2.2.43 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (STIG MS only)	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL
2.2.44 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (STIG MS only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS	Windows	ACCESS CONTROL
2.3.5.5 (L1) Ensure 'Domain controller: LDAP server signing requirements Enforcement' is set to 'Enabled' (DC only)	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) - Accept if provided by client or higher	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS	Windows	CONFIGURATION MANAGEMENT
2.4.5 Disable Remote Login	CIS Apple OSX 10.9 L1 v1.3.0	Unix	ACCESS CONTROL
2.5 Ensure firewall filters contain explicit deny and log term	CIS Juniper OS Benchmark v2.1.0 L2	Juniper	SYSTEM AND COMMUNICATIONS PROTECTION
4.10.9.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'	CIS Microsoft Intune for Windows 10 v4.0.0 BL	Windows	MEDIA PROTECTION
4.10.9.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked)	CIS Microsoft Intune for Windows 10 v4.0.0 BL	Windows	MEDIA PROTECTION
5.2.2 Ensure minimum password age is configured	CIS IBM AIX 7 v1.0.0 L2	Unix	IDENTIFICATION AND AUTHENTICATION
18.8.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION
18.8.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION
18.8.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION
18.8.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION
18.8.7.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked)	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	MEDIA PROTECTION
18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL	Windows	MEDIA PROTECTION
18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG	Windows	MEDIA PROTECTION
18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	MEDIA PROTECTION
18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	MEDIA PROTECTION
18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	MEDIA PROTECTION
18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	MEDIA PROTECTION
18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	MEDIA PROTECTION
18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	MEDIA PROTECTION
18.9.7.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked)	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL	Windows	MEDIA PROTECTION
18.9.7.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked)	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	MEDIA PROTECTION
18.9.7.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked)	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	MEDIA PROTECTION
18.9.7.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked)	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG	Windows	MEDIA PROTECTION
18.9.7.1.5 (L1) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	MEDIA PROTECTION
18.9.7.1.6 (L1) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	MEDIA PROTECTION
18.9.7.1.7 (L1) Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked)	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	MEDIA PROTECTION
18.9.25.7 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 60 or fewer' (STIG only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.7 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 60 or fewer' (STIG only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.15.2 Ensure 'Allow Diagnostic Data' is set to 'Enabled: Send required diagnostic data' or 'Enabled: Send optional diagnostic data' (STIG only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC	Windows	CONFIGURATION MANAGEMENT
18.10.44.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.44.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.44.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.44.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	SYSTEM AND INFORMATION INTEGRITY
CNTR-R2-001130 - Rancher RKE2 must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.	DISA Rancher Government Solutions RKE2 STIG v2r3	Unix	ACCESS CONTROL

Detections

Analytics

Item Search