1.2.1 Configure Global Authorization Rule to Restrict Access - add roles='administrators' | CIS IIS 7.0 L1 v1.7.1 | Windows | ACCESS CONTROL |
1.2.1 Configure Global Authorization Rule to Restrict Access - remove users='*' | CIS IIS 7.5 L1 v1.7.1 | Windows | ACCESS CONTROL |
1.3.2 Ensure sudo commands use pty | CIS SUSE Linux Enterprise 15 Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
1.6.1.2 Ensure the SELinux state is enforcing | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.1.2 Ensure the SELinux state is enforcing - 'Current mode' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.1.2 Ensure the SELinux state is enforcing - 'SELINUX' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.1.3 Ensure SELinux policy is configured | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.1.3 Ensure SELinux policy is configured - 'Policy from config file' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.2.2 Ensure all AppArmor Profiles are enforcing - 'profiles loaded' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.2.2 Ensure all AppArmor Profiles are enforcing - complain mode | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | ACCESS CONTROL |
2.2 Give the BIND User Account an Invalid Shell | CIS BIND DNS v3.0.0 Authoritative Name Server | Unix | ACCESS CONTROL |
2.2.25 Ensure 'Deny log on as a batch job' to include 'Guests, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS | Windows | ACCESS CONTROL |
2.2.28 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS | Windows | ACCESS CONTROL |
3.1.10 Authenticate federated users at the instance level | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL |
3.1.10 Authenticate federated users at the instance level | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | ACCESS CONTROL |
4.2 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | ACCESS CONTROL |
4.5.1.9 CDE - /etc/dt/config/Xconfig permissions and ownership | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
4.5.1.10 CDE - /etc/dt/config/Xservers permissions and ownership | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
4.5.4.6 /var/spool/mqueue - access control | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
5.3 Reduce the sudo timeout period | CIS Apple OSX 10.10 Yosemite L1 v1.1.0 | Unix | ACCESS CONTROL |
5.3 Reduce the sudo timeout period | CIS Apple OSX 10.11 El Capitan L1 v1.0.0 | Unix | ACCESS CONTROL |
5.4.4 Ensure default user umask is 027 or more restrictive - '/etc/bash.bashrc' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.0.0 | Unix | ACCESS CONTROL |
5.4.4 Ensure default user umask is 027 or more restrictive - '/etc/login.defs' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.0.0 | Unix | ACCESS CONTROL |
5.4.4 Ensure default user umask is 027 or more restrictive - /etc/bash.bashrc.local | CIS SUSE Linux Enterprise Workstation 11 L1 v2.0.0 | Unix | ACCESS CONTROL |
6.1.3 Disable guest account login | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
6.1.3 Disable guest account login | CIS Apple macOS 10.13 L1 v1.0.0 | Unix | ACCESS CONTROL |
6.1.3 Disable guest account login | CIS Apple OSX 10.11 El Capitan L1 v1.0.0 | Unix | ACCESS CONTROL |
7.6 Set Default umask for Users, Check if 'UMASK' is set to 077. | CIS Solaris 10 v5.2 | Unix | ACCESS CONTROL |
8.1 Block system accounts, Ensure account 'bin' is locked. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.1 Block System Accounts, should pass if the default shell for 'bin' is set to /dev/null. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.1 Block System Accounts, should pass if the default shell for 'listen' is set to /dev/null. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
10.18 Setting Security Lifecycle Listener (check for umask uncommented in startup) | CIS Apache Tomcat 8 L1 v1.0.1 | Unix | ACCESS CONTROL |
20.37 Ensure 'Non-administrative accounts or groups only have print permissions on printer shares' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
Connection settings - 'pg_hba.conf no host entries for 'all' users' | TNS PostgreSQL 9.1 Best Practices Windows OS | Windows | ACCESS CONTROL |
Connection settings - 'pg_hba.conf review entries using 'trust' method' | TNS PostgreSQL 9.1 Best Practices Windows OS | Windows | ACCESS CONTROL |
Connections - Host Based Authentication - no unconditional connect | TNS PostgreSQL 9.6 Best Practices Windows OS | Windows | ACCESS CONTROL |
Ensure Session Security Integration is Enabled | TNS IBM WebSphere Application Server 9 Linux Best Practices | Unix | ACCESS CONTROL |
IBM i : Authority for New Objects (QCRTAUT) - '*CHANGE or *USE or *EXCLUDE' | IBM iSeries Security Reference v5r4 | AS/400 | ACCESS CONTROL |
IBM i : Authority for New Objects (QCRTAUT) - '*CHANGE' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
Logon options - Internet Zone | MSCT Windows Server 1903 MS v1.0.0 | Windows | ACCESS CONTROL |
Network access: Allow anonymous SID/Name translation | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
Network access: Allow anonymous SID/Name translation | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
Network access: Allow anonymous SID/Name translation | MSCT Windows 10 v20H2 v1.0.0 | Windows | ACCESS CONTROL |
Network access: Allow anonymous SID/Name translation | MSCT Windows 11 v23H2 v1.0.0 | Windows | ACCESS CONTROL |
Network access: Allow anonymous SID/Name translation | MSCT Windows 10 1809 v1.0.0 | Windows | ACCESS CONTROL |
Network access: Allow anonymous SID/Name translation | MSCT Windows 10 v1903 v1.0.0 | Windows | ACCESS CONTROL |
Network access: Allow anonymous SID/Name translation | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
Network access: Allow anonymous SID/Name translation | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | ACCESS CONTROL |
VM : verify-network-filter | VMWare vSphere 6.0 Hardening Guide | VMware | ACCESS CONTROL |
VM: verify-network-filter | TNS VMWare vSphere Best Practices | VMware | ACCESS CONTROL |