Item Search

NameAudit NamePluginCategory
1.1 Ensure the appropriate MongoDB software version/patches are installedCIS MongoDB 7 v1.2.0 L1 UnixUnix

CONFIGURATION MANAGEMENT

1.1 Verify all Apple provided software is currentCIS Apple macOS 10.12 L1 v1.2.0Unix

SYSTEM AND INFORMATION INTEGRITY

1.4 Enable system data files and security update installs - 'CriticalUpdateInstall'CIS Apple macOS 10.12 L1 v1.2.0Unix

SYSTEM AND INFORMATION INTEGRITY

2.1 Alter the Advertised server.info StringCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

2.1.1 Turn off Bluetooth, if no paired devices existCIS Apple macOS 10.12 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

2.2 Ensure that MongoDB does not bypass authentication via the localhost exceptionCIS MongoDB 7 v1.2.0 L1 UnixUnix

IDENTIFICATION AND AUTHENTICATION

2.2.2 Ensure time set is within appropriate limitsCIS Apple macOS 10.12 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

2.2.24 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL

2.3.1 Set an inactivity interval of 20 minutes or less for the screen saverCIS Apple macOS 10.12 L1 v1.2.0Unix

ACCESS CONTROL

2.5 Disable client facing Stack Traces - check for defined exception typeCIS Apache Tomcat 9 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

2.5.1 Disable 'Wake for network access' - Wake for network accessCIS Apple macOS 10.12 L1 v1.2.0Unix

ACCESS CONTROL

2.12 (L2) Host must enable volatile key destructionCIS VMware ESXi 8.0 v1.2.0 L2VMware

CONFIGURATION MANAGEMENT, MAINTENANCE

3.1 Set a nondeterministic Shutdown command valueCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL

3.3 Ensure security auditing retentionCIS Apple macOS 10.12 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

3.3 Ensure that MongoDB is run using a non-privileged, dedicated service accountCIS MongoDB 7 v1.2.0 L1 UnixUnix

ACCESS CONTROL

3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privilegesCIS MongoDB 6 v1.2.0 L1 MongoDBMongoDB

ACCESS CONTROL

3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privilegesCIS MongoDB 7 v1.2.0 L1 MongoDBMongoDB

ACCESS CONTROL

3.23 (L2) Host must deny shell access for the vpxuser accountCIS VMware ESXi 8.0 v1.2.0 L2VMware

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

4.2 Enable 'Show Wi-Fi status in menu bar' - Show Wi-Fi status in menu barCIS Apple macOS 10.12 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

4.2 Ensure Weak Protocols are DisabledCIS MongoDB 7 v1.2.0 L1 UnixUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Ensure http server is not runningCIS Apple macOS 10.12 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

4.4 Restrict access to Tomcat logs directoryCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.6 Restrict access to Tomcat binaries directoryCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2 Ensure that audit filters are configured properlyCIS MongoDB 6 v1.2.0 L2 MongoDBUnix

AUDIT AND ACCOUNTABILITY

5.2.2 Set a minimum password lengthCIS Apple macOS 10.12 L1 v1.2.0Unix

IDENTIFICATION AND AUTHENTICATION

5.3 Ensure that logging captures as much information as possibleCIS MongoDB 6 v1.2.0 L2 MongoDBUnix

AUDIT AND ACCOUNTABILITY

5.3 Ensure that logging captures as much information as possibleCIS MongoDB 7 v1.2.0 L2 UnixUnix

AUDIT AND ACCOUNTABILITY

5.4 Ensure that new entries are appended to the end of the log fileCIS MongoDB 6 v1.2.0 L2 MongoDBUnix

AUDIT AND ACCOUNTABILITY

5.4 Ensure that new entries are appended to the end of the log fileCIS MongoDB 7 v1.2.0 L2 UnixUnix

AUDIT AND ACCOUNTABILITY

5.5 (L2) Host should deactivate virtual hardware management network interfacesCIS VMware ESXi 8.0 v1.2.0 L2VMware

CONFIGURATION MANAGEMENT

5.13 Disable ability to login to another user's active and locked sessionCIS Apple macOS 10.12 L1 v1.2.0Unix

ACCESS CONTROL

6.2 Ensure that operating system resource limits are set for MongoDBCIS MongoDB 6 v1.2.0 L2 MongoDBUnix

SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure that operating system resource limits are set for MongoDBCIS MongoDB 7 v1.2.0 L2 UnixUnix

CONFIGURATION MANAGEMENT

6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to trueCIS Apache Tomcat 9 L1 v1.2.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Application specific loggingCIS Apache Tomcat 9 L2 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.1 Ensure appropriate key file permissions are setCIS MongoDB 6 v1.2.0 L1 MongoDBUnix

IDENTIFICATION AND AUTHENTICATION

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web applicationCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in defaultCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in web applicationCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.6 Ensure directory in logging.properties is a secure location - check application log directory is secureCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL

8.15 (L2) VMware Tools must deactivate Guest Operations unless requiredCIS VMware ESXi 8.0 v1.2.0 L2VMware

CONFIGURATION MANAGEMENT

10.5 Rename the manager application - host-manager/manager.xmlCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

10.16 Enable memory leak listenerCIS Apache Tomcat 9 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

18.8.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BLWindows

MEDIA PROTECTION

18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

MEDIA PROTECTION

18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'CIS Microsoft Windows 10 Stand-alone v4.0.0 BLWindows

MEDIA PROTECTION

18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NGWindows

MEDIA PROTECTION

18.9.7.1.6 (L1) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

MEDIA PROTECTION

18.9.18.2 Ensure 'Turn Off user-installed desktop gadgets' is set to 'Enabled'CIS Windows 7 Workstation Level 1 v3.2.0Windows

CONFIGURATION MANAGEMENT