Item Search

Name	Audit Name	Plugin	Category
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed	CIS SQL Server 2012 Database L1 DB v1.6.0	MS_SQLDB	CONFIGURATION MANAGEMENT
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed	CIS SQL Server 2012 Database L1 AWS RDS v1.6.0	MS_SQLDB	CONFIGURATION MANAGEMENT
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
1.2.4 (L1) Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.36 (L2) Ensure 'Log on as a batch job' is set to 'Administrators' (DC Only)	CIS Windows Server 2012 R2 DC L2 v3.0.0	Windows	ACCESS CONTROL
2.3.10.4 (L2) Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L2 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
18.1.1.2 (L1) Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.6.20.1 (L2) Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.8.2 (L2) Ensure 'Remove Personalized Website Recommendations from the Recommended section in the Start Menu' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
18.9.20.1.11 (L2) Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.9.25.1 (L1) Ensure 'Configure password backup directory' is set to 'Enabled: Active Directory' or 'Enabled: Azure Active Directory'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1	Windows	CONTINGENCY PLANNING
18.9.25.1 (L1) Ensure 'Configure password backup directory' is set to 'Enabled: Active Directory' or 'Enabled: Azure Active Directory'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	CONTINGENCY PLANNING
18.9.25.1 (L1) Ensure 'Configure password backup directory' is set to 'Enabled: Active Directory' or 'Enabled: Azure Active Directory'	CIS Microsoft Windows Server 2019 v4.0.0 L1 MS	Windows	CONTINGENCY PLANNING
18.9.25.1 Ensure 'Configure password backup directory' is set to 'Enabled: Active Directory' or 'Enabled: Azure Active Directory'	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server	Windows	CONTINGENCY PLANNING
18.9.25.4 (L1) Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.4 (L1) Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.4 (L1) Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'	CIS Microsoft Windows Server 2019 v4.0.0 L1 MS	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.4 Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.5 (L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.5 (L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.5 (L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'	CIS Microsoft Windows Server 2022 v4.0.0 L1 MS	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.5 (L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.5 Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.5 Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.7 (L1) Ensure 'Post-authentication actions: Grace period (hours)' is set to 'Enabled: 8 or fewer hours, but not 0'	CIS Microsoft Windows Server 2025 v1.0.0 L1 MS	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.7 (L1) Ensure 'Post-authentication actions: Grace period (hours)' is set to 'Enabled: 8 or fewer hours, but not 0'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.7 (L1) Ensure 'Post-authentication actions: Grace period (hours)' is set to 'Enabled: 8 or fewer hours, but not 0'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.7 (L1) Ensure 'Post-authentication actions: Grace period (hours)' is set to 'Enabled: 8 or fewer hours, but not 0'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.7 (L1) Ensure 'Post-authentication actions: Grace period (hours)' is set to 'Enabled: 8 or fewer hours, but not 0'	CIS Microsoft Windows Server 2022 v4.0.0 L1 MS	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.25.7 (L1) Ensure 'Post-authentication actions: Grace period (hours)' is set to 'Enabled: 8 or fewer hours, but not 0'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.26.1 (L2) Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.10.5.1 (L1) Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.10.24.2 (L1) Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings)	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.43.5.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.10.43.6.1.2 (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.43.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.43.10.3 (L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.43.12.1 (L2) Ensure 'Configure Watson events' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L2 v3.0.0	Windows	SECURITY ASSESSMENT AND AUTHORIZATION
18.10.43.13.2 (L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
WDNS-AU-000001 - The Windows 2012 DNS Server must be configured to record, and make available to authorized personnel, who added/modified/deleted DNS zone information.	DISA Microsoft Windows 2012 Server DNS STIG v2r7	Windows	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
WDNS-CM-000003 - The Windows 2012 DNS Server must prohibit recursion on authoritative name servers for which forwarders have not been configured for external queries.	DISA Microsoft Windows 2012 Server DNS STIG v2r7	Windows	CONFIGURATION MANAGEMENT
WDNS-SC-000026 - The Windows 2012 DNS Server must restrict individuals from using it for launching Denial of Service (DoS) attacks against other information systems.	DISA Microsoft Windows 2012 Server DNS STIG v2r7	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
WN12-CC-000139 - Windows 2012 R2 must include command line data in process creation events.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	AUDIT AND ACCOUNTABILITY
WN19-DC-000070 - Windows Server 2019 permissions on the Active Directory data files must only allow System and Administrators access.	DISA Microsoft Windows Server 2019 STIG v3r4	Windows	ACCESS CONTROL
WN19-DC-000160 - Windows Server 2019 directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity.	DISA Microsoft Windows Server 2019 STIG v3r4	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
WN22-DC-000070 - Windows Server 2022 permissions on the Active Directory data files must only allow System and Administrators access.	DISA Microsoft Windows Server 2022 STIG v2r4	Windows	ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY
WN22-DC-000110 - Windows Server 2022 organization created Active Directory Organizational Unit (OU) objects must have proper access control permissions.	DISA Microsoft Windows Server 2022 STIG v2r4	Windows	ACCESS CONTROL

Detections

Analytics

Item Search