1.0.1 Install the latest Fixpak | CIS IBM DB2 OS L2 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.3 Disable MySQL Command History | CIS MySQL 8.0 Community Linux OS L2 v1.1.0 | Unix | MEDIA PROTECTION |
1.3 Disable MySQL Command History | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL OS Linux | Unix | MEDIA PROTECTION |
1.3 Disable MySQL Command History - ~/.mysql_history | CIS MySQL 5.6 Community Linux OS L2 v2.0.0 | Unix | MEDIA PROTECTION |
1.3 Disable MySQL Command History - ~/.mysql_history | CIS MySQL 5.7 Enterprise Linux OS L2 v2.0.0 | Unix | MEDIA PROTECTION |
3.2 Configure Security Auditing Flags per local organizational requirements - 'audit all failed events across all audit classes' | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
Audit SGID executables | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
Audit SUID executables | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
CIS_Red_Hat_EL5_v2.2.1_L1.audit from Red Hat Enterprise Linux 5 Benchmark | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | |
CIS_Red_Hat_EL5_v2.2.1_L2.audit from Red Hat Enterprise Linux 5 Benchmark | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | |
CIS_SUSE_Linux_Enterprise_12_v3.2.1_L1_Server.audit from CIS SUSE Linux Enterprise 12 Benchmark v3.2.1 | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | |
CIS_SUSE_Linux_Enterprise_15_v2.0.0_L1_Server.audit from CIS SUSE Linux Enterprise 15 Benchmark v2.0.0 | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Server | Unix | |
CIS_SUSE_Linux_Enterprise_15_v2.0.0_L2_Workstation.audit from CIS SUSE Linux Enterprise 15 Benchmark v2.0.0 | CIS SUSE Linux Enterprise 15 v2.0.0 L2 Workstation | Unix | |
DKER-EE-002780 - PIDs cgroup limits must be used in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
DTAVSEL-006 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown macro viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
DTAVSEL-009 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being read from disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
DTAVSEL-010 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan all file types. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
DTAVSEL-017 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to deny access to the file if scanning fails. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
Ensure access to the su command is restricted - pam_wheel.so | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
Ensure access to the su command is restricted - wheel group contains root | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
Ensure address space layout randomization (ASLR) is enabled - sysctl.conf | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
Ensure AIDE is installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
Ensure at/cron is restricted to authorized users - at.deny | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
Ensure at/cron is restricted to authorized users - cron.deny | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
Ensure CUPS Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
Ensure DHCP Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
Ensure GDM login banner is configured - user-db | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
Ensure GPG keys are configured - apt-key list | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
Ensure ICMP redirects are not accepted - sysctl ipv4 all accept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Ensure NFS and RPC are not enabled - NFS | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
Ensure NFS and RPC are not enabled - RPC | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
Ensure NIS Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
Ensure Reverse Path Filtering is enabled - /etc/sysctl ipv4 all rp_filter | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Ensure Samba is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
Ensure SSH HostbasedAuthentication is disabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
Ensure SSH X11 forwarding is disabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
Ensure TIPC is disabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
IBM i : Auditing for New Objects (QCRTOBJAUD) - '*CHANGE' | IBM System i Security Reference for V7R3 | AS/400 | AUDIT AND ACCOUNTABILITY |
IBM i : Authority for New Objects (QCRTAUT) - '*CHANGE' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
IBM i : Automatic Configuration of Virtual Devices (QAUTOVRT) - '0' | IBM System i Security Reference for V7R2 | AS/400 | SYSTEM AND COMMUNICATIONS PROTECTION |
IBM i : Automatic Configuration of Virtual Devices (QAUTOVRT) - '0' | IBM System i Security Reference for V7R3 | AS/400 | SYSTEM AND COMMUNICATIONS PROTECTION |
IBM i : Character Position Difference for Passwords (QPWDPOSDIF) - '0' | IBM System i Security Reference for V7R2 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
IBM i : Force Conversion on Restore (QFRCCVNRST) - '>=3' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | CONFIGURATION MANAGEMENT |
IBM i : Minimum Length of Passwords (QPWDMINLEN) - '>=7' | IBM System i Security Reference for V7R3 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
IBM i : Remote Sign-On Control (QRMTSIGN) - '*REJECT' | IBM System i Security Reference for V7R2 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
IBM i : Required Difference in Passwords (QPWDRQDDIF) - '<=5' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
IBM i : Required Difference in Passwords (QPWDRQDDIF) - '<=5' | IBM System i Security Reference for V7R3 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
IBM i : Verify Object on Restore (QVFYOBJRST) - '3' | IBM System i Security Reference for V7R3 | AS/400 | SYSTEM AND INFORMATION INTEGRITY |
SLES-12-010910 - The SUSE operating system must be configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes. | DISA SLES 12 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
SLES-15-010330 - All SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |