1.10 Do not create access keys during initial setup for IAM users with a console password | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
1.13 Ensure 'Smart Lock' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L2 | MDM | CONFIGURATION MANAGEMENT |
3.1 Ensure each Auto-Scaling Group has an associated Elastic Load Balancer | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | CONFIGURATION MANAGEMENT |
3.1.13 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
3.1.14 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
3.5 Ensure CloudTrail logs are encrypted at rest using KMS CMKs | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.9 Secure MySQL Keyring - keyring_okv_path | CIS MySQL 5.7 Community Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
3.13 Ensure Web Tier Auto-Scaling Group has an associated Elastic Load Balancer | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | CONFIGURATION MANAGEMENT |
3.14 Ensure App Tier Auto-Scaling Group has an associated Elastic Load Balancer | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | CONFIGURATION MANAGEMENT |
4.2 Ensure a SNS topic is created for sending out notifications from RDS events - RDS Event Subscriptions | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND INFORMATION INTEGRITY |
4.3 Ensure 'CHECK_POLICY' Option is set to 'ON' for All SQL Authenticated Logins | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
4.3 Ensure 'CHECK_POLICY' Option is set to 'ON' for All SQL Authenticated Logins | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
4.3 Ensure 'CHECK_POLICY' Option is set to 'ON' for All SQL Authenticated Logins | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
4.4 Rebuild the images to include security patches | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
6.11 Ensure a route table for the public subnets is created | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
6.12 Ensure a route table for the private subnets is created | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
6.20 Ensure Web tier Security Group has no inbound rules for CIDR of 0 (Global Allow) | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
7.14 System information backup to remote computers | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | CONTINGENCY PLANNING |
7.15 System information backup to remote computers | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONTINGENCY PLANNING |
9.11 Check Groups in passwd(4) | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
9.11 Check Groups in passwd(4) | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
9.12 Check That Users Are Assigned Home Directories | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
9.12 Check That Users Are Assigned Home Directories | CIS Solaris 11 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
9.12 Check That Users Are Assigned Home Directories | CIS Solaris 11.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
9.14 Check That Users Are Assigned Home Directories | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
9.21 Find World Writable Files | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
9.21 Find World Writable Files | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
9.22 Find World Writable Files | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
9.24 Find Files and Directories with Extended Attributes | CIS Solaris 11.2 L1 v1.1.0 | Unix | |
EX13-MB-000180 - Exchange Receive connectors must control the number of recipients per message. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
EX13-MB-000190 - The Exchange Receive Connector Maximum Hop Count must be 60. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
EX13-MB-000225 - The Exchange Outbound Connection Limit per Domain Count must be controlled. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
EX16-ED-000200 - Exchange Outbound Connection Limit per Domain Count must be controlled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
EX16-ED-000270 - Exchange Receive connector Maximum Hop Count must be 60. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
EX16-ED-000500 - Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
EX16-ED-000500 - Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
EX16-ED-000510 - The Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List Connection filter must be enabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
EX16-MB-000320 - Exchange Mail Quota settings must not restrict receiving mail. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
EX16-MB-000360 - Exchange Receive connectors must control the number of recipients per message. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
EX19-ED-000111 - Exchange Outbound Connection limit per Domain Count must be controlled. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
EX19-ED-000137 - Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
EX19-MB-000125 - The Exchange Receive Connector Maximum Hop Count must be 60. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
EX19-MB-000132 - The Exchange Outbound Connection Timeout must be 10 minutes or less. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
SQL2-00-001900 - SQL Server must automatically audit account modification - 'Event ID 15' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
SQL2-00-001900 - SQL Server must automatically audit account modification - 'Event ID 104' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
SQL2-00-001900 - SQL Server must automatically audit account modification - 'Event ID 117' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
SQL2-00-001900 - SQL Server must automatically audit account modification - 'Event ID 132' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
SQL2-00-001900 - SQL Server must automatically audit account modification - 'Event ID 171' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
SQL2-00-001900 - SQL Server must automatically audit account modification - 'Event ID 176' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
TNS_IBM_HTTP_Server_Linux_Best_Practice_Middleware.audit | TNS IBM HTTP Server Best Practice Middleware | Unix | |