Detections
Analytics
Item Search
| Name | Audit Name | Plugin | Category |
|---|---|---|---|
| DKER-EE-001080 - The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker paths | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker services | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| MS.DEFENDER.4.1v2 - A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked. | CISA SCuBA Microsoft 365 Defender v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.DEFENDER.4.2v1 - The custom policy SHOULD be applied to Exchange, OneDrive, SharePoint, Teams chat, and Devices. | CISA SCuBA Microsoft 365 Defender v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.DEFENDER.4.3v1 - The action for the custom policy SHOULD be set to block sharing sensitive information with everyone. | CISA SCuBA Microsoft 365 Defender v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.DEFENDER.4.5v1 - A list of apps that are restricted from accessing files protected by DLP policy SHOULD be defined. | CISA SCuBA Microsoft 365 Defender v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.DEFENDER.4.6v1 - The custom policy SHOULD include an action to block access to sensitive | CISA SCuBA Microsoft 365 Defender v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.1.1v1 - Automatic forwarding to external domains SHALL be disabled. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.8.1v2 - A DLP solution SHALL be used. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.8.2v2 - The DLP solution SHALL protect personally identifiable information (PII) and sensitive information, as defined by the agency. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.8.3v1 - The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.8.4v1 - At a minimum, the DLP solution SHALL restrict sharing credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) via email. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.POWERPLATFORM.3.1v1 - Power Platform tenant isolation SHALL be enabled. | CISA SCuBA Microsoft 365 Power Platform v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.POWERPLATFORM.4.1v1 - Content Security Policy (CSP) SHALL be enforced for model-driven and canvas Power Apps. | CISA SCuBA Microsoft 365 Power Platform v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.POWERPLATFORM.5.1v1 - The ability to create Power Pages sites SHOULD be restricted to admins. | CISA SCuBA Microsoft 365 Power Platform v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.SHAREPOINT.1.1v1 - External sharing for SharePoint SHALL be limited to Existing guests or Only people in your organization. | CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.SHAREPOINT.1.2v1 - External sharing for OneDrive SHALL be limited to Existing guests or Only people in your organization. | CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.SHAREPOINT.1.3v1 - External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs. | CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.SHAREPOINT.1.4v1 - Guest access SHALL be limited to the email the invitation was sent to. | CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.SHAREPOINT.2.1v1 - File and folder default sharing scope SHALL be set to Specific people (only the people the user specifies). | CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.SHAREPOINT.2.2v1 - File and folder default sharing permissions SHALL be set to View. | CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.SHAREPOINT.3.1v1 - Expiration days for Anyone links SHALL be set to 30 days or less. | CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.SHAREPOINT.3.2v1 - The allowable file and folder permissions for links SHALL be set to View only. | CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.SHAREPOINT.3.3v1 - Reauthentication days for people who use a verification code SHALL be set to 30 days or less. | CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.6.1v1 - A DLP solution SHALL be enabled. The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft. | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.6.2v1 - The DLP solution SHALL protect personally identifiable information (PII) | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.8.2v1 - User click tracking SHOULD be enabled. | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |