Item Search

Name	Audit Name	Plugin	Category
2.2.27 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only)	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL
2.3.5.1 Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only)	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL
2.3.5.1 Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller	Windows	ACCESS CONTROL
2.3.5.1 Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only)	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC	Windows	ACCESS CONTROL
2.3.5.4 (L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only)	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.5.4 (L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only)	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.5.4 (L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only)	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.10 Ensure Windows local groups are not SQL Logins	CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine	MS_SQLDB	ACCESS CONTROL, MEDIA PROTECTION
3.10 Ensure Windows local groups are not SQL Logins	CIS SQL Server 2017 Database L1 AWS RDS v1.3.0	MS_SQLDB	ACCESS CONTROL, MEDIA PROTECTION
3.10 Ensure Windows local groups are not SQL Logins	CIS SQL Server 2017 Database L1 DB v1.3.0	MS_SQLDB	ACCESS CONTROL, MEDIA PROTECTION
9.5 Ensure the Timeout Limits for Request Headers is Set to 40 or Less	CIS Apache HTTP Server 2.4 v2.2.0 L1	Unix	ACCESS CONTROL, CONFIGURATION MANAGEMENT
9.5 Ensure the Timeout Limits for Request Headers is Set to 40 or Less - RequestReadTimeout	CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware	Unix	CONFIGURATION MANAGEMENT
18.8.7.1 (L1) Ensure 'Allow remote access to the Plug and Play interface' is set to 'Disabled'	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1	Windows	MEDIA PROTECTION
18.9.30.2 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.10.6.1 Ensure 'Turn off Inventory Collector' is set to 'Enabled' (STIG only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC	Windows	CONFIGURATION MANAGEMENT
18.10.9.2.3 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.3.15 (L1) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	MEDIA PROTECTION
18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL	Windows	MEDIA PROTECTION
18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	MEDIA PROTECTION
18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	MEDIA PROTECTION
18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	MEDIA PROTECTION
18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	MEDIA PROTECTION
18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	MEDIA PROTECTION
18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL	Windows	MEDIA PROTECTION
18.10.10.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker	Windows	MEDIA PROTECTION
18.10.10.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	MEDIA PROTECTION
18.10.10.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	MEDIA PROTECTION
18.10.10.3.12 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'	CIS Microsoft Windows 11 Stand-alone v4.0.0 BL	Windows	MEDIA PROTECTION
18.10.10.3.15 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	MEDIA PROTECTION
18.10.10.3.15 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	MEDIA PROTECTION
18.10.10.3.15 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	MEDIA PROTECTION
18.10.36.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows Server 2019 v3.0.1 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.10.36.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows Server 2016 v3.0.0 L2 MS	Windows	CONFIGURATION MANAGEMENT
18.10.36.1 Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.10.36.1 Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Domain Controller	Windows	CONFIGURATION MANAGEMENT
18.10.36.1 Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Member Server	Windows	CONFIGURATION MANAGEMENT
18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.10.37.2 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.10.37.2 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
20.1 Ensure 'Accounts require passwords' (STIG only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC	Windows	IDENTIFICATION AND AUTHENTICATION
AIOS-18-015500 - Apple iOS/iPadOS 18 must disable the download of iOS/iPadOS beta updates.	AirWatch - DISA Apple iOS/iPadOS 18 v1r1	MDM	CONFIGURATION MANAGEMENT
AIOS-18-015500 - Apple iOS/iPadOS 18 must disable the download of iOS/iPadOS beta updates.	MobileIron - DISA Apple iOS/iPadOS 18 v1r1	MDM	CONFIGURATION MANAGEMENT
SQL2-00-014900 - SQL Server must be monitored to discover unauthorized changes to functions.	DISA STIG SQL Server 2012 Database Audit v1r20	MS_SQLDB	CONFIGURATION MANAGEMENT
SQL2-00-015100 - SQL Server must be monitored to discover unauthorized changes to triggers.	DISA STIG SQL Server 2012 Database Audit v1r20	MS_SQLDB	CONFIGURATION MANAGEMENT
SQL4-00-014900 - SQL Server must be monitored to discover unauthorized changes to functions.	DISA STIG SQL Server 2014 Database Audit v1r7	MS_SQLDB	CONFIGURATION MANAGEMENT
SQL4-00-015100 - SQL Server must be monitored to discover unauthorized changes to triggers.	DISA STIG SQL Server 2014 Database Audit v1r7	MS_SQLDB	CONFIGURATION MANAGEMENT
WN12-SO-000045 - The system must be configured to use Safe DLL Search Mode.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	CONFIGURATION MANAGEMENT
WN12-SO-000045 - The system must be configured to use Safe DLL Search Mode.	DISA Windows Server 2012 and 2012 R2 DC STIG v3r7	Windows	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search