Item Search

Name	Audit Name	Plugin	Category
1.1 Ensure single sign-on (SSO) is configured for your account / organization	CIS Snowflake Foundations v1.0.0 L1	Snowflake	ACCESS CONTROL
1.3.10 (L2) Ensure 'Default setting for third-party storage partitioning' is set to 'Enabled: Block third-party storage partitioning from being enabled.'	CIS Microsoft Edge v3.0.0 L2	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
1.7 Ensure authentication key pairs are rotated every 180 days	CIS Snowflake Foundations v1.0.0 L1	Snowflake	IDENTIFICATION AND AUTHENTICATION
1.10 Limit the number of users with ACCOUNTADMIN and SECURITYADMIN	CIS Snowflake Foundations v1.0.0 L1	Snowflake	ACCESS CONTROL
1.11 Ensure that all users granted the ACCOUNTADMIN role have an email address assigned	CIS Snowflake Foundations v1.0.0 L1	Snowflake	ACCESS CONTROL
1.12 Ensure that no users have ACCOUNTADMIN or SECURITYADMIN as the default role	CIS Snowflake Foundations v1.0.0 L1	Snowflake	ACCESS CONTROL
1.13 Ensure that the ACCOUNTADMIN or SECURITYADMIN role is not granted to any custom role	CIS Snowflake Foundations v1.0.0 L1	Snowflake	ACCESS CONTROL
1.14 Ensure that Snowflake tasks are not owned by the ACCOUNTADMIN or SECURITYADMIN roles	CIS Snowflake Foundations v1.0.0 L1	Snowflake	ACCESS CONTROL
1.40 (L2) Ensure 'Allow or block audio capture' is set to 'Disabled'	CIS Microsoft Edge v3.0.0 L2	Windows	CONFIGURATION MANAGEMENT
1.65 (L2) Ensure 'Configure Online Text To Speech' is set to 'Disabled'	CIS Microsoft Edge v3.0.0 L2	Windows	CONFIGURATION MANAGEMENT
1.91 (L2) Ensure 'Enable Drop feature in Microsoft Edge' is set to 'Disabled'	CIS Microsoft Edge v3.0.0 L2	Windows	CONFIGURATION MANAGEMENT
2.1.2 Disable Local CDE Calendar Manager - Make sure that /network/rpc/cde-calendar-manager is disabled	CIS Solaris 10 L1 v5.2	Unix
2.1.3 Disable Local Graphical Login Environment - Make sure that /application/graphical-login/gdm2-login is disabled	CIS Solaris 10 L1 v5.2	Unix
2.2.2 Disable NIS Server Daemons - Make sure that /network/nis/passwd is disabled	CIS Solaris 10 L1 v5.2	Unix
2.2.2 Disable NIS Server Daemons - Make sure that /network/nis/update is disabled	CIS Solaris 10 L1 v5.2	Unix
2.2.10 Disable automount daemon - Make sure that /system/filesystem/autofs is disabled.	CIS Solaris 10 L1 v5.2	Unix
2.2.12 Disable Solaris Volume Manager Services - Make sure that /system/device/mpxio-upgrade is disabled	CIS Solaris 10 L1 v5.2	Unix
2.2.13 Disable Solaris Volume Manager GUI - Make sure that /network/rpc/mdcomm is disabled.	CIS Solaris 10 L1 v5.2	Unix
2.2.13 Disable Solaris Volume Manager GUI - Make sure that network/rpc/metamh is disabled.	CIS Solaris 10 L1 v5.2	Unix
2.3 Establish a Secure Baseline - Make sure that application/management/dmi:default is disabled (netservices limited)	CIS Solaris 10 L1 v5.2	Unix
2.3 Establish a Secure Baseline - Make sure that application/management/sma:default is disabled (netservices limited)	CIS Solaris 10 L1 v5.2	Unix
2.3 Establish a Secure Baseline - Make sure that application/management/snmpdx:default is disabled (netservices limited)	CIS Solaris 10 L1 v5.2	Unix
2.3 Establish a Secure Baseline - Make sure that application/print/ipp-listener:default is disabled (netservices limited)	CIS Solaris 10 L1 v5.2	Unix
2.3 Establish a Secure Baseline - Make sure that network/nfs/rquota:default is disabled (netservices limited)	CIS Solaris 10 L1 v5.2	Unix
2.3 Establish a Secure Baseline - Make sure that network/rpc/rusers:default is disabled (netservices limited)	CIS Solaris 10 L1 v5.2	Unix
2.3 Establish a Secure Baseline - Make sure that network/ssh:default is enabled (netservices limited)	CIS Solaris 10 L1 v5.2	Unix
2.5 Ensure monitoring and alerting exist for creation, update and deletion of security integrations	CIS Snowflake Foundations v1.0.0 L1	Snowflake	AUDIT AND ACCOUNTABILITY
3.1.1 (L1) Ensure 'Update policy override default' is set to 'Enabled: Always allow updates (recommended)'	CIS Microsoft Edge v3.0.0 L1	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
3.1.2 Disable Source Packet Forwarding - Check ip6_forward_src_routed value. Expected value: 0.	CIS Solaris 10 L1 v5.2	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.1.4 Disable Response to ICMP Timestamp Requests - Check ip_respond_to_timestamp value. Expected value: 0.	CIS Solaris 10 L1 v5.2	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.1.11 Ignore ICMP Redirect Messages - Check ip6_ignore_redirect value. Expected value: 1.	CIS Solaris 10 L1 v5.2	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.1.16 Set Maximum Number of Half-open TCP Connections - Check tcp_conn_req_max_q0 value. Expected value: 4096.	CIS Solaris 10 L1 v5.2	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.2 Restrict Core Dumps to Protected Directory - Check if COREADM_GLOB_ENABLED is set to yes	CIS Solaris 10 L1 v5.2	Unix	ACCESS CONTROL
3.2 Restrict Core Dumps to Protected Directory - Check if COREADM_GLOB_PATTERN is set to /var/cores/core_%n_%f_%u_%g_%t_%p	CIS Solaris 10 L1 v5.2	Unix	ACCESS CONTROL
3.2 Restrict Core Dumps to Protected Directory - Check if COREADM_GLOB_SETID_ENABLED is set to yes	CIS Solaris 10 L1 v5.2	Unix	ACCESS CONTROL
3.2 Restrict Core Dumps to Protected Directory - Check if COREADM_INIT_PATTERN is set to core	CIS Solaris 10 L1 v5.2	Unix	ACCESS CONTROL
3.2 Restrict Core Dumps to Protected Directory - Check if permissions for /var/cores are OK.	CIS Solaris 10 L1 v5.2	Unix
3.3.1 (L1) Ensure 'Auto-update check period override' is set to any value except '0'	CIS Microsoft Edge v3.0.0 L1	Windows	SYSTEM AND INFORMATION INTEGRITY
3.4 Enable Strong TCP Sequence Number Generation - Enforce Strong TCP Sequence Number Generation setting (TCP_STRONG_ISS = 2).	CIS Solaris 10 L1 v5.2	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.5 Disable Network Routing - Make sure that ipv4-forwarding is disabled	CIS Solaris 10 L1 v5.2	Unix
4.3 Ensure that the DATA_RETENTION_TIME_IN_DAYS parameter is set to 90 for critical data	CIS Snowflake Foundations v1.0.0 L2	Snowflake	CONTINGENCY PLANNING
4.4 Ensure that the MIN_DATA_RETENTION_TIME_IN_DAYS account parameter is set to 7 or higher	CIS Snowflake Foundations v1.0.0 L2	Snowflake	AUDIT AND ACCOUNTABILITY, CONTINGENCY PLANNING, SYSTEM AND INFORMATION INTEGRITY
4.5 Enable Login Records - Check if permissions for /var/adm/loginlog are OK.	CIS Solaris 10 L1 v5.2	Unix
4.7 Enable cron Logging - Check if CRONLOG is set to yes in /etc/default/cron.	CIS Solaris 10 L1 v5.2	Unix	AUDIT AND ACCOUNTABILITY
4.8 Enable System Accounting - Check if svc:/system/sar is online	CIS Solaris 10 L1 v5.2	Unix
6.1.8 Set SSH RhostsRSAAuthentication to no - Check if RhostsRSAAuthentication is set to no and not commented for the server.	CIS Solaris 10 L1 v5.2	Unix	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION
6.7 Set Default Screen Lock for CDE Users - Check if 'dtsession*lockTimeout:' is set to 10.	CIS Solaris 10 L1 v5.2	Unix	ACCESS CONTROL
6.8 Set Default Screen Lock for GNOME Users - GNOME package was not found	CIS Solaris 10 L1 v5.2	Unix	ACCESS CONTROL
6.9 Restrict at/cron To Authorized Users - should pass if /etc/cron.d/cron.deny does not exist.	CIS Solaris 10 L1 v5.2	Unix	ACCESS CONTROL
7.1 Disable System Accounts - Ensure account 'gdm' is locked.	CIS Solaris 10 L1 v5.2	Unix	ACCESS CONTROL

Detections

Analytics

Item Search