Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1.1 Configure AAA Authentication - TACACS if applicableCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL

1.2 (L1) Host hardware must enable UEFI Secure BootCIS VMware ESXi 8.0 v1.2.0 L1VMware

SYSTEM AND SERVICES ACQUISITION

1.2.2 Configure IP Blocking on Failed LoginsCIS Cisco NX-OS v1.2.0 L1Cisco

AUDIT AND ACCOUNTABILITY

1.3 (L1) Host hardware must enable Intel TXT, if availableCIS VMware ESXi 8.0 v1.2.0 L1VMware

CONFIGURATION MANAGEMENT, MAINTENANCE

1.3.2 Post-authentication BannerCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.4 (L1) Host hardware must enable and configure a TPM 2.0CIS VMware ESXi 8.0 v1.2.0 L1VMware

CONFIGURATION MANAGEMENT, MAINTENANCE

1.5.4 Configure Logging TimestampsCIS Cisco NX-OS v1.2.0 L1Cisco

AUDIT AND ACCOUNTABILITY

1.6 (L1) Host integrated hardware management controller must enable time synchronizationCIS VMware ESXi 8.0 v1.2.0 L1VMware

CONFIGURATION MANAGEMENT, MAINTENANCE

1.6.2 Configure a Time ZoneCIS Cisco NX-OS v1.2.0 L1Cisco

AUDIT AND ACCOUNTABILITY

1.6.3 If a Local Time Zone is used, Configure Daylight SavingsCIS Cisco NX-OS v1.2.0 L1Cisco

AUDIT AND ACCOUNTABILITY

1.9.1 Configure SNMPv3CIS Cisco NX-OS v1.2.0 L1Cisco

CONFIGURATION MANAGEMENT, MAINTENANCE

1.9.2 Configure SNMP TrapsCIS Cisco NX-OS v1.2.0 L1Cisco

SYSTEM AND INFORMATION INTEGRITY

2.1.1 Configure Control Plane PolicingCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.2 (L1) Host must have all software updates installedCIS VMware ESXi 8.0 v1.2.0 L1VMware

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

2.3 (L1) Host must enable Secure Boot enforcementCIS VMware ESXi 8.0 v1.2.0 L1VMware

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.5.4.1 Ensure 'Do not allow Home Page URL to be set in folder Properties' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

2.5.10.11 Ensure 'Internet and network paths into hyperlinks' is set to 'Disabled'CIS Microsoft Office Enterprise v1.2.0 L2Windows

CONFIGURATION MANAGEMENT

2.5.14.2.4 Ensure 'Message Formats' is set to 'Enabled: S/MIME'CIS Microsoft Office Enterprise v1.2.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.5.14.2.5 Ensure 'Minimum encryption settings' is set to 'Enabled: 256'CIS Microsoft Office Enterprise v1.2.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.5.14.2.6 Ensure 'S/MIME interoperability with external clients:' is set to 'Enabled: Handle internally'CIS Microsoft Office Enterprise v1.2.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.5.14.3.1.3 Ensure 'Do not prompt about Level 1 attachments when closing an item' is set to 'Disabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

2.5.14.3.1.5 Ensure 'Remove file extensions blocked as Level 1' is set to 'Disabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

2.5.14.6 Ensure 'Disable 'Remember password' for Internet e-mail accounts' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

IDENTIFICATION AND AUTHENTICATION

2.5.14.7 Ensure 'Do not automatically sign replies' is set to 'Disabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.5.14.9 Ensure 'Prompt user to choose security settings if default settings fail' is set to 'Disabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.7 (L1) Host must have time synchronization services enabled and runningCIS VMware ESXi 8.0 v1.2.0 L1VMware

AUDIT AND ACCOUNTABILITY

2.8.4.1.3 Ensure 'Require that application add-ins are signed by Trusted Publisher' to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

3.1.1.2 Configure EIGRP Passive interfaces for interfaces that do not have peersCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.1.2.1 Configure BGP to Log Neighbor ChangesCIS Cisco NX-OS v1.2.0 L1Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.4.4 Configure HSRP protectionsCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.2.2 Disable ICMP Redirects on all Layer 3 InterfacesCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3 (L1) Host must deactivate the ESXi Managed Object Browser (MOB)CIS VMware ESXi 8.0 v1.2.0 L1VMware

ACCESS CONTROL, MEDIA PROTECTION

3.7 (L1) Host must automatically terminate idle DCUI sessionsCIS VMware ESXi 8.0 v1.2.0 L1VMware

ACCESS CONTROL

3.8 (L1) Host must automatically terminate idle shellsCIS VMware ESXi 8.0 v1.2.0 L1VMware

ACCESS CONTROL

3.10 (L1) Host must not suppress warnings that the shell is enabledCIS VMware ESXi 8.0 v1.2.0 L1VMware

SYSTEM AND INFORMATION INTEGRITY

3.12 (L1) Host must lock an account after a specified number of failed login attemptsCIS VMware ESXi 8.0 v1.2.0 L1VMware

ACCESS CONTROL

3.13 (L1) Host must unlock accounts after a specified timeout periodCIS VMware ESXi 8.0 v1.2.0 L1VMware

ACCESS CONTROL

3.14 (L1) Host must configure the password history setting to restrict the reuse of passwordsCIS VMware ESXi 8.0 v1.2.0 L1VMware

IDENTIFICATION AND AUTHENTICATION

3.16 (L1) Host must configure a session timeout for the APICIS VMware ESXi 8.0 v1.2.0 L1VMware

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

3.19 (L1) Host must have an accurate Exception Users listCIS VMware ESXi 8.0 v1.2.0 L1VMware

ACCESS CONTROL, MEDIA PROTECTION

4.1 Configure Local Configuration Backup ScheduleCIS Cisco NX-OS v1.2.0 L1Cisco

CONTINGENCY PLANNING

4.2 Configure a Remote Backup ScheduleCIS Cisco NX-OS v1.2.0 L1Cisco

CONTINGENCY PLANNING

4.6 (L1) Host must enable audit record loggingCIS VMware ESXi 8.0 v1.2.0 L1VMware

AUDIT AND ACCOUNTABILITY

4.8 (L1) Host must store one week of audit recordsCIS VMware ESXi 8.0 v1.2.0 L1VMware

AUDIT AND ACCOUNTABILITY

5.1 (L1) Host firewall must only allow traffic from authorized networksCIS VMware ESXi 8.0 v1.2.0 L1VMware

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.4.1 (L1) Host SNMP services, if enabled, must limit accessCIS VMware ESXi 8.0 v1.2.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

6.5.4 (L1) Host SSH daemon, if enabled, must not allow host-based authenticationCIS VMware ESXi 8.0 v1.2.0 L1Unix

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.5 (L1) Host SSH daemon, if enabled, must set a timeout count on idle sessionsCIS VMware ESXi 8.0 v1.2.0 L1Unix

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.7 (L1) Host SSH daemon, if enabled, must display the system login banner before granting accessCIS VMware ESXi 8.0 v1.2.0 L1Unix

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.11 (L1) Host SSH daemon, if enabled, must not permit tunnelsCIS VMware ESXi 8.0 v1.2.0 L1Unix

CONFIGURATION MANAGEMENT, MAINTENANCE