Detections
Analytics

Item Search

NameAudit NamePluginCategory
4.8 Restrict access to Tomcat catalina.propertiesCIS Apache Tomcat 8 L1 v1.1.0Unix

ACCESS CONTROL

5.1 Ensure that WildFire file size upload limits are maximizedCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

5.1 Ensure that WildFire file size upload limits are maximizedCIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

7.2 Set Strong Password Creation Policies - HISTORY = 10CIS Solaris 11.1 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - Acrobat.exeCIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - AcroRd32.exeCIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - POWERPNT.EXECIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - Acrobat.exeCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONFIGURATION MANAGEMENT

18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - INFOPATH.exeCIS Windows 7 Workstation Level 1 v3.2.0Windows

CONFIGURATION MANAGEMENT

18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - INFOPATH.exeCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONFIGURATION MANAGEMENT

18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - java.exeCIS Windows 7 Workstation Level 1 v3.2.0Windows

CONFIGURATION MANAGEMENT

18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - javaw.exeCIS Windows 7 Workstation Level 1 v3.2.0Windows

CONFIGURATION MANAGEMENT

18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - MSPUB.exeCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONFIGURATION MANAGEMENT

18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - OIS.exeCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONFIGURATION MANAGEMENT

18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - POWERPNT.EXECIS Windows 7 Workstation Level 1 v3.2.0Windows

CONFIGURATION MANAGEMENT

18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - PPTVIEW.EXECIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONFIGURATION MANAGEMENT

18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - wordpad.exeCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONFIGURATION MANAGEMENT

Do not allow drive redirectionMSCT Windows 11 v23H2 v1.0.0Windows

CONFIGURATION MANAGEMENT

Do not allow drive redirection - fDisableCdmMSCT Windows Server 2025 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

ESXI-70-000007 - The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via the Direct Console User Interface (DCUI).DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

ACCESS CONTROL

ESXI-70-000032 - The ESXi host must prohibit the reuse of passwords within five iterations.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

IDENTIFICATION AND AUTHENTICATION

ESXI-70-000036 - The ESXi host must disable ESXi Shell unless needed for diagnostics or troubleshooting.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

CONFIGURATION MANAGEMENT

ESXI-70-000041 - The ESXi host must set a timeout to automatically disable idle shell sessions after two minutes.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-70-000046 - The ESXi host must configure NTP time synchronization.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

AUDIT AND ACCOUNTABILITY

ESXI-70-000057 - The ESXi host must configure the firewall to block network traffic by default - incomingDISA STIG VMware vSphere 7.0 ESXi v1r4VMware

CONFIGURATION MANAGEMENT

ESXI-70-000058 - The ESXi host must enable Bridge Protocol Data Units (BPDU) filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

CONFIGURATION MANAGEMENT

ESXI-70-000065 - All port groups on standard switches must not be configured to virtual local area network (VLAN) values reserved by upstream physical switches.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

CONFIGURATION MANAGEMENT

ESXI-70-000072 - The ESXi host must have all security patches and updates installed.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

CONFIGURATION MANAGEMENT

ESXI-70-000088 - The ESXi host must configure a session timeout for the vSphere API.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

CONFIGURATION MANAGEMENT

JBOS-AS-000685 - The JRE installed on the JBoss server must be kept up to date.DISA JBoss EAP 6.3 STIG v2r6Unix

SYSTEM AND INFORMATION INTEGRITY

PHTN-40-000223 The Photon operating system must not forward IPv4 or IPv6 source-routed packets.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

CONFIGURATION MANAGEMENT

Turn on Enhanced Protected ModeMSCT Windows 10 1903 v1.19.9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Turn on Enhanced Protected ModeMSCT Windows 10 v2004 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Turn on Enhanced Protected ModeMSCT Windows Server v2004 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Turn on Enhanced Protected ModeMSCT Windows Server v2004 MS v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Turn on Enhanced Protected ModeMSCT Windows Server 2019 MS v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Turn on Enhanced Protected ModeMSCT Windows Server v20H2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Turn on Enhanced Protected ModeMSCT Windows 11 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Turn on Enhanced Protected ModeMSCT Windows 11 v24H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

VCTR-67-000001 - The vCenter Server must prohibit password reuse for a minimum of five generations.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

IDENTIFICATION AND AUTHENTICATION

VCTR-67-000005 - The vCenter Server users must have the correct roles assigned.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

SYSTEM AND COMMUNICATIONS PROTECTION

VCTR-67-000015 - The vCenter Server must set the distributed port group Promiscuous Mode policy to reject.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCTR-67-000024 - The vCenter Server must configure the vpxuser password meets length policy.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCTR-67-000045 - The vCenter Server must limit the maximum number of failed login attempts to three.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

ACCESS CONTROL

VCTR-67-000058 - The vCenter Server Machine SSL certificate must be issued by a DoD certificate authority.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCTR-67-000060 - The vCenter Server must enable revocation checking for certificate-based authentication.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCTR-67-000064 - The vCenter Server must restrict access to cryptographic permissions.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCTR-67-000066 - The vCenter Server must have new Key Encryption Keys (KEKs) reissued at regular intervals for vSAN encrypted datastore(s).DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCTR-67-000069 - The vCenter Server must use a limited privilege account when adding an LDAP identity source.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCTR-67-000078 - The vCenter Server must disable Password and Windows integrated authentication.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT