Item Search

NameAudit NamePluginCategory
1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows Server 2019 v3.0.1 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.14.2 Ensure 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' is set to 'Enabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.14.2 Ensure 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.4.7 Ensure minimum and maximum requirements are set for password changes - maxrepeatCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

IDENTIFICATION AND AUTHENTICATION

5.4.7 Ensure minimum and maximum requirements are set for password changes - minclassCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

IDENTIFICATION AND AUTHENTICATION

5.4.7 Ensure minimum and maximum requirements are set for password changes - minlenCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

IDENTIFICATION AND AUTHENTICATION

7.2 Set Strong Password Creation PoliciesCIS Oracle Solaris 11.4 L1 v1.1.0Unix

IDENTIFICATION AND AUTHENTICATION

7.2 Set Strong Password Creation Policies - PASSLENGTH = 8CIS Solaris 11.2 L1 v1.1.0Unix

IDENTIFICATION AND AUTHENTICATION

7.2 Set Strong Password Creation Policies - MINLOWER = 1CIS Solaris 11.2 L1 v1.1.0Unix

IDENTIFICATION AND AUTHENTICATION

7.2 Set Strong Password Creation Policies - MINNONALPHA = 1CIS Solaris 11 L1 v1.1.0Unix

IDENTIFICATION AND AUTHENTICATION

7.2 Set Strong Password Creation Policies - MINUPPER = 1CIS Solaris 11.2 L1 v1.1.0Unix

IDENTIFICATION AND AUTHENTICATION

7.2 Set Strong Password Creation Policies - NAMECHECK = yesCIS Solaris 11 L1 v1.1.0Unix

IDENTIFICATION AND AUTHENTICATION

18.3.4 (L1) Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT

18.3.4 (L1) Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.3.6 Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONFIGURATION MANAGEMENT

18.4.8 (L1) Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

18.6.11.3 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'CIS Windows Server 2012 MS L1 v3.0.0Windows

ACCESS CONTROL

18.6.11.3 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'CIS Windows Server 2012 R2 DC L1 v3.0.0Windows

ACCESS CONTROL

18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'CIS Microsoft Windows Server 2016 v3.0.0 L1 DCWindows

ACCESS CONTROL

18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.3 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.20.1.3 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BLWindows

CONFIGURATION MANAGEMENT

18.9.20.1.3 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L2Windows

CONFIGURATION MANAGEMENT

18.10.9.1.5 (L1) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.3.4 (L1) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

MEDIA PROTECTION

18.10.10.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 11 Stand-alone v4.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v4.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.3.9 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

MEDIA PROTECTION

18.10.16.1 Ensure 'Download Mode' is set to 'Enabled' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.10.16.1 Ensure 'Download Mode' is set to 'Enabled' (STIG only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.10.92.1.1 Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain ControllerWindows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'CIS Windows Server 2012 R2 MS L1 v3.0.0Windows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

20.16 Ensure 'Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

20.16 Ensure 'Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

20.32 Ensure 'krbtgt account password' is no more than '180 days old' (STIG DC only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION

AIOS-14-011000 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch.MobileIron - DISA Apple iOS/iPadOS 14 v1r3MDM

ACCESS CONTROL, CONFIGURATION MANAGEMENT

DISA_STIG_SharePoint_2010_v1r9.audit from DISA SharePoint 2010 v1r9DISA STIG SharePoint 2010 v1r9Windows
WN19-00-000410 - Windows Server 2019 must not have Windows PowerShell 2.0 installed.DISA Microsoft Windows Server 2019 STIG v3r4Windows

CONFIGURATION MANAGEMENT

WN22-00-000410 - Windows Server 2022 must not have Windows PowerShell 2.0 installed.DISA Microsoft Windows Server 2022 STIG v2r4Windows

CONFIGURATION MANAGEMENT