Item Search

Name	Audit Name	Plugin	Category
1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictive	CIS Red Hat OpenShift Container Platform v1.9.0 L1	OpenShift	ACCESS CONTROL, MEDIA PROTECTION
1.1.7 Ensure that the etcd pod specification file permissions are set to 600 or more restrictive	CIS Red Hat OpenShift Container Platform v1.9.0 L1	OpenShift	ACCESS CONTROL, MEDIA PROTECTION
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictive	CIS Red Hat OpenShift Container Platform v1.9.0 L1	OpenShift	ACCESS CONTROL, MEDIA PROTECTION
1.1.21 Ensure that the OpenShift PKI key file permissions are set to 600	CIS Red Hat OpenShift Container Platform v1.9.0 L1	OpenShift	ACCESS CONTROL, MEDIA PROTECTION
1.2.1 Ensure that anonymous requests are authorized	CIS Red Hat OpenShift Container Platform v1.9.0 L1	OpenShift	ACCESS CONTROL, MEDIA PROTECTION
1.2.8 Ensure that the admission control plugin AlwaysAdmit is not set	CIS Red Hat OpenShift Container Platform v1.9.0 L1	OpenShift	ACCESS CONTROL, MEDIA PROTECTION
1.2.10 Ensure that the admission control plugin ServiceAccount is set	CIS Red Hat OpenShift Container Platform v1.9.0 L1	OpenShift	ACCESS CONTROL, MEDIA PROTECTION
2.2.1.8 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled'	MobileIron - CIS Apple iPadOS 18 v2.0.0 L1 End User Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.2.1.8 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled'	AirWatch - CIS Apple iPadOS 26 v1.0.0 L1 End User Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.2.1.8 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'	MobileIron - CIS Apple iOS 26 v1.0.0 L1 End User Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.2.1.9 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'	MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.2.1.9 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'	MobileIron - CIS Apple iOS 18 v2.0.0 L1 End User Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.2.1.9 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'	MobileIron - CIS Apple iOS 26 v1.0.0 L1 End User Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.2.1.10 Ensure 'Allow Handoff' is set to 'Disabled'	MobileIron - CIS Apple iOS 26 v1.0.0 L2 End User Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.2.1.11 Ensure 'Allow Handoff' is set to 'Disabled'	AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L2	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured'	MobileIron - CIS Apple iPadOS 18 v2.0.0 L1 End User Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.3.2 Ensure access to NGINX directories and files is restricted	CIS NGINX v3.0.0 L1 Webserver	Unix	ACCESS CONTROL, MEDIA PROTECTION
2.7.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'	AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.7.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'	AirWatch - CIS Apple iPadOS 26 v1.0.0 L1 End User Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled'	AirWatch - CIS Apple iOS 26 v1.0.0 L2 Institution Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled'	MobileIron - CIS Apple iOS 26 v1.0.0 L2 Institution Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
2.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled'	AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.1.4.2 NFS - enable both nosuid and nodev options on NFS client mounts - nodev	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.2.1.20 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled'	MobileIron - CIS Apple iPadOS 18 v2.0.0 L1 Institution Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.2.1.21 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled'	AirWatch - CIS Apple iPadOS 18 v2.0.0 L1 Institutionally Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.2.1.21 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'	MobileIron - CIS Apple iOS 18 v2.0.0 L1 Institution Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.2.1.22 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'	MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.2.1.24 Ensure 'Allow Handoff' is set to 'Disabled'	MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.2.1.26 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled'	AirWatch - CIS Apple iOS 26 v1.0.0 L1 Institution Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.2.1.26 Ensure 'Require Touch ID / Face ID authentication before AutoFill' is set to 'Enabled'	AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.2.5 CDE - sgid/suid binary lockdown - /usr/dt/bin/dtaction	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.2.10 CDE - /etc/dt/config/Xservers permissions and ownership - permissions and ownership	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured'	AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.5 Ensure Access to Audit Records Is Controlled - /etc/security/audit_control	CIS Apple macOS 10.14 v2.0.0 L1	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.5.3 Remote command lockdown - rsh	CIS IBM AIX 7.1 L2 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.6.1.10 OpenSSH - configure sftp-server	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.7.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'	AirWatch - CIS Apple iPadOS 26 v1.0.0 L1 Institutionally Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.7.1.2 Home directory must deny write to all except owner	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.7.1.7 /var/adm/sa	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.7.1.8 /var/spool/cron/crontabs	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled'	MobileIron - CIS Apple 26 v1.0.0 L2 Institutionally Owned	MDM	ACCESS CONTROL, MEDIA PROTECTION
3.7.2.7 /etc/passwd	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.7.2.9 /etc/ssh/sshd_config	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
3.9 Ensure root access is controlled - rlogin	CIS IBM AIX 7.1 L1 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.1.3 Ensure private key permissions are restricted	CIS NGINX v3.0.0 L1 Loadbalancer	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.1.5 Ensure that the --kubeconfig kubelet.conf file permissions are set to 644 or more restrictive	CIS Red Hat OpenShift Container Platform v1.9.0 L1	OpenShift	ACCESS CONTROL, MEDIA PROTECTION
4.1.7 Ensure that the certificate authorities file permissions are set to 644 or more restrictive	CIS Red Hat OpenShift Container Platform v1.9.0 L1	OpenShift	ACCESS CONTROL, MEDIA PROTECTION
5.1.1 Privilege escalation: enhanced RBAC	CIS IBM AIX 7.1 L2 v2.1.0	Unix	ACCESS CONTROL, MEDIA PROTECTION
5.1.4 Ensure Appropriate Permissions Are Enabled for System Wide Applications	CIS Apple macOS 10.15 Catalina v3.0.0 L1	Unix	ACCESS CONTROL, MEDIA PROTECTION
5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users	CIS MariaDB 10.11 v1.0.0 L1 MariaDB RDBMS MySQLDB	MySQLDB	ACCESS CONTROL, MEDIA PROTECTION

Detections

Analytics

Item Search