Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.4.1 Set 'password' for 'enable secret'CIS Cisco IOS 15 L1 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.4.2 Enable 'service password-encryption'CIS Cisco IOS 15 L1 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.4.3 Set 'username secret' for all local usersCIS Cisco IOS 15 L1 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.1 Set 'no snmp-server' to disable SNMP when unusedCIS Cisco IOS 15 L1 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.2 Unset 'private' for 'snmp-server community'CIS Cisco IOS 15 L1 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.3 Unset 'public' for 'snmp-server community'CIS Cisco IOS 15 L1 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.4 Do not set 'RW' for any 'snmp-server community'CIS Cisco IOS 15 L1 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.9 Set 'priv' for each 'snmp-server group' using SNMPv3CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1.1.1 Set the 'hostname'CIS Cisco IOS 15 L1 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1.1.2 Set the 'ip domain-name'CIS Cisco IOS 15 L1 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.1 Ensure only SNMPv3 is enabledCIS Fortigate 7.0.x v1.3.0 L2FortiGate

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.4.1 Create a single 'interface loopback' - 'Only one loopback interface IP Address is defined'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.4.1 Create a single 'interface loopback' - 'Only one loopback interface is defined'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.4.2 Set AAA 'source-interface'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.4.4 Set 'ip tftp source-interface' to the Loopback InterfaceCIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.5 (L1) Ensure SNMP is configured properlyCIS VMware ESXi 7.0 v1.4.0 L1 Bare MetalUnix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.5 Ensure SNMP is configured properly - 'community name private does not exist'CIS VMware ESXi 6.7 v1.3.0 Level 1VMware

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.5 Ensure SNMP is configured properly - 'community name public does not exist'CIS VMware ESXi 6.7 v1.3.0 Level 1VMware

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.6 (L1) Ensure dvfilter API is not configured if not usedCIS VMware ESXi 7.0 v1.4.0 L1VMware

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.6 Ensure dvfilter API is not configured if not usedCIS VMware ESXi 6.7 v1.3.0 Level 1VMware

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.1 Ensure packet redirect sending is disabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.1 Set 'no ip source-route'CIS Cisco IOS 15 L1 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.2 Set 'no ip proxy-arp'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.3 Set 'no interface tunnel'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.4 Set 'ip verify unicast source reachable-via'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Default deny configured'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 0.0.0.0'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 127.0.0.0'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 172.16.0.0'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.0.2.0'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 224.0.0.0'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - External interface has ACL appliedCIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Set inbound 'ip access-group' on the External InterfaceCIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.6 Ensure that the --make-iptables-util-chains argument is set to trueCIS Google Kubernetes Engine (GKE) v1.7.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.3 Set 'key-string'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.4 Set 'address-family ipv4 autonomous-system'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.6 Set 'authentication key-chain'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.7 Set 'authentication mode md5'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.9 Set 'ip authentication mode eigrp'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2.1 Set 'authentication message-digest' for OSPF areaCIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2.2 Set 'ip ospf message-digest-key md5'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.3.1 Set 'key chain'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.3.2 Set 'key'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.3.3 Set 'key-string'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.3.4 Set 'ip rip authentication key-chain'CIS Cisco IOS 15 L2 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

5.3 (L1) Host must restrict use of the dvFilter network APICIS VMware ESXi 8.0 v1.2.0 L1VMware

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

5.3 Ensure port lockdown for self IP is setCIS F5 Networks v1.0.0 L1F5

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

6.4.1 (L1) Host SNMP services, if enabled, must limit accessCIS VMware ESXi 8.0 v1.2.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure 'http.conduit.tlsClientParameters.disableCNCheck' is set to 'false' to enable hostname verification for JAX-WS applicationsCIS IBM WebSphere Liberty v1.0.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION