Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1 Ensure Latest SQL Server Cumulative and Security Updates are InstalledCIS SQL Server 2022 Database L1 AWS RDS v1.1.0MS_SQLDB

SYSTEM AND SERVICES ACQUISITION

1.1 Ensure Latest SQL Server Cumulative and Security Updates are InstalledCIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDSMS_SQLDB

SYSTEM AND SERVICES ACQUISITION

1.2 Ensure Single-Function Member Servers are UsedCIS SQL Server 2022 Database L1 AWS RDS v1.1.0MS_SQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDSMS_SQLDB

CONFIGURATION MANAGEMENT

2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0'CIS SQL Server 2014 Database L1 AWS RDS v1.5.0MS_SQLDB

SYSTEM AND INFORMATION INTEGRITY

2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0'CIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.7 Ensure 'Remote Admin Connections' Server Configuration Option is set to '0'CIS SQL Server 2016 Database L1 AWS RDS v1.4.0MS_SQLDB

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Ensure SQL Server is configured to use non-standard portsCIS SQL Server 2014 Database L1 AWS RDS v1.5.0MS_SQLDB

SYSTEM AND INFORMATION INTEGRITY

2.15 Ensure 'AUTO_CLOSE' is set to 'OFF' on contained databasesCIS SQL Server 2022 Database L1 AWS RDS v1.1.0MS_SQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0'CIS SQL Server 2016 Database L1 AWS RDS v1.4.0MS_SQLDB

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.16 Ensure 'AUTO_CLOSE' is set to 'OFF' on contained databasesCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.6 Ensure the SQL Server's SQLAgent Service Account is Not an AdministratorCIS SQL Server 2016 Database L1 AWS RDS v1.4.0MS_SQLDB

ACCESS CONTROL

3.6 Ensure the SQL Server's SQLAgent Service Account is Not an AdministratorCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

ACCESS CONTROL

3.6 Ensure the SQL Server's SQLAgent Service Account is Not an AdministratorCIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDSMS_SQLDB

ACCESS CONTROL

3.7 Ensure the SQL Server's Full-Text Service Account is Not an AdministratorCIS SQL Server 2016 Database L1 AWS RDS v1.4.0MS_SQLDB

ACCESS CONTROL

3.7 Ensure the SQL Server's Full-Text Service Account is Not an AdministratorCIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDSMS_SQLDB

ACCESS CONTROL

3.8 Ensure only the default permissions specified by Microsoft are granted to the public server roleCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

ACCESS CONTROL, MEDIA PROTECTION

3.10 Ensure Windows local groups are not SQL LoginsCIS SQL Server 2014 Database L1 AWS RDS v1.5.0MS_SQLDB

ACCESS CONTROL

3.10 Ensure Windows local groups are not SQL LoginsCIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDSMS_SQLDB

ACCESS CONTROL, MEDIA PROTECTION

4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin RoleCIS SQL Server 2014 Database L1 AWS RDS v1.5.0MS_SQLDB

ACCESS CONTROL

4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin RoleCIS SQL Server 2016 Database L1 AWS RDS v1.4.0MS_SQLDB

ACCESS CONTROL

4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin RoleCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

ACCESS CONTROL

4.2 Ensure 'Software Update' returns 'Your software is up to date.'MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1MDM

SYSTEM AND INFORMATION INTEGRITY

4.2 Ensure 'Software Update' returns 'Your software is up to date.'MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1MDM

SYSTEM AND INFORMATION INTEGRITY

4.2 Ensure 'Software Update' returns 'Your software is up to date.'AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1MDM

CONFIGURATION MANAGEMENT

4.2 Ensure 'Software Update' returns 'Your software is up to date.'AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1MDM

CONFIGURATION MANAGEMENT

4.4 Ensure 'Software Update' returns 'Your software is up to date.'MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1MDM

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

4.4 Ensure 'Software Update' returns 'Your software is up to date.'AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution OwnedMDM

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

5.3 Ensure 'Login Auditing' is set to 'failed logins'CIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

AUDIT AND ACCOUNTABILITY

5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'SUCCESSFUL_LOGIN_GROUP'CIS SQL Server 2012 Database L1 AWS RDS v1.6.0MS_SQLDB

AUDIT AND ACCOUNTABILITY

5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - SUCCESSFUL_LOGIN_GROUPCIS SQL Server 2014 Database L1 AWS RDS v1.5.0MS_SQLDB

AUDIT AND ACCOUNTABILITY

7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databasesCIS SQL Server 2012 Database L1 AWS RDS v1.6.0MS_SQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databasesCIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDSMS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS SQL Server 2016 Database L1 AWS RDS v1.4.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

Account Management - Review disabled user accountsTenable Cisco Viptela SD-WAN - vManageCisco_Viptela

ACCESS CONTROL

Account Management - Review disabled user accountsTenable Cisco Viptela SD-WAN - vSmartCisco_Viptela

ACCESS CONTROL

Configure Allowed Authentication TypesTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

SYSTEM AND COMMUNICATIONS PROTECTION

Configure IPsec Tunnel Parameters - perfect-forward-secrecyTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

ACCESS CONTROL

Content of Audit Records - Configure disk logging - priority levelTenable Cisco Viptela SD-WAN - vManageCisco_Viptela

AUDIT AND ACCOUNTABILITY

Content of Audit Records - Configure disk logging - priority levelTenable Cisco Viptela SD-WAN - vSmartCisco_Viptela

AUDIT AND ACCOUNTABILITY

Identification and Authentication - Use out of band authentication - AAA - netconf loggingTenable Cisco Viptela SD-WAN - vSmartCisco_Viptela

IDENTIFICATION AND AUTHENTICATION

Identification and Authentication - Use out of band authentication - Admin Authentication OrderTenable Cisco Viptela SD-WAN - vManageCisco_Viptela

IDENTIFICATION AND AUTHENTICATION

Identification and Authentication - Use out of band authentication - Authentication OrderTenable Cisco Viptela SD-WAN - vBondCisco_Viptela

IDENTIFICATION AND AUTHENTICATION

System Backup - Enable Backups - intervalTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

CONTINGENCY PLANNING

System Backup - Enable Backups - pathTenable Cisco Viptela SD-WAN - vManageCisco_Viptela

CONTINGENCY PLANNING

System Use Notification - Banner motdTenable Cisco Viptela SD-WAN - vBondCisco_Viptela

ACCESS CONTROL

System Use Notification - Banner motdTenable Cisco Viptela SD-WAN - vManageCisco_Viptela

ACCESS CONTROL

Time Stamps - Enable NTP - remote serverTenable Cisco Viptela SD-WAN - vManageCisco_Viptela

AUDIT AND ACCOUNTABILITY

Time Stamps - Enable NTP - timezoneTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

AUDIT AND ACCOUNTABILITY