Item Search

Name	Audit Name	Plugin	Category
1.2.29 Ensure that the API Server only makes use of Strong Cryptographic Ciphers	CIS Kubernetes v1.11.1 L1 Master Node	Unix	CONFIGURATION MANAGEMENT
1.2.31 Ensure that the API Server only makes use of Strong Cryptographic Ciphers	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master	Unix	CONFIGURATION MANAGEMENT
1.3 (L1) Host hardware must enable Intel TXT, if available	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT, MAINTENANCE
1.3.4 (L1) Ensure 'User owned apps and services' is restricted	CIS Microsoft 365 Foundations v5.0.0 L1 E5	microsoft_azure	CONFIGURATION MANAGEMENT
2.3.6.6 Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	CONFIGURATION MANAGEMENT
2.3.7.2 (L1) Ensure 'Interactive logon: Don't display last signed-in' is set to 'Enabled'	CIS Microsoft Windows Server 2022 v4.0.0 L1 DC	Windows	ACCESS CONTROL
2.3.7.2 Ensure 'Interactive logon: Don't display last signed-in' is set to 'Enabled'	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller	Windows	ACCESS CONTROL
2.3.7.2 Ensure 'Interactive logon: Don't display last signed-in' is set to 'Enabled'	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server	Windows	ACCESS CONTROL
2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	CONFIGURATION MANAGEMENT
2.3.10.5 (L1) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	CONFIGURATION MANAGEMENT
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	CONFIGURATION MANAGEMENT
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	CONFIGURATION MANAGEMENT
2.4.6 Ensure 'Maximum number of failed attempts' is set to '6'	AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned	MDM	ACCESS CONTROL
2.4.6 Ensure 'Maximum number of failed attempts' is set to '6'	MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned	MDM	ACCESS CONTROL
2.4.6 Ensure 'Maximum number of failed attempts' is set to '6'	AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1	MDM	ACCESS CONTROL
2.11 (L1) Host must use sufficient entropy for cryptographic operations	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	CONFIGURATION MANAGEMENT, MAINTENANCE
2.12 (L2) Host must enable volatile key destruction	CIS VMware ESXi 8.0 v1.2.0 L2	VMware	CONFIGURATION MANAGEMENT, MAINTENANCE
3.1.2 Ensure packet redirect sending is disabled - 'net.ipv4.conf.all.send_redirects = 0'	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.1.2 Ensure packet redirect sending is disabled - systctl net.ipv4.conf.all.send_redirects	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.1 Ensure source routed packets are not accepted - 'net.ipv4.conf.all.accept_source_route = 0'	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.1 Ensure source routed packets are not accepted - 'net.ipv6.conf.all.accept_source_route = 0'	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv4.conf.all.accept_source_route	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv6.conf.all.accept_source_route	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.2 Ensure ICMP redirects are not accepted - 'net.ipv6.conf.all.accept_redirects = 0'	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.2 Ensure ICMP redirects are not accepted - 'net.ipv6.conf.all.accept_redirects = 0'	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.5 Ensure broadcast ICMP requests are ignored - 'net.ipv4.icmp_echo_ignore_broadcasts = 1'	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.6 Ensure bogus ICMP responses are ignored - 'net.ipv4.icmp_ignore_bogus_error_responses = 1'	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.7 Ensure Reverse Path Filtering is enabled - net.ipv4.conf.all.rp_filter = 1	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.9 Ensure IPv6 router advertisements are not accepted - net.ipv6.conf.default.accept_ra = 0	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl net.ipv6.conf.default.accept_ra	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
3.24 (L1) Host must display a login banner for the DCUI and Host Client	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT, MAINTENANCE
4.2.13 Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker	Unix	CONFIGURATION MANAGEMENT
6.5.4 (L1) Host SSH daemon, if enabled, must not allow host-based authentication	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	CONFIGURATION MANAGEMENT, MAINTENANCE
6.5.5 (L1) Host SSH daemon, if enabled, must set a timeout count on idle sessions	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	CONFIGURATION MANAGEMENT, MAINTENANCE
6.5.7 (L1) Host SSH daemon, if enabled, must display the system login banner before granting access	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	CONFIGURATION MANAGEMENT, MAINTENANCE
6.5.8 (L1) Host SSH daemon, if enabled, must ignore .rhosts files	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	CONFIGURATION MANAGEMENT, MAINTENANCE
6.5.11 (L1) Host SSH daemon, if enabled, must not permit tunnels	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	CONFIGURATION MANAGEMENT, MAINTENANCE
10.5 Rename the manager application - host-manager/manager.xml	CIS Apache Tomcat 10 L2 v1.1.0	Unix	CONFIGURATION MANAGEMENT
10.5 Rename the manager application - host-manager/manager.xml	CIS Apache Tomcat 10 L2 v1.1.0 Middleware	Unix	CONFIGURATION MANAGEMENT
10.5 Rename the manager application - webapps/manager	CIS Apache Tomcat 10 L2 v1.1.0	Unix	CONFIGURATION MANAGEMENT
10.7 Turn off session facade recycling	CIS Apache Tomcat 9 L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
10.8 Do not allow additional path delimiters	CIS Apache Tomcat 11 v1.0.0 L2	Unix	CONFIGURATION MANAGEMENT
10.8 Do not allow additional path delimiters	CIS Apache Tomcat 10.1 v1.1.0 L2	Unix	CONFIGURATION MANAGEMENT
10.8 Do not allow additional path delimiters - ALLOW_ENCODED_SLASH	CIS Apache Tomcat 10 L2 v1.1.0 Middleware	Unix	CONFIGURATION MANAGEMENT
10.8 Do not allow additional path delimiters - ALLOW_ENCODED_SLASH	CIS Apache Tomcat 9 L2 v1.2.0	Unix	CONFIGURATION MANAGEMENT
10.8 Do not allow additional path delimiters - ALLOW_ENCODED_SLASH	CIS Apache Tomcat 10 L2 v1.1.0	Unix	CONFIGURATION MANAGEMENT
18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	CONFIGURATION MANAGEMENT
18.9.15.1 Ensure 'Do not display the password reveal button' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	CONFIGURATION MANAGEMENT
18.10.37.1.1 (L2) Ensure 'Turn off Windows Location Provider' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
19.7.47.2.1 (L2) Ensure 'Prevent Codec Download' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search