Item Search

Name	Audit Name	Plugin	Category
2.2.2 Ensure 'Maximum send size: Organization level' is set to '25'	CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
2.2.3 Ensure 'Maximum receive size: Organization level' is set to '25'	CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
2.2.5 Ensure 'Maximum receive size: Connector level' is set to '25'	CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
2.2.27 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only)	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL
2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only)	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL
2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.10 Ensure RC4 Cipher Suites is disabled	CIS IIS 8.0 v1.5.1 Level 1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
7.10 Ensure RC4 Cipher Suites is disabled - RC4 40/128	CIS IIS 7 L1 v1.8.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
7.10 Ensure RC4 Cipher Suites is disabled - RC4 64/128	CIS IIS 7 L1 v1.8.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
7.13 Ensure AES 256/256 Cipher Suite is enabled - Enabled	CIS IIS 8.0 v1.5.1 Level 1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.1.7 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.1.7 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.3.7 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'	CIS Windows 7 Workstation Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.3.7 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.3.7 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.39.2 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	CONFIGURATION MANAGEMENT
18.9.39.2 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L2	Windows	CONFIGURATION MANAGEMENT
18.9.59.3.2.1 Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.9.2.1 (L1) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'	CIS Microsoft Windows 10 Stand-alone v3.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.4 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.5 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Stand-alone v3.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 11 Stand-alone v4.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
WN12-GE-000020 - Software certificate installation files must be removed from Windows 2012/2012 R2.	DISA Windows Server 2012 and 2012 R2 DC STIG v3r7	Windows	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search