Item Search

Name	Audit Name	Plugin	Category
1.1 Keep ESXi system properly patched	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware
1.2 Verify Image Profile and VIB Acceptance Levels	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware
1.3 Verify no unauthorized kernel modules are loaded on the host	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware
2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled	CIS Microsoft 365 Foundations v5.0.0 L2 E5	microsoft_azure	SYSTEM AND INFORMATION INTEGRITY
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors	CIS Apache Tomcat 9 L2 v1.2.0 Middleware	Unix	CONFIGURATION MANAGEMENT
2.4 Do not use default self-signed certificates for ESXi communication	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware
2.5 Disable client facing Stack Traces - check for defined exception type	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	CONFIGURATION MANAGEMENT
4.2 Restrict access to $CATALINA_BASE	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.12 Restrict access to Tomcat server.xml	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	ACCESS CONTROL, MEDIA PROTECTION
5.2 Use LockOut Realms	CIS Apache Tomcat 9 L2 v1.2.0 Middleware	Unix	CONFIGURATION MANAGEMENT
5.7 Set a timeout to automatically terminate idle ESXi Shell and SSH sessions	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	ACCESS CONTROL
5.42 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT
5.42 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL NG	Windows	CONFIGURATION MANAGEMENT
5.42 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT
5.42 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL NG	Windows	CONFIGURATION MANAGEMENT
6.1 Setup Client-cert Authentication	CIS Apache Tomcat 9 L2 v1.2.0 Middleware	Unix	IDENTIFICATION AND AUTHENTICATION
6.3 Ensure scheme is set accurately	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	CONFIGURATION MANAGEMENT
7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in web application	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	AUDIT AND ACCOUNTABILITY
7.5 Ensure that port groups are not configured to VLAN values reserved by upstream physical switches	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware
7.6 Ensure directory in logging.properties is a secure location - check log directory location	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	ACCESS CONTROL
8.2.6 Prevent unauthorized removal and modification of devices.	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	ACCESS CONTROL
8.4.25 Disable VM Console Drag and Drop operations	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	CONFIGURATION MANAGEMENT
8.4.27 Disable VM Console Paste operations	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	CONFIGURATION MANAGEMENT
8.4.28 Control access to VM console via VNC protocol	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	CONFIGURATION MANAGEMENT
8.6.2 Disable virtual disk shrinking	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	CONFIGURATION MANAGEMENT
8.7.2 Limit number of VM log files	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	AUDIT AND ACCOUNTABILITY
10.5 Rename the manager application - host-manager/manager.xml	CIS Apache Tomcat 9 L2 v1.2.0 Middleware	Unix	CONFIGURATION MANAGEMENT
10.7 Turn off session facade recycling	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	CONFIGURATION MANAGEMENT
10.8 Do not allow additional path delimiters - ALLOW_ENCODED_SLASH	CIS Apache Tomcat 9 L2 v1.2.0 Middleware	Unix	CONFIGURATION MANAGEMENT
10.9 Configure connectionTimeout	CIS Apache Tomcat 9 L2 v1.2.0 Middleware	Unix	CONFIGURATION MANAGEMENT
10.12 Do not allow symbolic linking	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
10.17 Setting Security Lifecycle Listener - check for umask present in startup	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	ACCESS CONTROL
17.7.3 Ensure 'Audit Audit Policy Change' is set to include 'Success and Failure' (STIG only)	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS	Windows	AUDIT AND ACCOUNTABILITY
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC	Windows	IDENTIFICATION AND AUTHENTICATION
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Microsoft Windows Server 2022 v4.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Microsoft Windows Server 2022 v4.0.0 L2 MS	Windows	CONFIGURATION MANAGEMENT
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Microsoft Windows 11 Enterprise v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT
18.10.10.1.3 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.1.3 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.1.3 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.1.8 (BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.3.3 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	MEDIA PROTECTION
18.10.10.3.3 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Microsoft Windows 11 Stand-alone v4.0.0 BL	Windows	MEDIA PROTECTION
18.10.10.3.3 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG	Windows	MEDIA PROTECTION
18.10.10.3.3 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	MEDIA PROTECTION
18.10.10.3.8 (BL) Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT
18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker	Windows	CONFIGURATION MANAGEMENT
81.37 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled'	CIS Microsoft Intune for Windows 11 v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search