Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.1.1 Ensure mounting of UDF filesystems is disabledCIS Bottlerocket L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.3.1 Ensure dm-verity is configuredCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.4.1 Ensure setuid programs do not create core dumpsCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.4.2 Ensure address space layout randomization (ASLR) is enabledCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.2 Ensure Lockdown is configuredCIS Bottlerocket L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4 Ensure External Users' role is set to 'No Access'CIS F5 Networks v1.0.0 L2F5

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.1 Ensure IP forwarding is disabled - ipv4 sysctlCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.1 Ensure IP forwarding is disabled - ipv6 /etc/sysctl.conf /etc/sysctl.d/*CIS Debian 8 Server L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.2 Ensure packet redirect sending is disabled - default /etc/sysctl.conf /etc/sysctl.d/*CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.1 Ensure source routed packets are not accepted - files 'net.ipv4.conf.default.accept_source_route = 0'CIS Debian 8 Server L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.1 Ensure source routed packets are not accepted - net.ipv6.conf.all.accept_source_route = 0CIS Debian 8 Server L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.2 Ensure ICMP redirects are not acceptedCIS Bottlerocket L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.2 Ensure ICMP redirects are not accepted - files net.ipv4.conf.all.accept_redirects= 0CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.2 Ensure ICMP redirects are not accepted - files net.ipv4.conf.default.accept_redirects= 0CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.2 Ensure ICMP redirects are not accepted - net.ipv4.conf.all.accept_redirectsCIS Debian 8 Server L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.2 Ensure ICMP redirects are not accepted - net.ipv6.conf.all.accept_redirectsCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.3 Ensure secure ICMP redirects are not accepted - files net.ipv4.conf.all.secure_redirects = 0CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.3 Ensure secure ICMP redirects are not accepted - net.ipv4.conf.default.secure_redirects = 0CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.5 Ensure broadcast ICMP requests are ignored - files net.ipv4.icmp_echo_ignore_broadcasts = 1CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.5 Ensure broadcast ICMP requests are ignored - files net.ipv4.icmp_echo_ignore_broadcasts = 1CIS Debian 8 Server L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.5 Ensure broadcast ICMP requests are ignored - net.ipv4.icmp_echo_ignore_broadcasts = 1CIS Debian 8 Server L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.6 Ensure bogus ICMP responses are ignoredCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.6 Ensure bogus ICMP responses are ignored - files net.ipv4.icmp_ignore_bogus_error_responses = 1CIS Debian 8 Server L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.6 Ensure bogus ICMP responses are ignored - net.ipv4.icmp_ignore_bogus_error_responses = 1CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.7 Ensure Reverse Path Filtering is enabled - files net.ipv4.conf.all.rp_filter = 1CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.7 Ensure Reverse Path Filtering is enabled - files net.ipv4.conf.default.rp_filter = 1CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.7 Ensure Reverse Path Filtering is enabled - net.ipv4.conf.all.rp_filter = 1CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.7 Ensure Reverse Path Filtering is enabled - net.ipv4.conf.default.rp_filter = 1CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.2 Ensure 'Idle timeout' is less than or equal to 10 minutes for SSH connectionsCIS F5 Networks v1.0.0 L1F5

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.4 Ensure 'Idle timeout' is less than or equal to 10 minutes for serial console sessionsCIS F5 Networks v1.0.0 L1F5

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.4.1.4 Ensure inactive password lock is 30 days or less - usersCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.3.4 Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configuredCIS Google Cloud Platform v3.0.0 L1GCP

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

Big Sur - Disable FaceTime.appNIST macOS Big Sur v1.4.0 - 800-171Unix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Big Sur - Disable FaceTime.appNIST macOS Big Sur v1.4.0 - 800-53r4 HighUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Big Sur - Disable FaceTime.appNIST macOS Big Sur v1.4.0 - CNSSI 1253Unix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Big Sur - Disable Messages AppNIST macOS Big Sur v1.4.0 - 800-53r4 HighUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Big Sur - Disable Messages AppNIST macOS Big Sur v1.4.0 - 800-53r4 ModerateUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Big Sur - Disable Messages AppNIST macOS Big Sur v1.4.0 - 800-53r5 HighUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Big Sur - Disable Messages AppNIST macOS Big Sur v1.4.0 - All ProfilesUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Big Sur - Disable Siri Setup during Setup AssistantNIST macOS Big Sur v1.4.0 - 800-171Unix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Big Sur - Disable Siri Setup during Setup AssistantNIST macOS Big Sur v1.4.0 - 800-53r4 ModerateUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Big Sur - Disable Siri Setup during Setup AssistantNIST macOS Big Sur v1.4.0 - CNSSI 1253Unix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Catalina - Disable FaceTime.appNIST macOS Catalina v1.5.0 - 800-53r4 HighUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Catalina - Disable Messages AppNIST macOS Catalina v1.5.0 - All ProfilesUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Catalina - Disable Messages AppNIST macOS Catalina v1.5.0 - 800-171Unix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Monterey - Disable SiriNIST macOS Monterey v1.0.0 - 800-171Unix

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

Monterey - Disable SiriNIST macOS Monterey v1.0.0 - 800-53r4 HighUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

Monterey - Disable SiriNIST macOS Monterey v1.0.0 - 800-53r4 ModerateUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

Monterey - Disable SiriNIST macOS Monterey v1.0.0 - 800-53r5 ModerateUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION