Item Search

Name	Audit Name	Plugin	Category
1.1 Verify all application software is current	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	SYSTEM AND INFORMATION INTEGRITY
1.1.3 Ensure 'Enable Log on High DP Load' is enabled	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	AUDIT AND ACCOUNTABILITY
1.2 Enable Auto Update	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	SYSTEM AND INFORMATION INTEGRITY
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	ACCESS CONTROL
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	CONFIGURATION MANAGEMENT
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	ACCESS CONTROL
1.4 Enable system data files and security update installs - 'CriticalUpdateInstall'	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	SYSTEM AND INFORMATION INTEGRITY
1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	CONFIGURATION MANAGEMENT
2.1.3 Show Bluetooth status in menu bar	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
2.3.1 Set an inactivity interval of 20 minutes or less for the screen saver	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	ACCESS CONTROL
2.4.3 Disable Screen Sharing	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
2.6.1 Enable FileVault - Encryption Type	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
2.6.2 Enable Gatekeeper	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
2.6.4 Enable Firewall Stealth Mode	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
2.7 Ensure remote access capabilities for the User-ID service account are forbidden.	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
2.9 Pair the remote control infrared receiver if enabled - 'DeviceEnabled = 0'	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
3.1 Ensure a fully-synchronized High Availability peer is configured	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	SYSTEM AND INFORMATION INTEGRITY
3.1.1 Retain system.log for 90 or more days	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	AUDIT AND ACCOUNTABILITY
3.1.2 Retain appfirewall.log for 90 or more days	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	AUDIT AND ACCOUNTABILITY
4.4 Ensure http server is not running	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
5.2.3 Complex passwords must contain an Alphabetic Character - 'RequiresAlpha'	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix
5.2.7 Password Age	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	IDENTIFICATION AND AUTHENTICATION
5.5 Ensure alerts are enabled for malicious files detected by WildFire	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	SYSTEM AND INFORMATION INTEGRITY
5.8 Disable automatic login	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	ACCESS CONTROL
5.11 Disable ability to login to another user's active and locked session	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	ACCESS CONTROL
5.12 Create a custom message for the Login Screen	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	ACCESS CONTROL
5.36 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
5.37 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
6.1.3 Disable guest account login	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	ACCESS CONTROL
6.2 Ensure a secure antivirus profile is applied to all relevant security policies	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	SYSTEM AND INFORMATION INTEGRITY
6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threats	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	SYSTEM AND INFORMATION INTEGRITY
6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	SYSTEM AND INFORMATION INTEGRITY
6.13 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	AUDIT AND ACCOUNTABILITY
6.21 Ensure that 'Wildfire Inline ML' on antivirus profiles are set to enable for all file types	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	SYSTEM AND INFORMATION INTEGRITY
6.24 Ensure that 'Inline Cloud Analysis' on Anti-Spyware profiles are enabled if 'Advanced Threat Prevention' is available	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	SYSTEM AND INFORMATION INTEGRITY
6.25 Ensure that 'DNS Policies' is configured on Anti-Spyware profiles if 'DNS Security' license is available	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY
7.2 Ensure 'Service setting of ANY' in a security policy allowing traffic does not exist	CIS Palo Alto Firewall 10 v1.2.0 L1	Palo_Alto	ACCESS CONTROL, MEDIA PROTECTION
18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1	Windows	ACCESS CONTROL
18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG	Windows	ACCESS CONTROL
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Microsoft Windows 11 Stand-alone v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT
18.8.4.1 Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'	CIS Microsoft Windows Server 2022 v4.0.0 L1 MS	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'	CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'	CIS Microsoft Windows Server 2016 v4.0.0 L1 MS	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'	CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L1 MS	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
19.1.3.2 Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	ACCESS CONTROL

Detections

Analytics

Item Search