Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

IDENTIFICATION AND AUTHENTICATION

2.2.36 (L2) Ensure 'Log on as a batch job' is set to 'Administrators' (DC Only)CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1Windows

ACCESS CONTROL

2.3.6.4 Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'CIS Windows 7 Workstation Level 1 v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION

2.3.6.4 Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION

2.3.10.4 (L2) Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1Windows

IDENTIFICATION AND AUTHENTICATION

9.2.5 (L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION

9.3.6 (L1) Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.1.2 (L1) Ensure 'Audit Kerberos Authentication Service' is set to 'Success and Failure' (DC Only)CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.6.3 (L1) Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.7.2 (L1) Ensure 'Audit Authentication Policy Change' is set to include 'Success'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.7.3 (L1) Ensure 'Audit Authorization Policy Change' is set to include 'Success'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.3.7 (L1) Ensure 'Limits print driver installation to Administrators' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

SYSTEM AND INFORMATION INTEGRITY

18.4.1 (L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.4.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.4.12 (L1) Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.5.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.5.20.2 (L2) Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.21.4 (L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.22.1.8 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.22.1.10 (L2) Ensure 'Turn off the 'Order Prints' picture task' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.22.1.11 (L2) Ensure 'Turn off the 'Publish to Web' task for files and folders' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.22.1.14 (L2) Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.25.2 (L1) Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings)CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

SYSTEM AND INFORMATION INTEGRITY

18.9.25.4 (L1) Ensure 'Default Protections for Popular Software' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

SYSTEM AND INFORMATION INTEGRITY

18.9.27.1.1 (L1) Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.9.27.2.1 (L1) Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.9.27.3.1 (L1) Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.9.31.4 (L1) Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

18.9.47.4.1 (L2) Ensure 'Join Microsoft MAPS' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.65.3.9.3 (L1) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.65.3.10.2 (L2) Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1Windows

ACCESS CONTROL

18.9.90.3 (L2) Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.100.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.9.102.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.108.1.4 (L1) Ensure 'Reschedule Automatic Updates scheduled installations' is set to 'Enabled: 1 minute'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.9.108.2.2 (L1) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

19.1.3.3 (L1) Ensure 'Password protect the screen saver' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL

19.7.28.1 (L1) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, MEDIA PROTECTION

CISC-ND-001150 - The Cisco router must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.DISA Cisco IOS XE Router NDM STIG v3r4Cisco

IDENTIFICATION AND AUTHENTICATION

SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUPDISA STIG SQL Server 2014 Instance DB Audit v2r4MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - DATABASE_PERMISSION_CHANGE_GROUPDISA STIG SQL Server 2014 Instance DB Audit v2r4MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - DATABASE_ROLE_MEMBER_CHANGE_GROUPDISA STIG SQL Server 2014 Instance DB Audit v2r4MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 42DISA STIG SQL Server 2014 Instance DB Audit v2r4MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 105DISA STIG SQL Server 2014 Instance DB Audit v2r4MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 110DISA STIG SQL Server 2014 Instance DB Audit v2r4MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - Event ID 173DISA STIG SQL Server 2014 Instance DB Audit v2r4MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-036900 - SQL Server must generate Trace or Audit records when privileges/permissions are deleted - SCHEMA_OBJECT_ACCESS_GROUPDISA STIG SQL Server 2014 Instance DB Audit v2r4MS_SQLDB

AUDIT AND ACCOUNTABILITY