Item Search

Name	Audit Name	Plugin	Category
2.2.3 (L1) Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users' (MS only)	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
2.2.8 Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators' (DC only)	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC	Windows	ACCESS CONTROL
2.2.9 Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users' (MS only) - Administrators, Remote Desktop Users	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS	Windows	ACCESS CONTROL
2.2.12 (L1) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.14 (L1) Ensure 'Create a token object' is set to 'No One'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.24 (L1) Ensure 'Deny log on locally' to include 'Guests'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.28 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only)	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.40 (L1) Ensure 'Modify firmware environment values' is set to 'Administrators'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.45 (L1) Ensure 'Restore files and directories' is set to 'Administrators'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.4.2 (L1) Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.6.1 (L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.3 (L1) Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.6.4 (L1) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.7.6 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.11.10 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.15.1 (L1) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.4.1 (L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.4.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.8.22.1.5 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.8.34.6.1 (L1) Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
18.8.36.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.9.8.1 (L1) Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	MEDIA PROTECTION
18.9.8.3 (L1) Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	MEDIA PROTECTION
18.9.16.1 (L1) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
18.9.25.1 (L1) Ensure 'EMET 5.52' or higher is installed	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	SYSTEM AND INFORMATION INTEGRITY
18.9.25.8 (L1) Ensure 'System SEHOP' is set to 'Enabled: Application Opt-Out'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	SYSTEM AND INFORMATION INTEGRITY
18.9.27.3.2 (L1) Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
18.9.27.4.2 (L1) Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
18.9.59.3.2.1 (L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'	CIS Microsoft Windows 8.1 v2.4.1 L2	Windows	CONFIGURATION MANAGEMENT
18.9.59.3.2.1 Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	CONFIGURATION MANAGEMENT
18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.9.65.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.9.90.2 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
18.9.102.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.9.108.1.1 (L1) Ensure 'Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
18.9.108.1.4 (L1) Ensure 'Reschedule Automatic Updates scheduled installations' is set to 'Enabled: 1 minute'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
18.9.108.2.2 (L1) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
18.10.43.10.1 (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'	CIS Windows Server 2012 R2 MS L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.56.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.56.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2022 v4.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
19.1.3.2 (L1) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
19.1.3.3 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'	CIS Windows Server 2012 MS L1 v3.0.0	Windows	ACCESS CONTROL
19.1.3.3 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
19.1.3.4 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
20.10 Ensure 'Active Directory SYSVOL directory must have the proper access control permissions' (STIG DC only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC	Windows	ACCESS CONTROL

Detections

Analytics

Item Search