Item Search

Name	Audit Name	Plugin	Category
2.3.1 Ensure 'ENCRYPTION_SERVER' Is Set to 'REQUIRED'	CIS Oracle Server 18c Windows v1.1.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.5.4 Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only)	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.5.4 Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.5.4 Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only)	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.5.4 Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.3 Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.3 Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.6 Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.6 Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.6 Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.6 Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.6 Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.8.2 Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.8.2 Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.8.2 Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.8.2 Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.8.2 Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.2 Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.2 Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.2 Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.5.1.2.3 Ensure 'Enable RPC encryption' is set to 'Enabled'	CIS Microsoft Office Enterprise v1.2.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.5.14.2.4 Ensure 'Message Formats' is set to 'Enabled: S/MIME'	CIS Microsoft Office Enterprise v1.2.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.5.14.2.5 Ensure 'Minimum encryption settings' is set to 'Enabled: 256'	CIS Microsoft Office Enterprise v1.2.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
5.1 Do Not Specify Passwords in the Command Line	CIS PostgreSQL 13 DB v1.2.0	PostgreSQLDB	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
6.10 Ensure Weak SSL/TLS Ciphers Are Disabled	CIS PostgreSQL 13 OS v1.2.0	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.56.3.9.3 Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.56.3.9.4 Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.56.3.9.5 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.56.3.9.5 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.56.3.9.5 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.57.3.9.5 (L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'	CIS Windows Server 2012 MS L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
Big Sur - Limit SSH to FIPS 140 Validated Ciphers	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
Big Sur - Limit SSH to FIPS 140 Validated Ciphers	NIST macOS Big Sur v1.4.0 - 800-53r5 Low	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
Big Sur - Limit SSH to FIPS 140 Validated Ciphers	NIST macOS Big Sur v1.4.0 - All Profiles	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
Big Sur - Limit SSH to FIPS 140 Validated Ciphers	NIST macOS Big Sur v1.4.0 - CNSSI 1253	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
CASA-VN-000210 - The Cisco ASA must be configured to use a Diffie-Hellman (DH) Group of 16 or greater for Internet Key Exchange (IKE) Phase 1 - IKE Phase 1.	DISA STIG Cisco ASA VPN v2r2	Cisco	ACCESS CONTROL
CASA-VN-000550 - The Cisco ASA remote access VPN server must be configured to use TLS 1.2 or higher to protect the confidentiality of remote access connections.	DISA STIG Cisco ASA VPN v2r2	Cisco	ACCESS CONTROL
CASA-VN-000650 - The Cisco ASA VPN remote access server must be configured to use AES256 or greater encryption for the IPsec security association to protect the confidentiality of remote access sessions - AES encryption for the IPsec security association to protect the confidentiality of remote access sessions.	DISA STIG Cisco ASA VPN v2r2	Cisco	ACCESS CONTROL
Catalina - Limit SSH to FIPS 140 Validated Ciphers	NIST macOS Catalina v1.5.0 - All Profiles	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
Catalina - Limit SSH to FIPS 140 Validated Ciphers	NIST macOS Catalina v1.5.0 - 800-53r5 High	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
Catalina - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms	NIST macOS Catalina v1.5.0 - 800-53r4 High	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
Catalina - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
CNTR-K8-000180 - The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination.	DISA STIG Kubernetes v2r2	Unix	ACCESS CONTROL
EX19-MB-000006 - Exchange must use encryption for RPC client access.	DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2	Windows	ACCESS CONTROL
KNOX-07-017100 - The VPN client must be configured: 1. Disabled 2. Configured for container use only. 3. Configured for per app use.	MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1	MDM	ACCESS CONTROL
KNOX-07-017110 - The VPN client must be configured: 1. Disabled 2. Configured for container use only 3. Configured for per app use.	AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1	MDM	ACCESS CONTROL
KNOX-07-017110 - The VPN client must be configured: 1. Disabled 2. Configured for container use only 3. Configured for per app use.	MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1	MDM	ACCESS CONTROL
SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - server.connection.negotiated_cipher	DISA Symantec ProxySG Benchmark ALG v1r3	BlueCoat	ACCESS CONTROL

Detections

Analytics

Item Search