Item Search

NameAudit NamePluginCategory
ESXI-70-000008 - The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via Secure Shell (SSH).DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

ACCESS CONTROL

ESXI-70-000025 - The ESXi host Secure Shell (SSH) daemon must not permit tunnels.DISA STIG VMware vSphere 7.0 ESXi OS v1r4Unix

CONFIGURATION MANAGEMENT

ESXI-70-000045 - The ESXi host must enable a persistent log location for all locally stored logs.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

AUDIT AND ACCOUNTABILITY

ESXI-70-000048 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-70-000059 - All port groups on standard switches must be configured to reject forged transmits.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

CONFIGURATION MANAGEMENT

ESXI-70-000076 - The ESXi host must enable Secure Boot.DISA STIG VMware vSphere 7.0 ESXi OS v1r4Unix

CONFIGURATION MANAGEMENT

ESXI-70-000083 - The ESXi host OpenSLP service must be disabled.DISA STIG VMware vSphere 7.0 ESXi OS v1r4Unix

CONFIGURATION MANAGEMENT

ESXI-70-000085 - The ESXi host must enable strict x509 verification for SSL syslog endpoints.DISA STIG VMware vSphere 7.0 ESXi OS v1r4Unix

CONFIGURATION MANAGEMENT

ESXI-70-000093 - The ESXi host must not be configured to override virtual machine (VM) logger settings.DISA STIG VMware vSphere 7.0 ESXi OS v1r4Unix

CONFIGURATION MANAGEMENT

ESXI-80-000010 - The ESXi host client must be configured with an idle session timeout.DISA VMware vSphere 8.0 ESXi STIG v2r3VMware

ACCESS CONTROL

ESXI-80-000160 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic.DISA VMware vSphere 8.0 ESXi STIG v2r3VMware

SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-80-000191 - The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via Secure Shell (SSH).DISA VMware vSphere 8.0 ESXi STIG v2r3VMware

ACCESS CONTROL

ESXI-80-000234 - The ESXi host must enable strict x509 verification for SSL syslog endpoints.DISA VMware vSphere 8.0 ESXi STIG v2r3VMware

CONFIGURATION MANAGEMENT

FFOX-00-000010 - Firefox must be configured to prevent JavaScript from moving or resizing windows.DISA STIG Mozilla Firefox Linux v6r6Unix

CONFIGURATION MANAGEMENT

FFOX-00-000026 - Firefox extension recommendations must be disabled.DISA STIG Mozilla Firefox Linux v6r6Unix

CONFIGURATION MANAGEMENT

FFOX-00-000029 - The Firefox New Tab page must not show Top Sites, Sponsored Top Sites, Pocket Recommendations, Sponsored Pocket Stories, Searches, Highlights, or Snippets.DISA STIG Mozilla Firefox Linux v6r6Unix

CONFIGURATION MANAGEMENT

FFOX-00-000034 - Firefox accounts must be disabled.DISA STIG Mozilla Firefox Linux v6r6Unix

CONFIGURATION MANAGEMENT

FFOX-00-000039 - Firefox Studies must be disabled.DISA STIG Mozilla Firefox Linux v6r6Unix

CONFIGURATION MANAGEMENT

WN11-00-000025 - Windows 11 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: Continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-00-000032 - Windows 11 systems must use a BitLocker PIN with a minimum length of six digits for pre-boot authentication.DISA Microsoft Windows 11 STIG v2r3Windows

IDENTIFICATION AND AUTHENTICATION

WN11-00-000120 - The TFTP Client must not be installed on the system.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-00-000230 - The system must notify the user when a Bluetooth device attempts to connect.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-AC-000010 - The number of allowed bad logon attempts must be configured to three or less.DISA Microsoft Windows 11 STIG v2r3Windows

ACCESS CONTROL

WN11-AU-000083 - Windows 11 must be configured to audit Object Access - Other Object Access Events successes.DISA Microsoft Windows 11 STIG v2r3Windows

AUDIT AND ACCOUNTABILITY

WN11-AU-000107 - The system must be configured to audit Policy Change - Authorization Policy Change successes.DISA Microsoft Windows 11 STIG v2r3Windows

AUDIT AND ACCOUNTABILITY

WN11-AU-000130 - The system must be configured to audit System - Other System Events successes.DISA Microsoft Windows 11 STIG v2r3Windows

AUDIT AND ACCOUNTABILITY

WN11-AU-000520 - Windows 11 permissions for the Security event log must prevent access by non-privileged accounts.DISA Microsoft Windows 11 STIG v2r3Windows

AUDIT AND ACCOUNTABILITY

WN11-AU-000580 - Windows 11 must be configured to audit MPSSVC Rule-Level Policy Change Failures.DISA Microsoft Windows 11 STIG v2r3Windows

AUDIT AND ACCOUNTABILITY

WN11-CC-000005 - Camera access from the lock screen must be disabled.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-CC-000020 - IPv6 source routing must be configured to highest protection.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-CC-000050 - Hardened UNC Paths must be defined to require mutual authentication and integrity for at least the \\*\SYSVOL and \\*\NETLOGON shares.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-CC-000070 - Virtualization-based Security must be enabled on Windows 11 with the platform security level configured to Secure Boot or Secure Boot with DMA Protection.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-CC-000195 - Enhanced anti-spoofing for facial recognition must be enabled on Windows 11.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-CC-000204 - Enhanced diagnostic data must be limited to the minimum required to support Windows Analytics.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-CC-000255 - The use of a hardware security device with Windows Hello for Business must be enabled.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-CC-000260 - Windows 11 must be configured to require a minimum pin length of six characters or greater.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-CC-000327 - PowerShell Transcription must be enabled on Windows 11.DISA Microsoft Windows 11 STIG v2r3Windows

AUDIT AND ACCOUNTABILITY

WN11-CC-000365 - Windows 11 must be configured to prevent Windows apps from being activated by voice while the system is locked.DISA Microsoft Windows 11 STIG v2r3Windows

ACCESS CONTROL

WN11-SO-000060 - The system must be configured to require a strong session key.DISA Microsoft Windows 11 STIG v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN11-SO-000215 - The system must be configured to meet the minimum session security requirement for NTLM SSP based clients.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-SO-000250 - User Account Control must prompt administrators for consent on the secure desktop.DISA Microsoft Windows 11 STIG v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN11-SO-000260 - User Account Control must be configured to detect application installations and prompt for elevation.DISA Microsoft Windows 11 STIG v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN11-SO-000270 - User Account Control must run all administrators in Admin Approval Mode, enabling UAC.DISA Microsoft Windows 11 STIG v2r3Windows

IDENTIFICATION AND AUTHENTICATION

WN11-UC-000020 - Zone information must be preserved when saving attachments.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-UR-000075 - The 'Deny log on as a batch job' user right on domain-joined workstations must be configured to prevent access from highly privileged domain accounts.DISA Microsoft Windows 11 STIG v2r3Windows

ACCESS CONTROL

WN22-MS-000090 - Windows Server 2022 Deny log on as a batch job user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and from unauthenticated access on all systems.DISA Microsoft Windows Server 2022 STIG v2r4Windows

ACCESS CONTROL

WN22-SO-000150 - Windows Server 2022 Smart Card removal option must be configured to Force Logoff or Lock Workstation.DISA Microsoft Windows Server 2022 STIG v2r4Windows

CONFIGURATION MANAGEMENT

WN22-SO-000390 - Windows Server 2022 UIAccess applications must not be allowed to prompt for elevation without using the secure desktop.DISA Microsoft Windows Server 2022 STIG v2r4Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN22-SO-000440 - Windows Server 2022 User Account Control (UAC) must run all administrators in Admin Approval Mode, enabling UAC.DISA Microsoft Windows Server 2022 STIG v2r4Windows

IDENTIFICATION AND AUTHENTICATION

WN22-UR-000030 - Windows Server 2022 Allow log on locally user right must only be assigned to the Administrators group.DISA Microsoft Windows Server 2022 STIG v2r4Windows

ACCESS CONTROL