Item Search

Name	Audit Name	Plugin	Category
1.1 Ensure the appropriate MongoDB software version/patches are installed	CIS MongoDB 6 v1.2.0 L1 MongoDB	Windows	CONFIGURATION MANAGEMENT
1.3.1 Pre-authentication Banner	CIS Cisco NX-OS v1.2.0 L1	Cisco	ACCESS CONTROL, CONFIGURATION MANAGEMENT
1.4.1 Enable Password Complexity Requirements for Local Credentials	CIS Cisco NX-OS v1.2.0 L1	Cisco	IDENTIFICATION AND AUTHENTICATION
1.7.2 Disable iPXE (Pre-boot eXecution Environment)	CIS Cisco NX-OS v1.2.0 L2	Cisco	ACCESS CONTROL, CONFIGURATION MANAGEMENT
1.8 (L2) Host integrated hardware management controller must secure authentication	CIS VMware ESXi 8.0 v1.2.0 L2	VMware	ACCESS CONTROL
1.9.3 Configure source interface for SNMP Traps	CIS Cisco NX-OS v1.2.0 L1	Cisco	CONFIGURATION MANAGEMENT
1.9.4 Ensure Read Write privileges are not configured for SNMP	CIS Cisco NX-OS v1.2.0 L1	Cisco	CONFIGURATION MANAGEMENT, MAINTENANCE
1.10 (L2) Host hardware must enable Intel SGX, if available	CIS VMware ESXi 8.0 v1.2.0 L2	VMware	CONFIGURATION MANAGEMENT, MAINTENANCE
1.12 (L2) Host integrated hardware management controller must deactivate internal networking	CIS VMware ESXi 8.0 v1.2.0 L2	VMware	CONFIGURATION MANAGEMENT
2.3 Ensure authentication is enabled in the sharded cluster	CIS MongoDB 6 v1.2.0 L2 MongoDB	Windows	CONFIGURATION MANAGEMENT
2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only)	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only)	CIS Microsoft Windows Server 2025 v1.0.0 L1 MS	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only)	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.5 (L1) Host must only run binaries delivered via signed VIB	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
2.9 (L1) Host must not suppress warnings about unmitigated hyperthreading vulnerabilities	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	AUDIT AND ACCOUNTABILITY
2.10 (L1) Host must restrict inter-VM transparent page sharing	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
3.1 Ensure least privilege for database accounts	CIS MongoDB 6 v1.2.0 L1 MongoDB	MongoDB	ACCESS CONTROL
3.1.3.1 Set Interfaces with no Peers to Passive-Interface	CIS Cisco NX-OS v1.2.0 L1	Cisco	ACCESS CONTROL, CONFIGURATION MANAGEMENT
3.1.4.2 Create and use a single Loopback Address for Routing Protocol Peering	CIS Cisco NX-OS v1.2.0 L2	Cisco	ACCESS CONTROL, CONFIGURATION MANAGEMENT
3.1.4.3 Use Unicast Routing Protocols Only	CIS Cisco NX-OS v1.2.0 L2	Cisco	ACCESS CONTROL, CONFIGURATION MANAGEMENT
3.2 Ensure that role-based access control is enabled and configured appropriately - users	CIS MongoDB 5 L1 DB v1.2.0	MongoDB	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
3.2.5 Disable IP Source-Routing	CIS Cisco NX-OS v1.2.0 L1	Cisco	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account	CIS MongoDB 6 v1.2.0 L1 MongoDB	Unix	ACCESS CONTROL
3.4 (L1) Host must deactivate SLP	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT
3.4.1 Configure LLDP	CIS Cisco NX-OS v1.2.0 L1	Cisco	SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
3.4.2 Configure CDP	CIS Cisco NX-OS v1.2.0 L2	Cisco	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
3.5 (L1) Host must deactivate CIM	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT
3.5 Review Superuser/Admin Roles - readWriteAnyDatabase	CIS MongoDB 5 L2 DB v1.2.0	MongoDB	ACCESS CONTROL
3.6 (L1) Host should deactivate SNMP	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT
3.25 (L1) Host must display a login banner for SSH connections	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT, MAINTENANCE
4.4 (L1) Host must set the logging informational level to info	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	AUDIT AND ACCOUNTABILITY
4.11 (L1) Host must use strict x509 verification for TLS-enabled remote logging endpoints	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
5.3 (L1) Host must restrict use of the dvFilter network API	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
5.8 (L1) Host should reject promiscuous mode requests on standard virtual switches and port groups	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
5.9 (L1) Host must restrict access to a default or native VLAN on standard virtual switches	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
5.10 (L1) Host must restrict the use of Virtual Guest Tagging (VGT) on standard virtual switches	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
6.2.1 (L1) Host must isolate storage communications	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	SYSTEM AND COMMUNICATIONS PROTECTION
6.3 Ensure that server-side scripting is disabled if not needed	CIS MongoDB 6 v1.2.0 L2 MongoDB	Unix	CONFIGURATION MANAGEMENT
6.5.1 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated ciphers	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
6.5.2 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated cryptographic modules	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
6.5.3 (L1) Host SSH daemon, if enabled, must not allow use of gateway ports	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	CONFIGURATION MANAGEMENT
6.5.6 (L1) Host SSH daemon, if enabled, must set a timeout interval on idle sessions	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	CONFIGURATION MANAGEMENT, MAINTENANCE
6.5.9 (L1) Host SSH daemon, if enabled, must disable stream local forwarding	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	CONFIGURATION MANAGEMENT, MAINTENANCE
6.5.12 (L1) Host SSH daemon, if enabled, must not permit user environment settings	CIS VMware ESXi 8.0 v1.2.0 L1	Unix	CONFIGURATION MANAGEMENT, MAINTENANCE
7.7 (L1) Virtual machines must limit PCI/PCIe device passthrough functionality	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT
7.11 (L1) Virtual machines must remove unnecessary AHCI devices	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT
7.19 (L1) Virtual machines must deactivate console paste operations	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT
8.4 (L2) VMware Tools on deployed virtual machines must prevent being recustomized	CIS VMware ESXi 8.0 v1.2.0 L2	VMware	CONFIGURATION MANAGEMENT, MAINTENANCE
8.12 (L1) VMware Tools must limit the use of MSI transforms when reconfiguring VMware Tools	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT
8.13 (L1) VMware Tools must enable VMware Tools logging	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	AUDIT AND ACCOUNTABILITY

Detections

Analytics

Item Search