Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.1.2 Ensure 'Retain deleted items for the specified number of days' is set to '14'CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0Windows

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

2.2.1.1 Set 'ntp authenticate'CIS Cisco IOS XR 7.x v1.0.1 L2Cisco

AUDIT AND ACCOUNTABILITY

2.2.9 Ensure 'External send connector authentication: IgnoreStartTLS' is set to 'False'CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.1.1 Set 'ntp authenticate'CIS Cisco IOS XE 16.x v2.1.0 L2Cisco

AUDIT AND ACCOUNTABILITY

2.3.2 Ensure 'Enable OOF messages to remote domains' is set to 'None'CIS Microsoft Exchange Server 2019 L2 Mailbox v1.0.0Windows

CONFIGURATION MANAGEMENT

2.3.3 Ensure 'Enable automatic replies to remote domains' is set to 'False'CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0Windows

CONFIGURATION MANAGEMENT

3.1 Ensure 'Allow simple passwords' is set to 'False'CIS Microsoft Exchange Server 2019 L1 MDM v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

3.1 Ensure a fully-synchronized High Availability peer is configuredCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

CONFIGURATION MANAGEMENT

3.1.1 - AirWatch - Enable 'Require password'AirWatch - CIS Apple iOS 8 v1.0.0 L1MDM

ACCESS CONTROL

3.1.3 Set 'no interface tunnel'CIS Cisco IOS XE 17.x v2.2.0 L1Cisco

CONFIGURATION MANAGEMENT

3.1.5 - AirWatch - Set the 'timeout' for 'Time without user input before password must be re-entered (in minutes)'AirWatch - CIS Apple iOS 9 v1.0.0 L1MDM

ACCESS CONTROL

3.2.1 (L1) Ensure DLP policies are enabledCIS Microsoft 365 Foundations v5.0.0 L1 E3microsoft_azure

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

3.2.1 Ensure dccp kernel module is not availableCIS Ubuntu Linux 24.04 LTS v1.0.0 L2 ServerUnix

CONFIGURATION MANAGEMENT

3.2.1 Ensure dccp kernel module is not availableCIS Red Hat Enterprise Linux 7 v4.0.0 L2 WorkstationUnix

CONFIGURATION MANAGEMENT

3.2.1 Ensure dccp kernel module is not availableCIS Rocky Linux 9 v2.0.0 L2 ServerUnix

CONFIGURATION MANAGEMENT

3.2.1 Ensure dccp kernel module is not availableCIS Red Hat Enterprise Linux 9 v2.0.0 L2 WorkstationUnix

CONFIGURATION MANAGEMENT

3.2.1 Ensure dccp kernel module is not availableCIS Debian Linux 12 v1.1.0 L2 ServerUnix

CONFIGURATION MANAGEMENT

3.2.1 Ensure dccp kernel module is not availableCIS Red Hat EL8 Server L2 v3.0.0Unix

CONFIGURATION MANAGEMENT

3.2.1 Ensure dccp kernel module is not availableCIS Rocky Linux 8 Server L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

3.7 Ensure 'Refresh interval' is set to '1'CIS Microsoft Exchange Server 2019 L1 MDM v1.0.0Windows

ACCESS CONTROL

3.10 Ensure 'Require password' is set to 'True'CIS Microsoft Exchange Server 2019 L1 MDM v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

4.1.6 Ensure custom Diffie-Hellman parameters are usedCIS NGINX Benchmark v2.1.0 L1 LoadbalancerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.35.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.35.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BLWindows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.44.1 (NG) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 NGWindows

AUDIT AND ACCOUNTABILITY

18.10.44.1 (NG) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 NGWindows

AUDIT AND ACCOUNTABILITY

EX16-MB-000420 - The Exchange Send connector connections count must be limited.DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX19-MB-000048 - Exchange queue monitoring must be configured with threshold and action.DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2Windows

AUDIT AND ACCOUNTABILITY

MS.EXO.1.1v1 - Automatic forwarding to external domains SHALL be disabled.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.2.2v2 - An SPF policy SHALL be published for each domain that fails all non-approved senders.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.4.1v1 - A DMARC policy SHALL be published for every second-level domain.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.4.2v1 - The DMARC message rejection option SHALL be p=reject.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.7.1v1 - External sender warnings SHALL be implemented.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.8.4v1 - At a minimum, the DLP solution SHALL restrict sharing credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) via email.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.10.3v1 - Email scanning SHALL be capable of reviewing emails after delivery.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.14.1v2 - A spam filter SHALL be enabled.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.14.2v1 - Spam and high confidence spam SHALL be moved to either the junk email folder or the quarantine folder.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.16.2v1 - The alerts SHOULD be sent to a monitored address or incorporated into a security information and event management (SIEM) system.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

MS.EXO.17.1v1 - Microsoft Purview Audit (Standard) logging SHALL be enabled.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

MS.EXO.17.2v1 - Microsoft Purview Audit (Premium) logging SHALL be enabled.CISA SCuBA Microsoft 365 Exchange Online v1.5.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

O121-P2-012800 - The DBMS must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).DISA STIG Oracle 12c v3r2 DatabaseOracleDB

IDENTIFICATION AND AUTHENTICATION

Prevent ignoring certificate errorsMSCT Windows 10 1903 v1.19.9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Prevent ignoring certificate errorsMSCT Windows 10 1909 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Prevent ignoring certificate errorsMSCT Windows Server 2025 MS v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Prevent ignoring certificate errorsMSCT MSCT Windows Server 2022 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

SPLK-CL-000170 - Splunk Enterprise must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) of all audit failure events, such as loss of communications with hosts and devices, or if log records are no longer being received.DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST APISplunk

AUDIT AND ACCOUNTABILITY

VCLD-80-000040 The vCenter VAMI service must restrict access to the web server's private key.DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1Unix

IDENTIFICATION AND AUTHENTICATION

WN19-DC-000340 - Windows Server 2019 Access this computer from the network user right must only be assigned to the Administrators, Authenticated Users, and Enterprise Domain Controllers groups on domain controllers.DISA Microsoft Windows Server 2019 STIG v3r4Windows

ACCESS CONTROL

WN19-MS-000100 - Windows Server 2019 'Deny log on as a service' user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts. No other groups or accounts must be assigned this right.DISA Microsoft Windows Server 2019 STIG v3r4Windows

ACCESS CONTROL

WN22-PK-000010 - Windows Server 2022 must have the DoD Root Certificate Authority (CA) certificates installed in the Trusted Root Store.DISA Microsoft Windows Server 2022 STIG v2r4Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION