Item Search

Name	Audit Name	Plugin	Category
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
2.2.6 (L1) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.15 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.29 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.40 (L1) Ensure 'Modify firmware environment values' is set to 'Administrators'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.6.5 (L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.7.3 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC	Windows	ACCESS CONTROL
2.3.10.4 (L2) Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.17.6 (L1) Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC	Windows	ACCESS CONTROL
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.1.5 (L1) Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater'	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.1.7 (L1) Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
9.3.6 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log'	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.3.9 (L1) Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
17.5.1 (L1) Ensure 'Audit Account Lockout' is set to include 'Failure'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
17.7.1 (L1) Ensure 'Audit Audit Policy Change' is set to include 'Success'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
17.7.4 (L1) Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
18.1.3 (L2) Ensure 'Allow Online Tips' is set to 'Disabled'	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT, RISK ASSESSMENT
18.4.4 (L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes'	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
18.5.12 (L1) Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
18.6.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.7.6 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.8.1.1 (L2) Ensure 'Turn off notifications network usage' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.9.5.2 (NG) Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot' or higher	CIS Microsoft Windows Server 2025 v1.0.0 NG DC	Windows	SYSTEM AND INFORMATION INTEGRITY
18.9.5.3 (NG) Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock'	CIS Microsoft Windows Server 2025 v1.0.0 NG DC	Windows	SYSTEM AND INFORMATION INTEGRITY
18.9.5.6 (NG) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Disabled' (DC Only)	CIS Microsoft Windows Server 2025 v1.0.0 NG DC	Windows	SYSTEM AND INFORMATION INTEGRITY
18.9.20.1.2 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.9.20.1.12 (L2) Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.9.26.2 (NG) Ensure 'Configures LSASS to run as a protected process' is set to 'Enabled: Enabled with UEFI Lock'	CIS Microsoft Windows Server 2025 v1.0.0 NG DC	Windows	SYSTEM AND INFORMATION INTEGRITY
18.9.27.2 (L1) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.9.27.5 (L1) Ensure 'Turn off picture password sign-in' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.9.33.6.2 (L2) Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled'	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.10.7.3 (L1) Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	MEDIA PROTECTION
18.10.26.3.1 (L1) Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
18.10.43.6.1.1 (L1) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.43.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.43.11.1.1.1 (L2) Ensure 'Configure Brute-Force Protection aggressiveness' is set to 'Enabled: Medium' or higher	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.57.3.3.4 (L2) Ensure 'Do not allow location redirection' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.10.57.3.3.7 (L2) Ensure 'Do not allow WebAuthn redirection' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.10.81.3 (L2) Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled'	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.10.82.1 (L1) Ensure 'Sign-in and lock last interactive user automatically after a restart' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.10.87.2 (L1) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.10.87.2 (L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	AUDIT AND ACCOUNTABILITY
18.10.89.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled'	CIS Microsoft Windows Server 2025 v1.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.10.93.2.2 (L1) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
19.1.3.1 (L1) Ensure 'Enable screen saver' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
19.7.25.1 (L1) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL, MEDIA PROTECTION

Detections

Analytics

Item Search