Item Search

Name	Audit Name	Plugin	Category
5.12 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL	Windows	CONFIGURATION MANAGEMENT
5.14 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL	Windows	CONFIGURATION MANAGEMENT
18.4.6 (L1) Ensure 'WDigest Authentication' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.5.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC	Windows	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller	Windows	CONFIGURATION MANAGEMENT
18.9.11.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.1.7 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.17 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.19 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.19 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.3.7 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'	CIS Windows 7 Workstation Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.3.7 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.39.2 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	CONFIGURATION MANAGEMENT
18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.9.2.6 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 11 Stand-alone v4.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.56.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	CONFIGURATION MANAGEMENT
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Windows Server 2012 R2 MS L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG	Windows	CONFIGURATION MANAGEMENT
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1	Windows	CONFIGURATION MANAGEMENT
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL	Windows	CONFIGURATION MANAGEMENT
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL	Windows	CONFIGURATION MANAGEMENT
Allow Trusted Locations on the network - ms project	MSCT M365 Apps for enterprise 2412 v1.0.0	Windows	CONFIGURATION MANAGEMENT
Apply UAC restrictions to local accounts on network logon	MSCT Windows 10 1803 v1.0.0	Windows	ACCESS CONTROL
Microsoft network server: Digitally sign communications (always)	MSCT Windows 11 v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Microsoft network server: Digitally sign communications (always)	MSCT Windows Server 1903 DC v1.19.9	Windows	IDENTIFICATION AND AUTHENTICATION
Microsoft network server: Digitally sign communications (always)	MSCT Windows Server 1903 MS v1.19.9	Windows	IDENTIFICATION AND AUTHENTICATION
Microsoft network server: Digitally sign communications (always)	MSCT Windows Server v1909 DC v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Microsoft network server: Digitally sign communications (always)	MSCT Windows Server v1909 MS v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Microsoft network server: Digitally sign communications (always)	MSCT Windows 11 v22H2 v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Microsoft network server: Digitally sign communications (always)	MSCT Windows 10 v1507 v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Microsoft network server: Digitally sign communications (always)	MSCT Windows 10 1903 v1.19.9	Windows	IDENTIFICATION AND AUTHENTICATION
Microsoft network server: Digitally sign communications (always)	MSCT Windows 10 v21H2 v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Microsoft network server: Digitally sign communications (always)	MSCT Windows Server v2004 MS v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
WG610 A22 - Web sites must utilize ports, protocols, and services according to PPSM guidelines.	DISA STIG Apache Site 2.2 Unix v1r11 Middleware	Unix
WN10-CC-000020 - IPv6 source routing must be configured to highest protection.	DISA Microsoft Windows 10 STIG v3r4	Windows	CONFIGURATION MANAGEMENT
WN11-CC-000020 - IPv6 source routing must be configured to highest protection.	DISA Microsoft Windows 11 STIG v2r3	Windows	CONFIGURATION MANAGEMENT
WN11-CC-000025 - The system must be configured to prevent IP source routing.	DISA Microsoft Windows 11 STIG v2r3	Windows	CONFIGURATION MANAGEMENT
WN16-CC-000070 - Windows Server 2016 must be configured to ignore NetBIOS name release requests except from WINS servers.	DISA Microsoft Windows Server 2016 STIG v2r10	Windows	SYSTEM AND COMMUNICATIONS PROTECTION

Detections

Analytics

Item Search