Item Search

NameAudit NamePluginCategory
1.1.12 Add noexec Option to Removable Media PartitionsCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.13 Add nosuid Option to Removable Media PartitionsCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.2 Ensure the container host has been HardenedCIS Docker Community Edition v1.1.0 L1 Linux Host OSUnix

CONFIGURATION MANAGEMENT

2.2.45 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

2.2.46 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL

2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (STIG only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

2.8.1.1 Ensure the OS Is Not Active When Resuming from Standby (Intel)CIS Apple macOS 11.0 Big Sur v4.0.0 L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.17 Secure permissions for the primary archive log location - LOGARCHMETH1 OS PermissionsCIS IBM DB2 v10 v1.1.0 Windows OS Level 1Windows

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

3.1.18 Secure permissions for the secondary archive log location - LOGARCHMETH2 OS PermissionsCIS IBM DB2 v10 v1.1.0 Windows OS Level 2Windows

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS PermissionCIS IBM DB2 v10 v1.1.0 Linux OS Level 1Unix
3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS PermissionsCIS IBM DB2 v10 v1.1.0 Windows OS Level 1Windows
3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS PermissionsCIS IBM DB2 v10 v1.1.0 Windows OS Level 2Windows
18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

ALMA-09-006840 - AlmaLinux OS 9 must have the sudo package installed.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

ACCESS CONTROL

ALMA-09-006845 - AlmaLinux OS 9 must have the postfix package installed.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

ACCESS CONTROL

ALMA-09-007610 - AlmaLinux OS 9 must automatically lock the root account until the root account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

ACCESS CONTROL

ALMA-09-019380 - AlmaLinux OS 9 must log packets with impossible addresses.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

CONFIGURATION MANAGEMENT

ALMA-09-029720 - AlmaLinux OS 9 must be configured to disable Bluetooth.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

CONFIGURATION MANAGEMENT

ALMA-09-031700 - AlmaLinux OS 9 must have the firewalld package installed.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

ALMA-09-034120 - AlmaLinux OS 9 SSHD must not allow blank passwords.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

IDENTIFICATION AND AUTHENTICATION

ALMA-09-041490 - AlmaLinux OS 9 systemd-journald service must be enabled.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

ALMA-09-042040 - AlmaLinux OS 9 must have the policycoreutils package installed.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

ALMA-09-047980 - AlmaLinux OS 9 must enable auditing of processes that start prior to the audit daemon.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

ALMA-09-055240 - AlmaLinux OS 9 must have the chrony package installed.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

AUDIT AND ACCOUNTABILITY

ARST-L2-000060 - The Arista MLS layer 2 switch must have BPDU Guard enabled on all switch ports connecting to access layer switches and hosts.DISA STIG Arista MLS EOS 4.2x L2S v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

ARST-L2-000220 - The Arista MLS layer 2 switch must have the native VLAN assigned to an ID other than the default VLAN for all 802.1q trunk links.DISA STIG Arista MLS EOS 4.2x L2S v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

DO0145-ORACLE11 - OS DBA group membership should be restricted to authorized accounts.DISA STIG Oracle 11 Installation v9r1 WindowsWindows

ACCESS CONTROL

GEN005507 - The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.DISA STIG Solaris 10 X86 v2r4Unix

ACCESS CONTROL

GEN005507 - The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.DISA STIG Solaris 10 SPARC v2r4Unix

ACCESS CONTROL

JUEX-L2-000010 - The Juniper EX switch must be configured to disable non-essential capabilities.DISA Juniper EX Series Layer 2 Switch v2r2Juniper

CONFIGURATION MANAGEMENT

JUEX-L2-000160 - The Juniper EX switch must be configured to enable IGMP or MLD Snooping on all VLANs.DISA Juniper EX Series Layer 2 Switch v2r2Juniper

CONFIGURATION MANAGEMENT

JUEX-L2-000230 - The Juniper EX switch must be configured to set all user-facing or untrusted ports as access interfaces.DISA Juniper EX Series Layer 2 Switch v2r2Juniper

CONFIGURATION MANAGEMENT

MYS8-00-003100 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify categories of information (e.g., classification levels/security levels) occur.DISA Oracle MySQL 8.0 v2r2 DBMySQLDB

AUDIT AND ACCOUNTABILITY

MYS8-00-007400 - The MySQL Database Server 8.0 and associated applications must reserve the use of dynamic code execution for situations that require it.DISA Oracle MySQL 8.0 v2r2 DBMySQLDB

SYSTEM AND INFORMATION INTEGRITY

MYS8-00-009900 - The MySQL Database Server 8.0 must provide an immediate real-time alert to appropriate support staff of all audit log failures.DISA Oracle MySQL 8.0 v2r2 DBMySQLDB

AUDIT AND ACCOUNTABILITY

MYS8-00-010500 - The MySQL Database Server 8.0 must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.DISA Oracle MySQL 8.0 v2r2 DBMySQLDB

ACCESS CONTROL

O121-C2-018600 - The DBMS must automatically terminate emergency accounts after an organization-defined time period for each type of account.DISA STIG Oracle 12c v3r2 DatabaseOracleDB

CONFIGURATION MANAGEMENT

RHEL-09-212055 - RHEL 9 must enable auditing of processes that start prior to the audit daemon.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

SLES-15-030080 - The SUSE operating system must generate audit records for all uses of the gpasswd command.DISA SLES 15 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

SLES-15-030470 - The SUSE operating system must generate audit records for all modifications to the tallylog file must generate an audit record.DISA SLES 15 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

SLES-15-030480 - The SUSE operating system must generate audit records for all modifications to the lastlog file.DISA SLES 15 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

SRG-OS-99999-ESXI5-000143 - The system must enable SSL for NFC.DISA STIG VMWare ESXi Server 5 STIG v2r1VMware

CONFIGURATION MANAGEMENT

UBTU-16-020400 - Successful/unsuccessful uses of the ssh-agent command must generate an audit record.DISA STIG Ubuntu 16.04 LTS v2r3Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

UBTU-16-020460 - The audit system must be configured to audit any usage of the setxattr system call - root b32DISA STIG Ubuntu 16.04 LTS v2r3Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

UBTU-16-020530 - Successful/unsuccessful uses of the fchown command must generate an audit record - b64DISA STIG Ubuntu 16.04 LTS v2r3Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

UBTU-16-020560 - Successful/unsuccessful uses of the chmod command must generate an audit record.DISA STIG Ubuntu 16.04 LTS v2r3Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

UBTU-16-020590 - Successful/unsuccessful uses of the open command must generate an audit record - EPERM b64DISA STIG Ubuntu 16.04 LTS v2r3Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

UBTU-16-020730 - Successful/unsuccessful modifications to the tallylog file must generate an audit record.DISA STIG Ubuntu 16.04 LTS v2r3Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE

UBTU-16-020770 - Successful/unsuccessful uses of the unix_update command must generate an audit record.DISA STIG Ubuntu 16.04 LTS v2r3Unix

AUDIT AND ACCOUNTABILITY, MAINTENANCE