Item Search

Name	Audit Name	Plugin	Category
2.2.21 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests, Local account and member of Administrators group' (MS only)	CIS Windows Server 2012 R2 MS L1 v3.0.0	Windows	ACCESS CONTROL
2.2.21 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests' (DC only)	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
5.12 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1	Windows	CONFIGURATION MANAGEMENT
5.13 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	CONFIGURATION MANAGEMENT
5.13 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	CONFIGURATION MANAGEMENT
5.13 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1	Windows	CONFIGURATION MANAGEMENT
5.14 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1	Windows	CONFIGURATION MANAGEMENT
5.14 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG	Windows	CONFIGURATION MANAGEMENT
5.14 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	CONFIGURATION MANAGEMENT
5.14 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1	Windows	CONFIGURATION MANAGEMENT
5.14 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG	Windows	CONFIGURATION MANAGEMENT
5.14 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	CONFIGURATION MANAGEMENT
5.14 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG	Windows	CONFIGURATION MANAGEMENT
18.9.11.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	CIS Windows 7 Workstation Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.17 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.9.2.4 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 11 Stand-alone v4.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.56.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.56.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.56.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.56.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	CONFIGURATION MANAGEMENT
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2022 v4.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Windows Server 2012 MS L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	CONFIGURATION MANAGEMENT
20.27 Ensure 'Event Viewer must be protected from unauthorized modification and deletion'	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS	Windows	AUDIT AND ACCOUNTABILITY
20.30 Ensure 'FTP servers must be configured to prevent anonymous logons'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	CONFIGURATION MANAGEMENT
81.13 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Intune for Windows 11 v4.0.0 L1	Windows	CONFIGURATION MANAGEMENT
81.14 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'	CIS Microsoft Intune for Windows 10 v4.0.0 L1	Windows	CONFIGURATION MANAGEMENT
DTOO280 - Outlook must be configured to force authentication when connecting to an Exchange server.	DISA STIG Microsoft Outlook 2013 v1r14	Windows	IDENTIFICATION AND AUTHENTICATION
Network security: Do not store LAN Manager hash value on next password change	MSCT Windows 11 v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Network security: Do not store LAN Manager hash value on next password change	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Network security: Do not store LAN Manager hash value on next password change	MSCT Windows Server 2022 v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION

Detections

Analytics

Item Search