Item Search

Name	Audit Name	Plugin	Category
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmod	CIS Debian 8 Server L1 v2.0.2	Unix	CONFIGURATION MANAGEMENT
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobe	CIS Debian 8 Server L1 v2.0.2	Unix	CONFIGURATION MANAGEMENT
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobe	CIS Debian 8 Workstation L1 v2.0.2	Unix	CONFIGURATION MANAGEMENT
1.1.9 Ensure noexec option set on /var/tmp partition	CIS Debian 8 Server L1 v2.0.2	Unix	CONFIGURATION MANAGEMENT
1.1.16 Ensure noexec option set on /dev/shm partition	CIS Debian 8 Server L1 v2.0.2	Unix	CONFIGURATION MANAGEMENT
1.1.19 Ensure noexec option set on removable media partitions	CIS Debian 8 Workstation L1 v2.0.2	Unix	CONFIGURATION MANAGEMENT
2.5 (L1) Host must only run binaries delivered via signed VIB	CIS VMware ESXi 8.0 v1.2.0 L1	VMware	CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
2.5.4 Audit Location Services Access	CIS Apple macOS 12.0 Monterey v4.0.0 L2	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.5.4 Audit Location Services Access	CIS Apple macOS 10.14 v2.0.0 L2	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.5.4 Audit Location Services Access	CIS Apple macOS 11.0 Big Sur v4.0.0 L2	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.5.4 Audit Location Services Access	CIS Apple macOS 10.15 Catalina v3.0.0 L2	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.6.1.1 Audit iCloud Configuration	CIS Apple macOS 10.14 v2.0.0 L2	Unix	ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.6.1.3 Audit Location Services Access	CIS Apple macOS 14.0 Sonoma v2.1.0 L2	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.6.1.3 Audit Location Services Access	CIS Apple macOS 15.0 Sequoia v1.1.0 L2	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.6.1.3 Audit Location Services Access	CIS Apple macOS 13.0 Ventura v3.1.0 L2	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.1.2 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1	Unix	CONFIGURATION MANAGEMENT
5.1.2 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1	Unix	CONFIGURATION MANAGEMENT
5.1.2 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1	Unix	CONFIGURATION MANAGEMENT
5.1.2 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1	Unix	CONFIGURATION MANAGEMENT
5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled	CIS Apple macOS 10.15 Catalina v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled	CIS Apple macOS 12.0 Monterey v4.0.0 L1	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled	CIS Apple macOS 11.0 Big Sur v4.0.0 L1	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled	CIS Apple macOS 15.0 Sequoia v1.1.0 L1	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled	CIS Apple macOS 13.0 Ventura v3.1.0 L1	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled	CIS Apple macOS 14.0 Sonoma v2.1.0 L1	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
5.1.2 Ensure System Integrity Protection Status (SIPS) Is Enabled	CIS Apple macOS 10.14 v2.0.0 L1	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	CIS Apple macOS 10.15 Catalina v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	CIS Apple macOS 11.0 Big Sur v4.0.0 L1	Unix	CONFIGURATION MANAGEMENT
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	CIS Apple macOS 12.0 Monterey v4.0.0 L1	Unix	CONFIGURATION MANAGEMENT
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	CIS Apple macOS 13.0 Ventura v3.1.0 L1	Unix	CONFIGURATION MANAGEMENT
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	CIS Apple macOS 14.0 Sonoma v2.1.0 L1	Unix	CONFIGURATION MANAGEMENT
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	CIS Apple macOS 15.0 Sequoia v1.1.0 L1	Unix	CONFIGURATION MANAGEMENT
5.1.3 Ensure Apple Mobile File Integrity Is Enabled	CIS Apple macOS 10.14 v2.0.0 L1	Unix	CONFIGURATION MANAGEMENT
5.1.4 Ensure Library Validation Is Enabled	CIS Apple macOS 10.14 v2.0.0 L1	Unix	CONFIGURATION MANAGEMENT
6.12 Ensure that 'User consent for applications' is set to 'Do not allow user consent'	CIS Microsoft Azure Foundations v4.0.0 L1	microsoft_azure	ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION
6.13 Ensure that 'User consent for applications' is set to 'Allow user consent for apps from verified publishers, for selected permissions'	CIS Microsoft Azure Foundations v4.0.0 L2	microsoft_azure	CONFIGURATION MANAGEMENT
6.14 Ensure that 'Users can register applications' is set to 'No'	CIS Microsoft Azure Foundations v4.0.0 L1	microsoft_azure	ACCESS CONTROL, CONFIGURATION MANAGEMENT
20.3 (L1) Ensure 'Microsoft Internet Explorer is not installed on the system'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
JUSX-DM-000165 - The Juniper SRX Services Gateway must reveal log messages or management console alerts only to the ISSO, ISSM, and SA roles).	DISA Juniper SRX Services Gateway NDM v3r3	Juniper	CONFIGURATION MANAGEMENT
MS.DEFENDER.4.1v2 - A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked.	CISA SCuBA Microsoft 365 Defender v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.POWERPLATFORM.4.1v1 - Content Security Policy (CSP) SHALL be enforced for model-driven and canvas Power Apps.	CISA SCuBA Microsoft 365 Power Platform v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.POWERPLATFORM.5.1v1 - The ability to create Power Pages sites SHOULD be restricted to admins.	CISA SCuBA Microsoft 365 Power Platform v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.SHAREPOINT.1.1v1 - External sharing for SharePoint SHALL be limited to Existing guests or Only people in your organization.	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.SHAREPOINT.2.2v1 - File and folder default sharing permissions SHALL be set to View.	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.SHAREPOINT.3.2v1 - The allowable file and folder permissions for links SHALL be set to View only.	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.SHAREPOINT.3.3v1 - Reauthentication days for people who use a verification code SHALL be set to 30 days or less.	CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.TEAMS.6.1v1 - A DLP solution SHALL be enabled. The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft.	CISA SCuBA Microsoft 365 Teams v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.TEAMS.6.2v1 - The DLP solution SHALL protect personally identifiable information (PII)	CISA SCuBA Microsoft 365 Teams v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.TEAMS.8.1v1 - URL comparison with a blocklist SHOULD be enabled.	CISA SCuBA Microsoft 365 Teams v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
MS.TEAMS.8.2v1 - User click tracking SHOULD be enabled.	CISA SCuBA Microsoft 365 Teams v1.5.0	microsoft_azure	ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

Detections

Analytics

Item Search