Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.3 Ensure HTTP and Telnet options are disabled for the management interfaceCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.2 Ensure 'ACCEPT_MD5_CERTS' Is Configured CorrectlyCIS Oracle Database 23ai v1.0.0 L1 RDBMS On Windows Server Host OSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.1 Ensure 'ACCEPT_MD5_CERTS' Is NOT SETCIS Oracle Database 23ai v1.0.0 L1 RDBMS On Linux Host OSUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.2 Ensure 'ACCEPT_SHA1_CERTS' Is NOT SetCIS Oracle Database 23ai v1.0.0 L1 RDBMS On Linux Host OSUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.3 Ensure 'ALLOWED_WEAK_CERT_ALGORITHMS' Is NOT SetCIS Oracle Database 23ai v1.0.0 L1 RDBMS On Windows Server Host OSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.8 Ensure 'SQLNET.ENCRYPTION_TYPES_CLIENT' Is Set To 'AES256'CIS Oracle Database 23ai v1.0.0 L1 RDBMS On Windows Server Host OSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.11 Ensure 'SQLNET.CRYPTO_CHECKSUM_SERVER' Is Set To 'REQUIRED'CIS Oracle Database 23ai v1.0.0 L1 RDBMS On Linux Host OSUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.1 (L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.1 Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member ServerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.2 Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member ServerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.2 Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.13 Require Client-Side Certificates (X.509)CIS MySQL 5.7 Community Database L2 v2.0.0MySQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.13 Require Client-Side Certificates (X.509)CIS MySQL 5.7 Enterprise Database L2 v2.0.0MySQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.6.1 Ensure 'VPN' is 'Configured'AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1MDM

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.6.1 Ensure 'VPN' is 'Configured'MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1MDM

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.2 Ensure a trusted certificate and trust chain is installedCIS NGINX Benchmark v2.1.0 L1 LoadbalancerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.2 Ensure a trusted certificate and trust chain is installedCIS NGINX Benchmark v2.1.0 L1 WebserverUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.4 Ensure only modern TLS protocols are usedCIS NGINX Benchmark v2.1.0 L1 ProxyUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.5 Disable weak ciphersCIS NGINX Benchmark v2.1.0 L1 LoadbalancerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.6 Ensure custom Diffie-Hellman parameters are usedCIS NGINX Benchmark v2.1.0 L1 ProxyUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.6 Ensure custom Diffie-Hellman parameters are usedCIS NGINX Benchmark v2.1.0 L1 WebserverUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.9 Ensure upstream server traffic is authenticated with a client certificateCIS NGINX Benchmark v2.1.0 L1 LoadbalancerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.12 Ensure session resumption is disabled to enable perfect forward securityCIS NGINX Benchmark v2.1.0 L2 WebserverUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.14 Ensure only Perfect Forward Secrecy Ciphers are LeveragedCIS NGINX Benchmark v2.1.0 L2 LoadbalancerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.13 Ensure only strong Ciphers are usedCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.13 Ensure only strong Ciphers are usedCIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3.14 Ensure only strong Ciphers are used - approved ciphersCIS Red Hat 6 Server L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabledCIS PostgreSQL 12 OS v1.1.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure 'old_passwords' Is Not Set to '1' - ONCIS MySQL 5.6 Enterprise Database L1 v2.0.0MySQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS SQL Server 2016 Database L1 DB v1.4.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS SQL Server 2022 Database L1 DB v1.1.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure Network Encryption is Configured and EnabledCIS SQL Server 2017 Database L2 DB v1.3.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure WAL archiving is configured and functionalCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure WAL archiving is configured and functional - archive_modeCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.5 Ensure streaming replication parameters are configured correctlyCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1 Ensure 'have_ssl' Is Set to 'YES'CIS MySQL 5.6 Community Database L1 v2.0.0MySQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1 Ensure 'have_ssl' Is Set to 'YES'CIS MySQL 5.6 Enterprise Database L1 v2.0.0MySQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.2 Ensure 'ssl_type' is Set to 'ANY', 'X509', or 'SPECIFIED' for All Remote UsersCIS MySQL 5.7 Community Database L1 v2.0.0MySQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

9.1 Ensure Replication Traffic is SecuredCIS MySQL 5.7 Community Windows OS L1 v2.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.4 Force SSL when accessing the manager application via HTTPCIS Apache Tomcat 10 L1 v1.1.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.4 Force SSL when accessing the manager application via HTTPCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.11 Force SSL for all applicationsCIS Apache Tomcat 10 L2 v1.1.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.11 Force SSL for all applicationsCIS Apache Tomcat 9 L2 v1.2.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.11 Force SSL for all applicationsCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.2 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.88.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain ControllerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.88.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.88.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION