Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.6.1 - TCP/IP Tuning - 'ipsrcrouteforward = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.10 - TCP/IP Tuning - 'bcastping = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.15 - TCP/IP Tuning - 'tcp_tcpsecure = 7'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.7.4 - SNMP - restrict public community access - 'all communities have IP access restrictions'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10.1 - TCP Wrappers - installing TCP Wrappers - 'netsec.options.tcpwrapper.msg.en_US is installed'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Restrict Query Origins 'mynets'CIS ISC BIND 9.0/9.5 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 Ensure TCP Wrappers is installedCIS Distribution Independent Linux Workstation L1 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.4.1 Ensure TCP Wrappers is installedCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.4.1.2 Ensure iptables-services not installed with firewalldCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.1.3 Ensure nftables either not installed or masked with firewalldCIS CentOS Linux 8 Workstation L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2.2 Ensure firewalld is either not installed or masked with nftablesCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2.2 Ensure firewalld is either not installed or masked with nftablesCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2.3 Ensure iptables-services not installed with nftablesCIS CentOS Linux 8 Server L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3 Ensure /etc/hosts.deny is configuredCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3.1.2 Ensure nftables is not installed with iptablesCIS CentOS Linux 8 Workstation L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.4.2.1 Ensure default deny firewall policy - 'Chain FORWARD'CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.4.4.3.4 Ensure IPv6 firewall rules exist for all open portsCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1.1 Ensure IPv6 default deny firewall policy - Chain FORWARDCIS Distribution Independent Linux Server L1 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1.1 Ensure IPv6 default deny firewall policy - Chain INPUTCIS Distribution Independent Linux Workstation L1 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.1 Ensure default deny firewall policy - Chain INPUTCIS Distribution Independent Linux Server L1 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.2 Ensure loopback traffic is configured - OUTPUTCIS Distribution Independent Linux Workstation L1 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.3 Ensure iptables-services not installed with nftablesCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.3 Ensure outbound and established connections are configuredCIS Distribution Independent Linux Workstation L1 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.1.2 Ensure nftables is not installed with iptablesCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.1.3 Ensure firewalld is either not installed or masked with iptablesCIS Amazon Linux 2 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.6.1.3 Ensure ufw service is enabled - systemctlCIS Debian Family Workstation L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.6.2.9 Ensure nftables service is enabledCIS Debian Family Workstation L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.6.3.3.3 Ensure IPv6 outbound and established connections are configuredCIS Debian Family Server L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.6.3.3.4 Ensure IPv6 firewall rules exist for all open portsCIS Debian Family Server L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.6.4.2.4 Ensure IPv6 firewall rules exist for all open portsCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.15 Ensure file deletion events by users are collected - auditctl b64 unlinkCIS Distribution Independent Linux Workstation L2 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.15 Ensure file deletion events by users are collected - b64 unlinkCIS Distribution Independent Linux Server L2 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.15 Ensure file deletion events by users are collected - b64 unlinkCIS Distribution Independent Linux Workstation L2 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.2.3 Ensure permissions on all logfiles are configuredCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

6.6 Ensure ModSecurity Is Installed and EnabledCIS Apache HTTP Server 2.2 L2 v3.6.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

9.5 Configure 'Make proxy settings per-machine (rather than per-user)'CIS IE 10 v1.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Allow unicast response - Private ProfileMSCT Windows Server 2012 R2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Apply local connection security rulesMSCT Windows 10 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Apply local connection security rulesMSCT Windows 11 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Apply local connection security rulesMSCT Windows 11 v24H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Apply local firewall rulesMSCT Windows 11 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Apply local firewall rulesMSCT Windows 11 v24H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT Windows Server 2022 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT Windows 11 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT Windows 11 v24H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Public ProfileMSCT MSCT Windows Server 2022 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Public ProfileMSCT Windows Server 2025 MS v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT Windows Server v2004 MS v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)MSCT Windows Server 2019 MS v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows Server v20H2 MS v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION