Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1.1 Ensure mounting of udf filesystems is disabledCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.4.2 Ensure XD/NX support is enabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

SYSTEM AND INFORMATION INTEGRITY

2.1.1.2 Ensure chrony is configuredCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

3.2.3 Ensure secure ICMP redirects are not acceptedCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.4 Ensure IPv6 firewall rules exist for all open portsCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2 Secure the Database Container DirectoryCIS IBM DB2 11 v1.2.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

4.1.1.1 Ensure correct container image is set for stackdriver logging agentCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.2.4 Restrict Access to SYSCAT.COLDISTCIS IBM DB2 11 v1.2.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

4.2.8 Restrict Access to SYSCAT.CONTEXTSCIS IBM DB2 11 v1.2.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

4.2.11 Restrict Access to SYSCAT.DBAUTHCIS IBM DB2 11 v1.2.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

4.2.15 Restrict Access to SYSCAT.INDEXAUTHCIS IBM DB2 11 v1.2.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

4.2.19 Restrict Access to SYSCAT.PASSTHRUAUTHCIS IBM DB2 11 v1.2.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

4.2.23 Restrict Access to SYSCAT.ROUTINESCIS IBM DB2 11 v1.2.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

4.2.30 Restrict Access to SYSCAT.SECURITYPOLICYEXEMPTIONSCIS IBM DB2 11 v1.2.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

4.2.32 Restrict Access to SYSCAT.SCHEMAAUTHCIS IBM DB2 11 v1.2.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

4.2.33 Restrict Access to SYSCAT.SCHEMATACIS IBM DB2 11 v1.2.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

4.2.37 Restrict Access to SYSCAT.SURROGATEAUTHIDSCIS IBM DB2 11 v1.2.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

4.2.43 Restrict Access to SYSCAT.WORKLOADAUTHCIS IBM DB2 11 v1.2.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

4.3.13 Restrict Access to SYSIBM.SYSEVENTTABLESCIS IBM DB2 11 v1.2.0 Database Level 1IBM_DB2DB

ACCESS CONTROL, MEDIA PROTECTION

5.1.3 Ensure permissions on SSH public host key files are configuredCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

5.1.8 Ensure SSH IgnoreRhosts is enabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.11 Ensure SSH PermitEmptyPasswords is disabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.1.19 Ensure SSH PAM is enabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

5.1.21 Ensure SSH MaxStartups is configuredCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

CONFIGURATION MANAGEMENT

5.2 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (MS only)CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

5.3.1.1 Ensure password expiration is 365 days or lessCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.3.1.5 Ensure all users last password change date is in the pastCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.3.5 Ensure default user shell timeout is 900 seconds or lessCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL

5.5 Ensure access to the su command is restrictedCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.1.1 Ensure permissions on /etc/passwd are configuredCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.1.7 Ensure permissions on /etc/group- are configuredCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.2.3 Ensure no legacy "+" entries exist in /etc/shadowCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL

6.2.9 Ensure users own their home directoriesCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.2.17 Ensure no duplicate GIDs existCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

6.2.19 Ensure no duplicate group names existCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

6.2.20 Ensure shadow group is emptyCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

18.6.11.3 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'CIS Windows Server 2012 R2 DC L1 v3.0.0Windows

ACCESS CONTROL

18.6.11.3 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'CIS Windows Server 2012 R2 MS L1 v3.0.0Windows

ACCESS CONTROL

18.6.11.4 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'CIS Microsoft Windows Server 2022 v5.0.0 L1 DCWindows

ACCESS CONTROL

18.8.22.1.2 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.22.1.8 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.8.22.1.13 (L2) Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.20.1.3 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L2 NGWindows

CONFIGURATION MANAGEMENT

18.9.20.1.3 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BLWindows

CONFIGURATION MANAGEMENT

18.9.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v5.0.1 L2Windows

CONFIGURATION MANAGEMENT

18.9.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v5.0.0 L2 BLWindows

CONFIGURATION MANAGEMENT

18.9.65.3.3.1 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.65.3.10.1 (L2) Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less, but not Never (0)'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

ACCESS CONTROL

18.9.102.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.103.1 (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT