Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2 Install TCP Wrappers - Allow localhost. Note: Replace 172.16.100.0/255.255.255.0 with a network block in use at your organization.CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.5 - TCP/IP Tuning - 'ipforwarding = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.6 - TCP/IP Tuning - 'ipsendredirects = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.7 - TCP/IP Tuning - 'ip6srcrouteforward = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.8 - TCP/IP Tuning - 'directed_broadcast = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.9 - TCP/IP Tuning - 'tcp_pmtu_discover = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.18 - TCP/IP Tuning - 'tcp_sendspace >= 262144'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.20 - TCP/IP Tuning - 'tcp_mssdflt <= 1448'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10.1 - TCP Wrappers - installing TCP Wrappers - 'netsec.options.tcpwrapper.base is installed'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10.1 - TCP Wrappers - installing TCP Wrappers - 'netsec.options.tcpwrapper.man.en_US is installed'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10.3 - TCP Wrappers - creating a hosts.allow file - configuration - 'hosts.allow has been configured'CIS AIX 5.3/6.1 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Disable the Shutdown portCIS Apache Tomcat 10 L2 v1.1.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Disable the Shutdown portCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Disable the Shutdown portCIS Apache Tomcat 9 L2 v1.2.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Disable the Shutdown portCIS Apache Tomcat 10 L2 v1.1.0 MiddlewareUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.3 Restrict Access to Cache 'trusted, local IP network'CIS ISC BIND 9.0/9.5 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.4.1.2 Ensure iptables-services not installed with firewalldCIS CentOS Linux 8 Workstation L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.1.3 Ensure nftables either not installed or masked with firewalldCIS CentOS Linux 8 Server L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.1.3 Ensure nftables either not installed or masked with firewalldCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2.2 Ensure firewalld is either not installed or masked with nftablesCIS CentOS Linux 8 Server L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3.1.2 Ensure nftables is not installed with iptablesCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.2 Ensure firewalld is either not installed or masked with nftables - maskedCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.3 Ensure iptables-services not installed with nftablesCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.1.2 Ensure nftables is not installed with iptablesCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.1.3 Ensure firewalld is either not installed or masked with iptables - maskedCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Network Parameter Modifications - Check if 'ip_forward_src_routed' is set to 0 in /etc/init.d/netconfig.CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

5.6.2 Ensure use of VPC-native clustersCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.21 Ensure that the host's UTS namespace is not sharedCIS Docker v1.7.0 L1 Docker - LinuxUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.14 Ensure a secure Data Filtering profile is applied to all security policies allowing traffic to or from the InternetCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.18 Ensure all zones have Zone Protection Profiles that drop specially crafted packetsCIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.18 Ensure all zones have Zone Protection Profiles that drop specially crafted packetsCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.9 Ensure that management plane traffic is separated from data plane trafficCIS Docker v1.7.0 L1 Docker SwarmUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

9.8 Configure 'Disable changing Automatic Configuration settings'CIS IE 10 v1.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Allow unicast response - Public ProfileMSCT Windows Server 2012 R2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Apply local firewall rulesMSCT Windows 11 v23H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Apply local firewall rulesMSCT Windows 10 v21H1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Apply local firewall rulesMSCT Windows 10 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Apply local firewall rulesMSCT Windows 11 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

CIS Control 12 (12.4(a)) Deny Communications Over Unauthorized PortsCAS Implementation Group 1 Audit FileUnix

SYSTEM AND COMMUNICATIONS PROTECTION

ESXi : config-firewall-access - 'CIM Server allowed'VMWare vSphere 5.X Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

ESXi : config-firewall-access - 'DNS Client allowed'VMWare vSphere 5.X Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

ESXi : config-firewall-access - 'FTP Client blocked'VMWare vSphere 5.X Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

ESXi : config-firewall-access - 'SSH Server allowed'VMWare vSphere 5.X Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

ESXi : config-firewall-access - 'vCenter Update Manager blocked'VMWare vSphere 5.X Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

ESXi : config-firewall-access - 'vMotion allowed'VMWare vSphere 5.X Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT Windows 11 v23H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT Windows 10 v21H1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Public ProfileMSCT Windows 11 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

The hosts.allow file limits access to the local networkTNS Citrix HypervisorUnix

SYSTEM AND COMMUNICATIONS PROTECTION

XenServer - The hosts.deny file blocks access by defaultTNS Citrix XenServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION