Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2 Ensure the container host has been HardenedCIS Docker Community Edition v1.1.0 L1 Linux Host OSUnix

CONFIGURATION MANAGEMENT

1.2 Harden the container hostCIS Docker 1.13.0 v1.0.0 L1 LinuxUnix

CONFIGURATION MANAGEMENT

1.2.1 Ensure the container host has been HardenedCIS Docker v1.7.0 L1 Docker - LinuxUnix

CONFIGURATION MANAGEMENT

2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC'CIS Oracle Server 12c Linux v3.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC'CIS Oracle Server 12c Windows v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Ensure Windows BUILTIN groups are not SQL LoginsCIS SQL Server 2008 R2 DB Engine L1 v1.7.0MS_SQLDB

ACCESS CONTROL

3.9 Ensure Windows BUILTIN groups are not SQL LoginsCIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDSMS_SQLDB

ACCESS CONTROL, MEDIA PROTECTION

3.9 Ensure Windows BUILTIN groups are not SQL LoginsCIS Microsoft SQL Server 2019 v1.5.0 L1 Database EngineMS_SQLDB

ACCESS CONTROL, MEDIA PROTECTION

3.9 Ensure Windows BUILTIN groups are not SQL LoginsCIS SQL Server 2012 Database L1 AWS RDS v1.6.0MS_SQLDB

ACCESS CONTROL

3.9 Ensure Windows BUILTIN groups are not SQL LoginsCIS SQL Server 2014 Database L1 AWS RDS v1.5.0MS_SQLDB

ACCESS CONTROL

3.9 Ensure Windows BUILTIN groups are not SQL LoginsCIS SQL Server 2012 Database L1 DB v1.6.0MS_SQLDB

ACCESS CONTROL

3.9 Ensure Windows BUILTIN groups are not SQL LoginsCIS SQL Server 2014 Database L1 DB v1.5.0MS_SQLDB

ACCESS CONTROL

5.2.2.3 (L1) Enable Conditional Access policies to block legacy authenticationCIS Microsoft 365 Foundations v4.0.0 L1 E3microsoft_azure

CONFIGURATION MANAGEMENT

5.2.2.3 (L1) Enable Conditional Access policies to block legacy authenticationCIS Microsoft 365 Foundations v4.0.0 L1 E5microsoft_azure

CONFIGURATION MANAGEMENT

5.10.5 Enable Security PostureCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

CONFIGURATION MANAGEMENT

5.11 (L1) Host must isolate management communicationsCIS VMware ESXi 8.0 v1.1.0 L1VMware

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

6.1 Perform regular security audits of your host system and containersCIS Docker 1.12.0 v1.0.0 L1 DockerUnix
6.1 Perform regular security audits of your host system and containersCIS Docker 1.6 v1.0.0 L1 DockerUnix
6.1 Perform regular security audits of your host system and containersCIS Docker 1.11.0 v1.0.0 L1 DockerUnix
6.5.2 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated cryptographic modulesCIS VMware ESXi 8.0 v1.1.0 L1 Bare MetalUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.5.6 (L1) Host SSH daemon, if enabled, must set a timeout interval on idle sessionsCIS VMware ESXi 8.0 v1.1.0 L1 Bare MetalUnix

CONFIGURATION MANAGEMENT, MAINTENANCE

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS SQL Server 2022 Database L1 AWS RDS v1.1.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS SQL Server 2017 Database L1 DB v1.3.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS SQL Server 2016 Database L1 DB v1.4.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS SQL Server 2022 Database L1 DB v1.1.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS SQL Server 2016 Database L1 AWS RDS v1.4.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

12.20 Monitor for development on production databases - 'Prevent development on production databases'CIS v1.1.0 Oracle 11g OS Windows Level 1Windows
12.20 Monitor for development on production databases - 'Prevent development on production databases'CIS v1.1.0 Oracle 11g OS L1Unix
12.22 Developer access to production databases - 'Disallow'CIS v1.1.0 Oracle 11g OS Windows Level 1Windows
12.22 Developer access to production databases - 'Disallow'CIS v1.1.0 Oracle 11g OS L1Unix
ACLs: Filter for RFC 3330 addresses (192.0.2.0/24)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (240.0.0.0/4)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

Authentication: local authentication is available as a last resortTNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

IDENTIFICATION AND AUTHENTICATION

BGP: Disable Capability NegotiationTNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable.DISA STIG Oracle 11 Installation v9r1 WindowsWindows
EX13-EG-000005 - Exchange must limit the Receive connector timeout.DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6Windows

ACCESS CONTROL

EX13-EG-000260 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled.DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6Windows

SYSTEM AND INFORMATION INTEGRITY

EX16-ED-000010 - Exchange must limit the Receive connector timeout.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5Windows

ACCESS CONTROL

EX16-ED-000010 - Exchange must limit the Receive connector timeout.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6Windows

ACCESS CONTROL

EX16-ED-000520 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5Windows

SYSTEM AND INFORMATION INTEGRITY

EX16-ED-000520 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6Windows

SYSTEM AND INFORMATION INTEGRITY

EX19-ED-000139 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled.DISA Microsoft Exchange 2019 Edge Server STIG v2r2Windows

SYSTEM AND INFORMATION INTEGRITY

Password Complexity: Require a minimum length of 8 charactersTNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

IDENTIFICATION AND AUTHENTICATION

SNMP: Use SNMPv3 onlyTNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

IDENTIFICATION AND AUTHENTICATION

Time: System has a primary NTP server setTNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

AUDIT AND ACCOUNTABILITY

TiMOS/SR-OS : OS Version is up to dateTNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

CONFIGURATION MANAGEMENT

vCenter: vcenter-8.administration-sso-password-lifetimeVMware vSphere Security Configuration and Hardening GuideVMware

IDENTIFICATION AND AUTHENTICATION

vCenter: vcenter-8.vami-administration-password-expirationVMware vSphere Security Configuration and Hardening GuideVMware

CONFIGURATION MANAGEMENT