Item Search

NameAudit NamePluginCategory
1.5.3 Ensure address space layout randomization (ASLR) is enabledCIS CentOS Linux 8 Workstation L1 v2.0.0Unix

SYSTEM AND INFORMATION INTEGRITY

1.5.3 Ensure address space layout randomization (ASLR) is enabledCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

SYSTEM AND INFORMATION INTEGRITY

1.5.3 Ensure address space layout randomization (ASLR) is enabledCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

SYSTEM AND INFORMATION INTEGRITY

18.4.6 (L1) Ensure 'LSA Protection' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.4.6 (L1) Ensure 'LSA Protection' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.5.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode' is set to 'Enabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain ControllerWindows

SYSTEM AND INFORMATION INTEGRITY

18.5.9 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.7.2 (L1) Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.7.10 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.8.5.6 Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Disabled' (DC Only) - DisabledCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 DC NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.8.40.1 Ensure 'Configure validation of ROCA-vulnerable WHfB keys during authentication' is set to 'Enabled: Audit' or higher (DC only)CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.1 Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.2 (NG) Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot' or higherCIS Microsoft Windows 10 Enterprise v4.0.0 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.3 (NG) Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.4 (NG) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'CIS Microsoft Windows Server 2016 v3.0.0 NG MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.4 Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'CIS Microsoft Windows Server 2019 STIG v3.0.0 NG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.4 Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'CIS Microsoft Windows Server 2019 STIG v3.0.0 NG MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.5 (NG) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.6 (NG) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Disabled' (DC Only)CIS Microsoft Windows Server 2016 v3.0.0 NG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.6 (NG) Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.6 (NG) Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.6 (NG) Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.7 (NG) Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled'CIS Microsoft Windows Server 2016 v3.0.0 NG MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'CIS Microsoft Windows Server 2016 v3.0.0 L1 MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.13.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.13.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.13.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.26.1 (L1) Ensure 'Allow Custom SSPs and APs to be loaded into LSASS' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.47.5.1.2 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured - 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2cCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.47.5.1.2 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured - 26190899-1602-49e8-8b27-eb1d0a1ce869CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.47.5.1.2 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured - d3e037e1-3eb8-44c8-a917-57927947596dCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.47.5.1.2 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured - d4f940ab-401b-4efc-aadc-ad5f3c50688aCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.28.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows Server 2016 v3.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.28.2 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.29.3 (L1) Ensure 'Do not apply the Mark of the Web tag to files copied from insecure sources' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.10.42.6.1.1 Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain ControllerWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.43.6.1.1 (L1) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.10.43.6.1.1 (L1) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.43.6.1.2 (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configuredCIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.75.2.1 (L1) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass'CIS Microsoft Windows Server 2016 v3.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.75.2.1 (L1) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass'CIS Microsoft Windows Server 2016 v3.0.0 L1 MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.75.2.1 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.76.2.1 (L1) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.92.2.1 (L1) Ensure 'Prevent users from modifying settings' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.92.2.1 (L1) Ensure 'Prevent users from modifying settings' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.92.2.1 (L1) Ensure 'Prevent users from modifying settings' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.92.2.1 (L1) Ensure 'Prevent users from modifying settings' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY