Item Search

NameAudit NamePluginCategory
1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL

1.2.3.11 Set 'Select update server:' to 'Enabled:Search Managed Server'CIS Windows 8 L1 v1.0.0Windows

CONFIGURATION MANAGEMENT

8.4.29 Ensure all but VGA mode on virtual machines is disabledCIS VMware ESXi 6.5 v1.0.0 Level 2VMware

SYSTEM AND INFORMATION INTEGRITY

18.3.1 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.3.1 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT

18.3.3 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.3.3 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.3.3 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.3.4 Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

18.4.1 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.4.1 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1Windows

CONFIGURATION MANAGEMENT

18.4.2 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.4.2 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows 10 Enterprise v4.0.0 L1Windows

CONFIGURATION MANAGEMENT

18.4.2 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

CONFIGURATION MANAGEMENT

18.4.2 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

CONFIGURATION MANAGEMENT

18.4.2 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows Server 2022 v4.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.4.3 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows Server 2016 v3.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT

18.4.3 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

CONFIGURATION MANAGEMENT

18.4.3 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Windows Server 2012 MS L1 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.4.3 Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

CONFIGURATION MANAGEMENT

18.4.3 Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain ControllerWindows

CONFIGURATION MANAGEMENT

18.4.3 Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT

18.4.3 Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

CONFIGURATION MANAGEMENT

18.8.22.1.2 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

ACCESS CONTROL

18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Windows 7 Workstation Bitlocker v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.6 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.14 Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.6 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.3.6 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'CIS Windows 7 Workstation Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.9 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.3.9 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.3.13 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.13 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

19.1.3.2 (L1) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL

20.51 Ensure 'Permissions for the system drive root directory must conform to minimum requirements'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

AADC-CL-001300 - Adobe Acrobat Pro DC Classic third-party web connectors must be disabled.DISA STIG Adobe Acrobat Pro DC Classic Track v2r1Windows

CONFIGURATION MANAGEMENT

AADC-CL-001305 - Adobe Acrobat Pro DC Classic Webmail must be disabled.DISA STIG Adobe Acrobat Pro DC Classic Track v2r1Windows

CONFIGURATION MANAGEMENT

AADC-CL-001325 - Adobe Acrobat Pro DC Classic privileged host locations must be disabled.DISA STIG Adobe Acrobat Pro DC Classic Track v2r1Windows

CONFIGURATION MANAGEMENT

Authentication with Exchange ServerMicrosoft 365 Apps for Enterprise 2306 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Authentication with Exchange ServerMSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Authentication with Exchange ServerMSCT Office 365 ProPlus 1908 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

DG0127-ORACLE11 - DBMS account passwords should not be set to easily guessed words or values - 'limit'DISA STIG Oracle 11 Instance v9r1 DatabaseOracleDB
Do not allow drive redirectionMSCT Windows 11 v24H2 v1.0.0Windows

CONFIGURATION MANAGEMENT

PHTN-67-000032 - The Photon operating system must only allow installation of packages signed by VMware.DISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

WG470 W22 - Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator. - 'Cscript.exe'DISA STIG Apache Server 2.2 Windows v1r13Windows
WG470 W22 - Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator. - 'Wscript.exe'DISA STIG Apache Server 2.2 Windows v1r13Windows
WN16-MS-000310 - Remote calls to the Security Account Manager (SAM) must be restricted to Administrators.DISA Microsoft Windows Server 2016 STIG v2r10Windows

ACCESS CONTROL

WN16-MS-000420 - The 'Enable computer and user accounts to be trusted for delegation' user right must not be assigned to any groups or accounts on member servers.DISA Microsoft Windows Server 2016 STIG v2r10Windows

ACCESS CONTROL

WN19-CC-000260 - Windows Server 2019 Windows Update must not obtain updates from other PCs on the Internet.DISA Microsoft Windows Server 2019 STIG v3r4Windows

CONFIGURATION MANAGEMENT

WN22-CC-000260 - Windows Server 2022 Windows Update must not obtain updates from other PCs on the internet.DISA Microsoft Windows Server 2022 STIG v2r4Windows

CONFIGURATION MANAGEMENT