Item Search

Name	Audit Name	Plugin	Category
2.2.4 (L1) Ensure 'Act as part of the operating system' is set to 'No One'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.6 (L1) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.7 (L1) Ensure 'Allow log on locally' is set to 'Administrators'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.13 (L1) Ensure 'Create a pagefile' is set to 'Administrators'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.23 (L1) Ensure 'Deny log on as a service' to include 'Guests'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.29 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.30 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only)	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL
2.2.34 (L1) Ensure 'Load and unload device drivers' is set to 'Administrators'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.35 (L1) Ensure 'Lock pages in memory' is set to 'No One'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.39 (L1) Ensure 'Modify an object label' is set to 'No One'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.41 (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.46 (L1) Ensure 'Shut down the system' is set to 'Administrators'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.1.3 (L1) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.2.1 (L1) Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
2.3.7.1 (L1) Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
2.3.7.4 (L1) Configure 'Interactive logon: Message title for users attempting to log on'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.1 (L1) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.10.1 (L1) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
2.3.10.12 (L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL, MEDIA PROTECTION
2.3.10.13 (L1) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
2.3.11.2 (L1) Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.17.1 (L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.1.1 (L1) Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.1.3 (L1) Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.1.4 (L1) Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.1.6 (L1) Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
9.1.7 (L1) Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
9.2.2 (L1) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.2.3 (L1) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.2.6 (L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
9.3.2 (L1) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.3.5 (L1) Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.3.10 (L1) Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
18.4.7 (L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.4.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.5.20.1 (L2) Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.5.20.2 (L2) Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.8.22.1.2 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.8.22.1.4 (L2) Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.8.22.1.7 (L2) Ensure 'Turn off printing over HTTP' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.8.22.1.14 (L2) Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.8.53.1.2 (L2) Ensure 'Enable Windows NTP Server' is set to 'Disabled' (MS only)	CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
18.9.103.1 (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
19.1.3.4 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
19.7.4.2 (L1) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	SYSTEM AND INFORMATION INTEGRITY

Detections

Analytics

Item Search