Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.6 Support Web Access Security - a) ciphersuiteTenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

1.6 Support Web Access Security - b) ssl-context fieldTenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

1.6 Support Web Access Security - c) versionTenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

1.9 SSL Strong Algorithm - a) VersionTenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

1.9 SSL Strong Algorithm - b) ciphersuiteTenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

1.9 SSL Strong Algorithm - c) pki-profileTenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

1.9 SSL Strong Algorithm - d) renegotiateTenable ZTE ROSNGZTE_ROSNG

CONFIGURATION MANAGEMENT

2.4 Configure TCP Wrappers - Allow localhost.CIS Solaris 10 L1 v5.2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Configure TCP Wrappers - Deny access to this server from all networksCIS Solaris 10 L1 v5.2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Configure TCP Wrappers - enable tcp_wrappers for inetdCIS Solaris 10 L1 v5.2Unix
2.4 Configure TCP Wrappers - enable tcp_wrappers for rpc/bind. Note: This check is recommended by CIS, but not required.CIS Solaris 10 L1 v5.2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Configure TCP Wrappers - Make sure that /etc/hosts.allow does exist.CIS Solaris 10 L1 v5.2Unix

CONFIGURATION MANAGEMENT

2.4 Configure TCP Wrappers - Make sure that /etc/hosts.deny does exist.CIS Solaris 10 L1 v5.2Unix

CONFIGURATION MANAGEMENT

3.3 Enable Stack Protection - Makes sure 'noexec_user_stack_log' is set to 1 in /etc/system. Note: Only applicable if NX bit is set.CIS Solaris 10 L1 v5.2Unix

AUDIT AND ACCOUNTABILITY

3.3 Enable Stack Protection - Makes sure 'noexec_user_stack' is set to 1 in /etc/system. Note: Only applicable if NX bit is set.CIS Solaris 10 L1 v5.2Unix

SYSTEM AND INFORMATION INTEGRITY

4.1 Create CIS Audit ClassCIS Solaris 11.2 L1 v1.1.0Unix

ACCESS CONTROL

4.3 Enable Debug Level Daemon Logging - Check if permissions for /var/log/connlog are OK.CIS Solaris 10 L1 v5.2Unix

AUDIT AND ACCOUNTABILITY

4.3 Enable Debug Level Daemon Logging/4.4 Capture syslog AUTH Messages - Check if svc:/system/system-log is onlineCIS Solaris 10 L1 v5.2Unix

AUDIT AND ACCOUNTABILITY

4.9 Enable Kernel Level Auditing - Check audit condition is set to auditingCIS Solaris 10 L1 v5.2Unix

AUDIT AND ACCOUNTABILITY

5.2 Ensure External File System Access is disabled - enable cisCIS Sybase 15.0 L1 DB v1.1.0SybaseDB
5.2 Ensure External File System Access is disabled - enable file accessCIS Sybase 15.0 L1 DB v1.1.0SybaseDB
6.12 Set EEPROM Security Mode and Log Failed Access - SPARC only. Should *not* be 'security-mode=none'.CIS Solaris 10 L1 v5.2Unix

ACCESS CONTROL

7.2 Set Password Expiration Parameters on Active Accounts - Check MINWEEKS is set to 1CIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.2 Set Password Expiration Parameters on Active Accounts - Check WARNWEEKS is set to 4CIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.3 Set Strong Password Creation Policies - Check DICTIONLIST is set to /usr/share/lib/dict/wordsCIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.3 Set Strong Password Creation Policies - Check HISTORY is set to 10CIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.3 Set Strong Password Creation Policies - Check MINLOWER is set to 1CIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.3 Set Strong Password Creation Policies - Check MINUPPER is set to 1CIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.3 Set Strong Password Creation Policies - Check NAMECHECK is set to YESCIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.3 Set Strong Password Creation Policies - Check PASSLENGTH is set to 8CIS Solaris 10 L1 v5.2Unix

IDENTIFICATION AND AUTHENTICATION

7.6 Set Default umask for Users - Check if 'umask' is set to 077 - Check /etc/.login.CIS Solaris 10 L1 v5.2Unix

ACCESS CONTROL

7.6 Set Default umask for Users - Check if 'umask' is set to 077 - Check /etc/profile.CIS Solaris 10 L1 v5.2Unix

ACCESS CONTROL

7.6 Set Default umask for Users, Check if 'UMASK' is set to 077.CIS Solaris 10 L1 v5.2Unix

ACCESS CONTROL

7.8 Set 'mesg n' as Default for All Users in /etc/.loginCIS Solaris 10 L1 v5.2Unix

CONFIGURATION MANAGEMENT

7.8 Set 'mesg n' as Default for All Users in /etc/profileCIS Solaris 10 L1 v5.2Unix

CONFIGURATION MANAGEMENT

8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.labelString' is set appropriately.CIS Solaris 10 L1 v5.2Unix

ACCESS CONTROL

8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is not set to default string.CIS Solaris 10 L1 v5.2Unix

ACCESS CONTROL

8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is set appropriately.CIS Solaris 10 L1 v5.2Unix

ACCESS CONTROL

8.2 Create Warning Banner for CDE Users - Check if file permissions for files under /etc/dt/config/*/Xresources are OK.CIS Solaris 10 L1 v5.2Unix

ACCESS CONTROL

CIS_Microsoft_SQL_Server_2008_R2_v1.7.0_Level_1_OS.audit from CIS Microsoft SQL Server 2008 R2 DatabaseCIS SQL Server 2008 R2 DB OS L1 v1.7.0Windows
DKER-EE-001800 - The insecure registry capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-001810 - On Linux, a non-AUFS storage driver in the Docker Engine - Enterprise component of Docker Enterprise must be used.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-001830 - The userland proxy capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-001840 - Experimental features in the Docker Engine - Enterprise component of Docker Enterprise must be disabled.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-001870 - The Docker Enterprise self-signed certificates in Universal Control Plane (UCP) must be replaced with DoD trusted, signed certificates.DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-001880 - The Docker Enterprise self-signed certificates in Docker Trusted Registry (DTR) must be replaced with DoD trusted, signed certificates.DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-001890 - The option in Universal Control Plane (UCP) allowing users and administrators to schedule containers on all nodes, including UCP managers and Docker Trusted Registry (DTR) nodes must be disabled in Docker Enterprise.DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-001900 - The Create repository on push option in Docker Trusted Registry (DTR) must be disabled in Docker Enterprise.DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-001910 - Periodic data usage and analytics reporting in Universal Control Plane (UCP) must be disabled in Docker Enterprise.DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-001920 - Periodic data usage and analytics reporting in Docker Trusted Registry (DTR) must be disabled in Docker Enterprise.DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2Unix

CONFIGURATION MANAGEMENT