Item Search

Name	Audit Name	Plugin	Category
1.2 Ensure intra-zone traffic is not always allowed	CIS FortiGate 7.4.x v1.0.1 L1	FortiGate	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.4 Ensure Hit count is Enable for the rules	CIS Check Point Firewall L2 v1.1.0	CheckPoint	SECURITY ASSESSMENT AND AUTHORIZATION
3.4.1.1 Ensure nftables is installed	CIS Amazon Linux 2023 v1.0.0 L2 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.4.2.2 Ensure at least one nftables table exists	CIS Amazon Linux 2023 v1.0.0 L2 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.4.2.3 Ensure IPv6 outbound and established connections are configured	CIS Bottlerocket L2	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.4.2.4 Ensure host based firewall loopback traffic is configured	CIS Amazon Linux 2023 v1.0.0 L2 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.4.2.6 Ensure nftables established connections are configured	CIS Amazon Linux 2023 v1.0.0 L2 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.5.1.7 Ensure firewalld drops unnecessary services and ports	CIS Amazon Linux 2 STIG v2.0.0 L1 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.5.1.7 Ensure firewalld drops unnecessary services and ports	CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.5.2.5 Ensure an nftables table exists	CIS Amazon Linux 2 STIG v2.0.0 L1 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.5.3.1.1 Ensure iptables packages are installed	CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.5.3.2.1 Ensure iptables loopback traffic is configured	CIS Amazon Linux 2 STIG v2.0.0 L1 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.5.3.3.1 Ensure ip6tables loopback traffic is configured	CIS Amazon Linux 2 STIG v2.0.0 L1 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.5.3.3.2 Ensure ip6tables outbound and established connections are configured	CIS Amazon Linux 2 STIG v2.0.0 L1 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.5.3.3.6 Ensure ip6tables is enabled and running	CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.1 Ensure firewalld is installed	CIS Red Hat Enterprise Linux 8 v4.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.2 Ensure a single firewall configuration utility is in use	CIS AlmaLinux OS 9 v2.0.0 L1 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.3 Ensure firewalld.service is configured	CIS Red Hat Enterprise Linux 8 v4.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.4 Ensure firewalld active zone target is configured	CIS Rocky Linux 10 v1.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.5 Ensure firewalld loopback traffic is configured	CIS Red Hat Enterprise Linux 8 v4.0.0 L1 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.5 Ensure firewalld loopback traffic is configured	CIS Red Hat Enterprise Linux 8 v4.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.5 Ensure firewalld loopback traffic is configured	CIS Rocky Linux 10 v1.0.0 L1 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.5 Ensure firewalld loopback traffic is configured	CIS Rocky Linux 8 v3.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.5 Ensure firewalld loopback traffic is configured	CIS Oracle Linux 10 v1.0.0 L1 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.6 Ensure firewalld loopback source address traffic is configured	CIS Rocky Linux 10 v1.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.6 Ensure firewalld loopback source address traffic is configured	CIS Rocky Linux 8 v3.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.7 Ensure firewalld services and ports are configured	CIS Red Hat Enterprise Linux 8 v4.0.0 L1 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.1.7 Ensure firewalld services and ports are configured	CIS Rocky Linux 10 v1.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.2.2 Ensure firewalld loopback traffic is configured	CIS AlmaLinux OS 9 v2.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.2.7 Ensure that the --make-iptables-util-chains argument is set to true	CIS Red Hat OpenShift Container Platform v1.9.0 L1	OpenShift	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.3.1 Ensure that all Namespaces have Network Policies defined	CIS Google Kubernetes Engine GKE Autopilot v1.3.0 L2	GCP	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.3.2 Ensure nftables established connections are configured	CIS AlmaLinux OS 9 v2.0.0 L1 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.3.2 Ensure that all Namespaces have Network Policies defined	CIS Google Kubernetes Engine GKE v1.9.0 L2 GCP	GCP	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
4.3.3 Ensure nftables default deny firewall policy	CIS AlmaLinux OS 9 v2.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
5.6.2 Ensure use of VPC-native clusters	CIS Google Kubernetes Engine GKE v1.9.0 L1 GCP	GCP	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
5.21 Ensure that the host's UTS namespace is not shared	CIS Docker v1.8.0 L1 OS Linux	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
6.6 Ensure routing tables for VPC peering are "least access"	CIS Amazon Web Services Foundations v7.0.0 L2	amazon_aws	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
6.14 Ensure a secure Data Filtering profile is applied to all security policies allowing traffic to or from the Internet	CIS Palo Alto Firewall 10 v1.3.0 L1	Palo_Alto	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
6.14 Ensure a secure Data Filtering profile is applied to all security policies allowing traffic to or from the Internet	CIS Palo Alto Firewall 11 v1.2.0 L1	Palo_Alto	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
6.17 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actions	CIS Palo Alto Firewall 11 v1.2.0 L1	Palo_Alto	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
6.17 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actions	CIS Palo Alto Firewall 10 v1.3.0 L1	Palo_Alto	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
6.18 Ensure all zones have Zone Protection Profiles that drop specially crafted packets	CIS Palo Alto Firewall 11 v1.2.0 L1	Palo_Alto	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
6.18 Ensure all zones have Zone Protection Profiles that drop specially crafted packets	CIS Palo Alto Firewall 10 v1.3.0 L1	Palo_Alto	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.1 Ensure that RDP access from the Internet is evaluated and restricted	CIS Microsoft Azure Foundations v5.0.0 L1	microsoft_azure	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.2 Ensure that SSH access from the Internet is evaluated and restricted	CIS Microsoft Azure Foundations v5.0.0 L1	microsoft_azure	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.3 Ensure that UDP access from the Internet is evaluated and restricted	CIS Microsoft Azure Foundations v5.0.0 L1	microsoft_azure	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.4 Ensure that HTTP(S) access from the Internet is evaluated and restricted	CIS Microsoft Azure Foundations v5.0.0 L1	microsoft_azure	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.9 Ensure that management plane traffic is separated from data plane traffic	CIS Docker v1.8.0 L1 Docker Swarm	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.11 Ensure subnets are associated with network security groups	CIS Microsoft Azure Foundations v5.0.0 L1	microsoft_azure	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.16 Ensure Azure Network Security Perimeter is used to secure Azure platform-as-a-service resources	CIS Microsoft Azure Foundations v5.0.0 L2	microsoft_azure	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

Detections

Analytics

Item Search