2.2.32 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
2.2.34 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS | Windows | ACCESS CONTROL |
2.2.35 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
2.7 Ensure TLS authentication for Docker daemon is configured - tlscacert | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.7 Ensure TLS authentication for Docker daemon is configured - tlscert | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.7 Ensure TLS authentication for Docker daemon is configured - tlskey | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.7 Ensure TLS authentication for Docker daemon is configured - tlsverify | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8.1 Ensure 'Allow remote access connections to this machine' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8.2 Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8.3 Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain defined | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8.4 Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8.5 Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8.6 Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8.7 Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'. | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.32 Ensure 'Allow remote debugging' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
3.2 Ensure 'Allow unmanaged devices' is set to 'False' | CIS Microsoft Exchange Server 2019 L1 MDM v1.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
3.2.1.16 Ensure 'Allow adding VPN configurations' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
3.2.1.16 Ensure 'Allow adding VPN configurations' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
3.2.1.16 Ensure 'Allow adding VPN configurations' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL |
3.2.1.16 Ensure 'Allow adding VPN configurations' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL |
3.2.1.29 Ensure 'Allow proximity based password sharing requests' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
3.2.1.29 Ensure 'Allow proximity based password sharing requests' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
3.2.1.29 Ensure 'Allow proximity based password sharing requests' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
3.2.1.29 Ensure 'Allow proximity based password sharing requests' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
3.5.1.1 Ensure Uncomplicated Firewall is installed | CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
3.5.1.1 Ensure Uncomplicated Firewall is installed | CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0 | Unix | ACCESS CONTROL |
3.5.2.1 Ensure nftables is installed | CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
3.5.2.1 Ensure nftables is installed | CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0 | Unix | ACCESS CONTROL |
3.9 Ensure 'Require encryption on device' is set to 'True' | CIS Microsoft Exchange Server 2019 L1 MDM v1.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
4.10 (L1) Host must verify certificates for TLS remote logging endpoints | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
4.11 (L1) Host must use strict x509 verification for TLS-enabled remote logging endpoints | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
5.117 - Users must be prevented from connecting using Terminal Services. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
Big Sur - Control remote access methods | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL |
Catalina - Control remote access methods | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL |
Monterey - Control remote access methods | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL |
OH12-1X-000033 - OHS must have the Order, Allow, and Deny directives set within the Location directives set to restrict inbound connections from nonsecure zones. | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | ACCESS CONTROL |
OH12-1X-000033 - OHS must have the Order, Allow, and Deny directives set within the Location directives set to restrict inbound connections from nonsecure zones. | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | ACCESS CONTROL |
OH12-1X-000034 - OHS must provide the capability to immediately disconnect or disable remote access to the hosted applications. | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | ACCESS CONTROL |
OH12-1X-000041 - OHS must have OraLogMode set to Oracle Diagnostic Logging text mode to generate log records for system startup and shutdown, system access, and system authentication logging. | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | ACCESS CONTROL |
OH12-1X-000045 - OHS must have a log format defined to generate adequate logs by system startup and shutdown, system access, and system authentication events. | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | ACCESS CONTROL |
OH12-1X-000050 - OHS must have a log level severity defined to produce sufficient log records to establish what type of events occurred. | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | ACCESS CONTROL |
OH12-1X-000050 - OHS must have a log level severity defined to produce sufficient log records to establish what type of events occurred. | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | ACCESS CONTROL |
OH12-1X-000052 - OHS must have a SSL log format defined for log records generated to capture sufficient information to establish what type of events occurred. | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | ACCESS CONTROL |
OH12-1X-000053 - OHS must have a log file defined for each site/virtual host to capture sufficient information to establish what type of events occurred. | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | ACCESS CONTROL |
OH12-1X-000054 - OHS must have a log format defined for log records generated to capture sufficient information to establish when an event occurred. | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | ACCESS CONTROL |
OH12-1X-000060 - OHS must have a log format defined for log records that allow the establishment of the source of events. | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | ACCESS CONTROL |
OH12-1X-000061 - OHS must have a SSL log format defined for log records that allow the establishment of the source of events. | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | ACCESS CONTROL |
OH12-1X-000064 - OHS, behind a load balancer or proxy server, must have the SSL log format set correctly to produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event. | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | ACCESS CONTROL |
OH12-1X-000066 - OHS must have a log format defined to produce log records that contain sufficient information to establish the outcome (success or failure) of events. | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | ACCESS CONTROL |
OH12-1X-000071 - OHS must have a log file defined for each site/virtual host to produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event. | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | ACCESS CONTROL |