Item Search

NameAudit NamePluginCategory
1.2 Ensure 'Host headers' are on all sitesCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND SERVICES ACQUISITION

2.4 Ensure 'forms authentication' is set to use cookies - ApplicationCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

2.4 Ensure 'forms authentication' is set to use cookies - DefaultCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

2.6 Ensure aufs storage driver is not usedCIS Docker v1.6.0 L1 Docker LinuxUnix

SYSTEM AND SERVICES ACQUISITION

2.9 Enable user namespace support - /etc/subgidCIS Docker v1.6.0 L2 Docker LinuxUnix

SYSTEM AND SERVICES ACQUISITION

2.9 Enable user namespace support - /etc/subuidCIS Docker v1.6.0 L2 Docker LinuxUnix

SYSTEM AND SERVICES ACQUISITION

2.9 Enable user namespace support - SecurityOptionsCIS Docker v1.6.0 L2 Docker LinuxUnix

SYSTEM AND SERVICES ACQUISITION

2.9 Ensure MariaDB is Bound to an IP AddressCIS MariaDB 10.6 Database L2 v1.1.0MySQLDB

PLANNING, SYSTEM AND SERVICES ACQUISITION

2.10 Ensure the default cgroup usage has been confirmed - daemon.jsonCIS Docker v1.6.0 L2 Docker LinuxUnix

SYSTEM AND SERVICES ACQUISITION

2.10 Ensure the default cgroup usage has been confirmed - dockerdCIS Docker v1.6.0 L2 Docker LinuxUnix

SYSTEM AND SERVICES ACQUISITION

2.17 Ensure that a daemon-wide custom seccomp profile is applied if appropriateCIS Docker v1.6.0 L2 Docker LinuxUnix

SYSTEM AND SERVICES ACQUISITION

3.1 Ensure 'deployment method retail' is setCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND SERVICES ACQUISITION

3.2 Ensure 'debug' is turned off - ApplicationsCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

3.2 Ensure 'debug' is turned off - DefaultCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

3.3 Ensure custom error messages are not off - ApplicationsCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

3.3 Ensure custom error messages are not off - DefaultCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - ApplicationsCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND SERVICES ACQUISITION

3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - DefaultCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND SERVICES ACQUISITION

3.5 Ensure ASP.NET stack tracing is not enabled - ApplicationsCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

3.5 Ensure ASP.NET stack tracing is not enabled - DefaultCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

3.6 Ensure 'httpcookie' mode is configured for session state - ApplicationsCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

3.6 Ensure 'httpcookie' mode is configured for session state - DefaultCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

3.7 Ensure 'cookies' are set with HttpOnly attribute - ApplicationsCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND SERVICES ACQUISITION

3.7 Ensure 'cookies' are set with HttpOnly attribute - DefaultCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND SERVICES ACQUISITION

4.1 Ensure 'maxAllowedContentLength' is configured - ApplicationsCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

4.1 Ensure 'maxAllowedContentLength' is configured - DefaultCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

4.2 Ensure 'maxURL request filter' is configured - ApplicationsCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

4.2 Ensure 'maxURL request filter' is configured - DefaultCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

4.2 Ensure Example or Test Databases are Not Installed on Production ServersCIS MySQL 5.6 Community Database L1 v2.0.0MySQLDB

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.2 Ensure Example or Test Databases are Not Installed on Production ServersCIS MySQL 5.6 Enterprise Database L1 v2.0.0MySQLDB

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.6\my.cnfCIS MySQL 5.6 Community Windows OS L2 v2.0.0Windows

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.initCIS MySQL 5.7 Community Windows OS L2 v2.0.0Windows

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - %WINDIR%\my.cnfCIS MySQL 5.7 Community Windows OS L2 v2.0.0Windows

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - %WINDIR%\my.iniCIS MySQL 5.6 Community Windows OS L2 v2.0.0Windows

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - C:\my.iniCIS MySQL 5.6 Community Windows OS L2 v2.0.0Windows

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - mysqld start-upCIS MySQL 5.7 Community Linux OS L2 v2.0.0Unix

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - SYSCONFDIR/my.cnfCIS MySQL 5.7 Community Linux OS L2 v2.0.0Unix

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.3 Ensure 'MaxQueryString request filter' is configured - ApplicationsCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

4.3 Ensure 'MaxQueryString request filter' is configured - DefaultCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

4.4 Ensure non-ASCII characters in URLs are not allowed - ApplicationsCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

4.4 Ensure non-ASCII characters in URLs are not allowed - DefaultCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

4.6 Ensure 'HTTP Trace Method' is disabled - ApplicationsCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND SERVICES ACQUISITION

4.6 Ensure 'HTTP Trace Method' is disabled - DefaultCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND SERVICES ACQUISITION

4.7 Ensure Unlisted File Extensions are not allowed - ApplicationsCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND SERVICES ACQUISITION

4.7 Ensure Unlisted File Extensions are not allowed - DefaultCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND SERVICES ACQUISITION

4.8 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES'CIS MariaDB 10.6 on Linux L2 v1.1.0Unix

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.9 Ensure 'notListedIsapisAllowed' is set to falseCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND SERVICES ACQUISITION

4.10 Ensure 'notListedCgisAllowed' is set to falseCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND SERVICES ACQUISITION

5.2 Ensure PostgreSQL is Bound to an IP AddressCIS PostgreSQL 14 DB v 1.2.0PostgreSQLDB

PLANNING, SYSTEM AND SERVICES ACQUISITION

6.3 Ensure 'Postmaster' Runtime Parameters are ConfiguredCIS PostgreSQL 10 DB v1.0.0PostgreSQLDB

SYSTEM AND SERVICES ACQUISITION