Item Search

NameAudit NamePluginCategory
1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.27 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfileCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.3 Dedicated Name Server RoleCIS BIND DNS v3.0.1 Authoritative Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0CIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.8 Ensure that the --make-iptables-util-chains argument is set to trueCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.8 Ensure that the --make-iptables-util-chains argument is set to trueCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Ignore Erroneous or Unwanted Queries - Link local addressesCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Ignore Erroneous or Unwanted Queries - Link local addressesCIS BIND DNS v3.0.1 Authoritative Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Ignore Erroneous or Unwanted Queries - Multicast addressesCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 10/8; addressesCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 10/8; addressesCIS BIND DNS v3.0.1 Authoritative Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 192.168/16; addressesCIS BIND DNS v3.0.1 Authoritative Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.18 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfileCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

3.1.18 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-keyfileCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

3.4 Restrict Queries of the Cache - Caching OnlyCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Connection TimeoutCIS Microsoft SharePoint 2019 OS v1.0.0Windows

ACCESS CONTROL

3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Max ConnectionsCIS Microsoft SharePoint 2019 OS v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Ensure that SharePoint is set to reject or delay network traffic generated above traffic volume thresholds - maxConnectionsCIS Microsoft SharePoint 2016 OS v1.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

5.3 Securely Authenticate Update ForwardingCIS BIND DNS v3.0.1 Authoritative Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.13 Ensure incoming container traffic is binded to a specific host interfaceCIS Docker Community Edition v1.1.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.31 Ensure the Docker socket is not mounted inside any containersCIS Docker Community Edition v1.1.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

6.1 Hide BIND Version StringCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

6.1 Hide BIND Version StringCIS BIND DNS v3.0.1 Authoritative Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure that MongoDB uses a non-default portCIS MongoDB 3.4 L1 Windows Audit v1.0.0Windows

CONFIGURATION MANAGEMENT

6.2 Ensure that MongoDB uses a non-default portCIS MongoDB 3.2 L1 Windows Audit v1.0.0Windows

CONFIGURATION MANAGEMENT

6.2 Ensure that MongoDB uses a non-default portCIS MongoDB 3.4 L1 Unix Audit v1.0.0Unix

CONFIGURATION MANAGEMENT

6.2 Ensure that MongoDB uses a non-default portCIS MongoDB 3.2 L1 Unix Audit v1.0.0Unix

CONFIGURATION MANAGEMENT

6.2 Hide Nameserver IDCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Enable DNSSEC Validation - dnssec-enableCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Enable DNSSEC Validation - dnssec-validationCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure swarm services are binded to a specific host interfaceCIS Docker Community Edition v1.1.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

9.2 Ensure KeepAlive Is EnabledCIS Apache HTTP Server 2.2 L1 v3.6.0Unix

ACCESS CONTROL

18.4.4 Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled'CIS Windows 7 Workstation Level 2 v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION

18.4.4 Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT Windows Server 1903 DC v1.19.9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT Windows Server v1909 MS v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT Windows Server v1909 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (Protects against packet spoofing)MSCT Windows Server 2012 R2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (Protects against packet spoofing)MSCT Windows Server 2016 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT Windows 10 1903 v1.19.9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows Server 1903 DC v1.19.9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows Server v1909 MS v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows Server 2016 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows 10 1903 v1.19.9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows 10 1803 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS serversMSCT Windows Server 1903 DC v1.19.9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS serversMSCT Windows Server v1909 MS v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS serversMSCT Windows Server 2016 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS serversMSCT Windows 10 1909 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS serversMSCT Windows 10 1809 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION