Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
Item Search
Audits
Item Search
Filters (1)
Description
Filename
Plugin
References
Control ID
Relevance
Description
Plugin
Filename
References (Active)
Search by References
Clear All
‹‹ Previous
Previous
Page 1 of 441
• 22018 Total
Next
Next ››
Name
Audit Name
Plugin
Category
DG0003-ORACLE11 - The latest security patches should be installed.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0013-ORACLE11 - Database backup procedures should be defined, documented and implemented.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0021-ORACLE11 - A baseline of database application software should be documented and maintained.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0031-ORACLE11 - Transaction logs should be periodically reviewed for unauthorized modification of data.
DISA STIG Oracle 11 Instance v9r1 Database
OracleDB
DG0041-ORACLE11 - Use of the DBMS installation account should be logged.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0052-ORACLE11 - All applications that access the database should be logged in the audit trail.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0053-ORACLE11 - A single database connection configuration file should not be used to configure all database clients.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0066-ORACLE11 - Procedures for establishing temporary passwords that meet DoD password requirements for new accounts should be defined, documented and implemented.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0068-ORACLE11 - DBMS tools or applications that echo or require a password entry in clear text should be protected from password display.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0074-ORACLE11 - Unapproved inactive or expired database accounts should not be found on the database.
DISA STIG Oracle 11 Instance v9r1 Database
OracleDB
DG0078-ORACLE11 - Each database user, application or process should have an individually assigned account.
DISA STIG Oracle 11 Instance v9r1 Database
OracleDB
DG0080-ORACLE11 - Application user privilege assignment should be reviewed monthly or more frequently to ensure compliance with least privilege and documented policy.
DISA STIG Oracle 11 Instance v9r1 Database
OracleDB
DG0086-ORACLE11 - DBA roles should be periodically monitored to detect assignment of unauthorized or excess privileges.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0105-ORACLE11 - DBMS application user roles should not be assigned unauthorized privileges.
DISA STIG Oracle 11 Instance v9r1 Database
OracleDB
DG0120-ORACLE11 - Unauthorized access to external database objects should be removed from application user roles.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0124-ORACLE11 - Use of DBA accounts should be restricted to administrative activities.
DISA STIG Oracle 11 Instance v9r1 Database
OracleDB
DG0165-ORACLE11 - DBMS symmetric keys should be protected in accordance with NSA or NIST-approved key management technology or processes.
DISA STIG Oracle 11 Instance v9r1 Database
OracleDB
DG0175-ORACLE11 - The DBMS host platform and other dependent applications should be configured in compliance with applicable STIG requirements.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0190-ORACLE11 - Credentials stored and used by the DBMS to access remote databases or applications should be authorized and restricted to authorized users.
DISA STIG Oracle 11 Instance v9r1 Database
OracleDB
DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'TRACE_LEVEL_SERVER'
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
WA060 A22 - A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WA060 W22 - A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WA070 A22 - A private web server must be located on a separate controlled access subnet.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WA070 A22 - A private web server must be located on a separate controlled access subnet.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WA070 W22 - A private web server must be located on a separate controlled access subnet.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WA230 W22 - The site software used with the web server must have all applicable security patches applied and documented.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WA00530 A22 - The process ID (PID) file must be properly secured - permissions
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WA00535 A22 - The score board file must be properly secured.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG040 W22 - Public web server resources must not be shared with private assets.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WG050 A22 - The web server password(s) must be entrusted to the SA or Web Manager.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG060 W22 - The service account used to run the web service must have its password changed at least annually.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WG080 A22 - Installation of a compiler on production web server is prohibited.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WG080 W22 - Installation of a compiler on production web server must be prohibited.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WG145 A22 - The private web server must use an approved DoD certificate validation process.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WG145 IIS6 - The private web server must use an approved DoD certificate validation process. - 'Check W3SVC/WEBSITES CertCheckMode'
DISA STIG IIS 6.0 Site Checklist v6r16
Windows
WG240 IIS6 - Logs of web server access and errors must be established and maintained.
DISA STIG IIS 6.0 Site Checklist v6r16
Windows
WG250 A22 - Log file access must be restricted to System Administrators, Web Administrators or Auditors.
DISA STIG Apache Site 2.2 Unix v1r11
Unix
WG260 A22 - Only web sites that have been fully reviewed and tested must exist on a production web server.
DISA STIG Apache Site 2.2 Unix v1r11
Unix
WG260 W22 - Only web sites that have been fully reviewed and tested must exist on a production web server.
DISA STIG Apache Site 2.2 Windows v1r13
Windows
WG280 - The access control files are owned by a privileged web server account - HTACCESS_DIR
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG280 - The access control files are owned by a privileged web server account - HTTPD_CONFIG_DIRECTORY/httpd.conf
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG330 A22 - A public web server must limit email to outbound only - sendmail
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG350 A22 - A private web server will have a valid DoD server certificate.
DISA STIG Apache Site 2.2 Unix v1r11
Unix
WG350 IIS6 - A private web server must have a valid server certificate.
DISA STIG IIS 6.0 Site Checklist v6r16
Windows
WG355 A22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WG355 W22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WG430 W22 - Anonymous FTP user access to interactive scripts must be prohibited.
DISA STIG Apache Site 2.2 Windows v1r13
Windows
WG440 A22 - Monitoring software must include CGI or equivalent programs in its scope.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG460 W22 - PERL scripts must use the TAINT option.
DISA STIG Apache Site 2.2 Windows v1r13
Windows
‹‹ Previous
Previous
Page 1 of 441
• 22018 Total
Next
Next ››