Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
Item Search
Audits
Item Search
Filters (1)
Description
Filename
Plugin
References
Control ID
Relevance
Description
Plugin
Filename
References (Active)
Search by References
Clear All
‹‹ Previous
Previous
Page 2 of 441
• 22018 Total
Next
Next ››
Name
Audit Name
Plugin
Category
DG0003-ORACLE11 - The latest security patches should be installed.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0013-ORACLE11 - Database backup procedures should be defined, documented and implemented.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0021-ORACLE11 - A baseline of database application software should be documented and maintained.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - 'Oracle Advanced Security is installed'
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0069-ORACLE11 - Procedures and restrictions for import of production data to development databases should be documented, implemented and followed.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0083-ORACLE11 - Automated notification of suspicious activity detected in the audit trail should be implemented.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0086-ORACLE11 - DBA roles should be periodically monitored to detect assignment of unauthorized or excess privileges.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0090-ORACLE11 - Sensitive information stored in the database should be protected by encryption.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0095-ORACLE11 - Audit trail data should be reviewed daily or more frequently.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0097-ORACLE11 - Plans and procedures for testing DBMS installations, upgrades and patches should be defined and followed prior to production implementation.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0097-ORACLE11 - Plans and procedures for testing DBMS installations, upgrades and patches should be defined and followed prior to production implementation.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0101-ORACLE11 - OS accounts used to execute external procedures should be assigned minimum privileges.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0106-ORACLE11 - Database data encryption controls should be configured in accordance with application requirements.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0107-ORACLE11 - Sensitive data is stored in the database and should be identified in the System Security Plan and AIS Functional Architecture documentation.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0107-ORACLE11 - Sensitive data is stored in the database and should be identified in the System Security Plan and AIS Functional Architecture documentation.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0118-ORACLE11 - The IAM should review changes to DBA role assignments.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0140-ORACLE11 - Access to DBMS security data should be audited.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0140-ORACLE11 - Access to DBMS security data should be audited.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0157-ORACLE11 - Remote DBMS administration should be documented and authorized or disabled.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0157-ORACLE11 - Remote DBMS administration should be documented and authorized or disabled.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0158-ORACLE11 - DBMS remote administration should be audited.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DG0158-ORACLE11 - DBMS remote administration should be audited.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0159-ORACLE11 - Remote administrative access to the database should be monitored by the IAO or IAM.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0161-ORACLE11 - An automated tool that monitors audit data and immediately reports suspicious activity should be employed for the DBMS.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0176-ORACLE11 - The DBMS audit logs should be included in backup operations.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0186-ORACLE11 - The database should not be directly accessible from public or unauthorized networks.
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
DG0198-ORACLE11 - Remote administration of the DBMS should be restricted to known, dedicated and encrypted network addresses and ports.
DISA STIG Oracle 11 Installation v9r1 Windows
Windows
DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'TRACE_LEVEL_SERVER'
DISA STIG Oracle 11 Installation v9r1 Linux
Unix
WA060 A22 - A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WA00565 A22 - HTTP request methods must be limited - LimitExcept
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WA00565 A22 - HTTP request methods must be limited - Order
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG050 A22 - The web server password(s) must be entrusted to the SA or Web Manager.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WG050 W22 - The web server service password(s) must be entrusted to the SA or Web Manager.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WG080 A22 - Installation of a compiler on production web server is prohibited.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG145 A22 - The private web server must use an approved DoD certificate validation process.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG204 A22 - A web server must be segregated from other services.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
WG204 A22 - A web server must be segregated from other services.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG204 W22 - A web server installation must be segregated from other services.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WG255 A22 - Access to the web server log files must be restricted to administrators, web administrators, and auditors.
DISA STIG Apache Site 2.2 Unix v1r11
Unix
WG260 IIS6 - Only fully reviewed and tested web sites must exist on a production web server.
DISA STIG IIS 6.0 Site Checklist v6r16
Windows
WG270 A22 - The web server's htpasswd files (if present) must reflect proper ownership and permissions
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG275 W22 - The web server, although started by superuser or privileged account, must run using a non-privileged account.
DISA STIG Apache Server 2.2 Windows v1r13
Windows
WG350 W22 - A private web server must have a valid DoD server certificate.
DISA STIG Apache Site 2.2 Windows v1r13
Windows
WG355 A22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA.
DISA STIG Apache Server 2.2 Unix v1r11
Unix
WG355 IIS6 - A private web site must utilize certificates from a trusted DoD CA.
DISA STIG IIS 6.0 Site Checklist v6r16
Windows
WG410 IIS6 - Interactive scripts must have proper access controls. - 'Execute Permissions set 'Script only'
DISA STIG IIS 6.0 Site Checklist v6r16
Windows
WG430 A22 - Anonymous FTP user access to interactive scripts is prohibited.
DISA STIG Apache Site 2.2 Unix v1r11
Unix
WG440 A22 - Monitoring software must include CGI or equivalent programs in its scope.
DISA STIG Apache Server 2.2 Unix v1r11 Middleware
Unix
‹‹ Previous
Previous
Page 2 of 441
• 22018 Total
Next
Next ››