2.1.1.1.5 Set maximum value for 'ip ssh authentication-retries' | CIS Cisco IOS 17 L1 v2.0.0 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.1.1.1.5 Set maximum value for 'ip ssh authentication-retries' | CIS Cisco IOS 16 L1 v2.0.0 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.7 Ensure TLS authentication for Docker daemon is configured - tlscacert | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.7 Ensure TLS authentication for Docker daemon is configured - tlscert | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.7 Ensure TLS authentication for Docker daemon is configured - tlskey | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.7 Ensure TLS authentication for Docker daemon is configured - tlsverify | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8.1 Ensure 'Allow remote access connections to this machine' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8.2 Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8.3 Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain defined | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8.4 Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8.5 Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8.6 Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8.7 Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'. | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.32 Ensure 'Allow remote debugging' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
3.2 Ensure 'Allow unmanaged devices' is set to 'False' | CIS Microsoft Exchange Server 2019 L1 MDM v1.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
3.9 Ensure 'Require encryption on device' is set to 'True' | CIS Microsoft Exchange Server 2019 L1 MDM v1.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
5.117 - Users must be prevented from connecting using Terminal Services. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
Big Sur - Control remote access methods | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL |
Catalina - Control remote access methods | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL |
FNFG-FW-000015 - The FortiGate firewall must use organization-defined filtering rules that apply to the monitoring of remote access traffic for the traffic from the VPN access points. | DISA Fortigate Firewall STIG v1r3 | FortiGate | ACCESS CONTROL |
KNOX-07-005100 - The Samsung must be configured to enable authentication of hotspot connections to the device using a preshared key. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
KNOX-07-005100 - The Samsung must be configured to enable authentication of hotspot connections to the device using a preshared key. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
Monterey - Control remote access methods | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL |
OL08-00-010070 - All OL 8 remote access methods must be monitored. | DISA Oracle Linux 8 STIG v1r8 | Unix | ACCESS CONTROL |
PHTN-30-000006 - The Photon operating system must have the sshd SyslogFacility set to 'authpriv'. | DISA STIG VMware vSphere 7.0 Photon OS v1r2 | Unix | ACCESS CONTROL |
PHTN-30-000007 - The Photon operating system must have sshd authentication logging enabled. | DISA STIG VMware vSphere 7.0 Photon OS v1r2 | Unix | ACCESS CONTROL |
PHTN-30-000008 - The Photon operating system must have the sshd LogLevel set to 'INFO' | DISA STIG VMware vSphere 7.0 Photon OS v1r2 | Unix | ACCESS CONTROL |
PHTN-67-000006 - The Photon operating system must have the sshd SyslogFacility set to 'authpriv' - authpriv. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
PHTN-67-000007 - The Photon operating system must have sshd authentication logging enabled. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
RHEL-08-040090 - A RHEL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems. | DISA Red Hat Enterprise Linux 8 STIG v1r13 | Unix | ACCESS CONTROL |
RHEL-08-040100 - A firewall must be installed on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v1r13 | Unix | ACCESS CONTROL |
SLES-15-010150 - The SUSE operating system must log SSH connection attempts and failures to the server. | DISA SLES 15 STIG v1r12 | Unix | ACCESS CONTROL |
SYMP-AG-000010 - If Symantec ProxySG filters externally initiated traffic, reverse proxy services must be configured. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
SYMP-AG-000020 - Symantec ProxySG providing intermediary services for remote access communications traffic must ensure outbound traffic is monitored for compliance with remote access security policies. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
UBTU-20-010403 - The Ubuntu operating system must monitor remote access methods. | DISA STIG Ubuntu 20.04 LTS v1r10 | Unix | ACCESS CONTROL |
UBTU-20-010433 - The Ubuntu operating system must have an application firewall installed in order to control remote access methods. | DISA STIG Ubuntu 20.04 LTS v1r10 | Unix | ACCESS CONTROL |
VCRP-67-000005 - The rhttpproxy must produce log records containing sufficient information to establish the source of events. | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | ACCESS CONTROL |
VCRP-67-000008 - The rhttproxy must exclusively use the HTTPS protocol for client connections - privateKey | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | ACCESS CONTROL |
VCRP-67-000008 - The rhttproxy must exclusively use the HTTPS protocol for client connections - vecsServerName | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | ACCESS CONTROL |
VCRP-70-000006 - Envoy must exclusively use the HTTPS protocol for client connections. | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | ACCESS CONTROL |
WBSP-AS-000120 - The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes - depth | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
WBSP-AS-000120 - The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes - depth | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
WBSP-AS-000120 - The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes - depth | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
WBSP-AS-000120 - The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes - enabled | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
WBSP-AS-000120 - The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes - enabled | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
WBSP-AS-000120 - The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes - enabled | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
WBSP-AS-000130 - The WebSphere Application Server administrative security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
WBSP-AS-000130 - The WebSphere Application Server administrative security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
WBSP-AS-000130 - The WebSphere Application Server administrative security must be enabled. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
WN11-AU-000065 - The system must be configured to audit Logon/Logoff - Logoff successes. | DISA Windows 11 STIG v1r5 | Windows | ACCESS CONTROL |