Item Search

NameAudit NamePluginCategory
1.1.15 - AirWatch - Enable 'Encrypt phone'AirWatch - CIS Google Android 4 v1.0.0 L1MDM

ACCESS CONTROL

1.1.15 - MobileIron - Enable 'Encrypt phone'MobileIron - CIS Google Android 4 v1.0.0 L1MDM

ACCESS CONTROL

1.2.4.2.1.1 Set 'Configure use of hardware-based encryption for fixed data drives' to 'Enabled'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.1.6 Set 'Use BitLocker software-based encryption when hardware encryption is not available' to 'True'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.1.7 Set 'Restrict crypto algorithms or cipher suites to the following:' to '2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.1.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.1.17 Configure 'Deny write access to fixed drives not protected by BitLocker'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.1.18 Set 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' to 'Disabled'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.2.1 Set 'Configure use of hardware-based encryption for operating system drives' to 'Enabled'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.2.3 Set 'Configure use of passwords for operating system drives' to 'Disabled'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.2.6 Set 'Use BitLocker software-based encryption when hardware encryption is not available' to 'True'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.2.7 Set 'Restrict crypto algorithms or cipher suites to the following:' to '2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.2.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.2.15 Set 'Require additional authentication at startup' to 'Enabled'CIS Windows 8 L1 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

1.2.4.2.2.19 Set 'Configure TPM startup:' to 'Do not allow TPM'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.2.27 Set 'Allow Secure Boot for integrity validation' to 'Enabled'CIS Windows 8 L1 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

1.2.4.2.2.29 Configure 'Allow network unlock at startup'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.2.30 Configure 'Reset platform validation data after BitLocker recovery'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.3.1 Set 'Configure use of hardware-based encryption for removable data drives' to 'Enabled'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.3.6 Set 'Use BitLocker software-based encryption when hardware encryption is not available' to 'True'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.3.7 Set 'Restrict crypto algorithms or cipher suites to the following:' to '2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.3.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.3.13 Set 'Save BitLocker recovery information to AD DS for removable data drives' to 'False'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.3.18 Set 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' to 'Disabled'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.3.19 Configure 'Control use of BitLocker on removable drives'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.5 Set 'Select the encryption method:' to 'Enabled:AES 256-bit'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4.2.8 Configure 'Provide the unique identifiers for your organization'CIS Windows 8 L1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.9 - AirWatch - Enable 'Require encryption on the device'AirWatch - CIS Google Android 4 v1.0.0 L1MDM

ACCESS CONTROL

2.1.9 - MobileIron - Enable 'Require encryption on the device'MobileIron - CIS Google Android 4 v1.0.0 L1MDM

ACCESS CONTROL

2.5 Ensure 'cookie protection mode' is configured for forms authentication - ApplicationsCIS IIS 7 L1 v1.8.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.5 Ensure 'cookie protection mode' is configured for forms authentication - DefaultCIS IIS 7 L1 v1.8.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.5.1.1 Enable FileVaultCIS Apple macOS 10.13 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.6.1.1 Enable FileVaultCIS Apple macOS 10.12 L1 v1.2.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

18.8.34.6.2 (BL) Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

ACCESS CONTROL

18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'CIS Windows 7 Workstation Bitlocker v3.2.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.13 Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.16 (BL) Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

CONFIGURATION MANAGEMENT

18.9.11.2.16 (BL) Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

CONFIGURATION MANAGEMENT

18.9.11.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Windows 7 Workstation Bitlocker v3.2.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Disable new DMA devices when this computer is lockedMSCT Windows 10 1809 v1.0.0Windows

CONFIGURATION MANAGEMENT

Disable new DMA devices when this computer is lockedMSCT Windows 10 1803 v1.0.0Windows

CONFIGURATION MANAGEMENT

Disable new DMA devices when this computer is lockedMSCT Windows 10 1909 v1.0.0Windows

CONFIGURATION MANAGEMENT

Disable new DMA devices when this computer is lockedMSCT Windows 10 v21H2 v1.0.0Windows

CONFIGURATION MANAGEMENT

Disable new DMA devices when this computer is lockedMSCT Windows 10 v2004 v1.0.0Windows

CONFIGURATION MANAGEMENT

Disable new DMA devices when this computer is lockedMSCT Windows 10 1903 v1.19.9Windows

CONFIGURATION MANAGEMENT

Disable new DMA devices when this computer is lockedMSCT Windows 10 v20H2 v1.0.0Windows

CONFIGURATION MANAGEMENT