Item Search

NameAudit NamePluginCategory
1.1.3 Ensure separate file system for /tmpCIS Amazon Linux 2 STIG v1.0.0 L3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.13 Ensure separate partition exists for /homeCIS SUSE Linux Enterprise Server 11 L2 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.21 Ensure sticky bit is set on all world-writable directoriesCIS Debian 9 Workstation L1 v1.0.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.21 Ensure sticky bit is set on all world-writable directoriesCIS Debian 9 Server L1 v1.0.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.5.1 Ensure core dumps are restricted - limits.conf limits.dCIS Debian 9 Server L1 v1.0.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.2 Ensure 'Default geolocation setting' is set to 'Enabled: Do not allow any site to track the users' physical location'CIS Google Chrome L1 v2.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.6 Ensure 'Control how Chrome Cleanup reports data to Google' is set to 'Disabled'CIS Google Chrome L1 v2.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Ensure 'Enable network prediction' is set to 'Enabled: Do not predict actions on any network connection'CIS Google Chrome L1 v2.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.11 Ensure 'Enable or disable spell checking web service' is set to 'Disabled'CIS Google Chrome L1 v2.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.13 Ensure 'Enable Safe Browsing for trusted sources' is set to 'Disabled'CIS Google Chrome L1 v2.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.16 Ensure 'Enable URL-keyed anonymized data collection' is set to 'Disabled'CIS Google Chrome L1 v2.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.3.13 Ensure file deletion events by users are collected - auditctl b32 unlinkCIS CentOS Linux 8 Server L2 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.3.13 Ensure file deletion events by users are collected - b64 unlinkCIS CentOS Linux 8 Server L2 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure file deletion events by users are collected - 32-bitCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure file deletion events by users are collected - 32-bitCIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure file deletion events by users are collected - 64-bitCIS Ubuntu Linux 16.04 LTS Server L2 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure file deletion events by users are collected - 64-bitCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure file deletion events by users are collected - auditctl (32-bit)CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure file deletion events by users are collected - auditctl (64-bit)CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure file deletion events by users are collected - auditctl (64-bit)CIS Ubuntu Linux 16.04 LTS Server L2 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure file deletion events by users are collected - auditctl (64-bit)CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure file deletion events by users are collected - auditctl deleteCIS Debian Family Workstation L2 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure file deletion events by users are collected - auditctl delete x64CIS Debian Family Server L2 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure file deletion events by users are collected - auditctl delete x64CIS Debian Family Workstation L2 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure file deletion events by users are collected - deleteCIS Debian Family Server L2 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure file deletion events by users are collected - delete x64CIS Debian Family Workstation L2 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure successful file system mounts are collected - auditctl mountCIS Debian 9 Server L2 v1.0.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure successful file system mounts are collected - auditctl mountCIS Debian 9 Workstation L2 v1.0.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure successful file system mounts are collected - auditctl mount x64CIS Debian 9 Server L2 v1.0.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure successful file system mounts are collected - mountsCIS Debian 9 Workstation L2 v1.0.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure successful file system mounts are collected - mounts x64CIS Debian 9 Server L2 v1.0.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.13 Ensure successful file system mounts are collected - mounts x64CIS Debian 9 Workstation L2 v1.0.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.4.1 Prefer using secrets as files over secrets as environment variablesCIS Google Kubernetes Engine (GKE) v1.5.0 L2GCP

SYSTEM AND COMMUNICATIONS PROTECTION

4.4.2 Consider external secret storageCIS Google Kubernetes Engine (GKE) v1.5.0 L2GCP

SYSTEM AND COMMUNICATIONS PROTECTION

4.5 Ensure Content trust for Docker is EnabledCIS Docker v1.6.0 L2 Docker LinuxUnix

SYSTEM AND COMMUNICATIONS PROTECTION

4.9 Ensure 'Enable AutoFill for addresses' is set to 'Disabled'CIS Google Chrome L1 v2.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

4.10 Ensure secrets are not stored in DockerfilesCIS Docker v1.6.0 L1 Docker LinuxUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure that Service Account Tokens are only mounted where necessary - podsCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure that Service Account Tokens are only mounted where necessary - podsCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure that Service Account Tokens are only mounted where necessary - serviceaccountsCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure that Service Account Tokens are only mounted where necessary - serviceaccountsCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure that Service Account Tokens are only mounted where necessary - serviceaccountsCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.4.1 Prefer using secrets as files over secrets as environment variablesCIS Kubernetes v1.23 Benchmark v1.0.1 L2 MasterUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.4.1 Prefer using secrets as files over secrets as environment variablesCIS Kubernetes Benchmark v1.8.0 L2 MasterUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.4.2 Consider external secret storageCIS Kubernetes v1.23 Benchmark v1.0.1 L2 MasterUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.4.2 Consider external secret storageCIS Kubernetes Benchmark v1.8.0 L2 MasterUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.4.4 Ensure default user umask is 027 or more restrictive - /etc/bash.bashrcCIS Debian 9 Workstation L1 v1.0.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

5.4.4 Ensure default user umask is 027 or more restrictive - /etc/bash.bashrcCIS Debian 9 Server L1 v1.0.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile.d/*.shCIS Debian 9 Server L1 v1.0.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

7.10 Repairing permissions is no longer neededCIS Apple macOS 10.12 L1 v1.2.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION