CSCv6|8

Title

Malware Defenses

Description

Malware Defenses

Reference Item Details

Reference: CIS Critical Security Controls v6

Category: Malware Defenses

Family: System

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3.6.8 Set 'Interactive logon: Do not require CTRL+ALT+DEL' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.20 Ensure noexec option set on removable media partitions	Unix	CIS Distribution Independent Linux Workstation L1 v2.0.0
1.1.20 Ensure noexec option set on removable media partitions	Unix	CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.1.20 Ensure noexec option set on removable media partitions	Unix	CIS Distribution Independent Linux Server L1 v2.0.0
1.1.20 Ensure noexec option set on removable media partitions	Unix	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.1.21 Ensure noexec option set on removable media partitions	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.1.21 Ensure noexec option set on removable media partitions	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.2.3.9 Set 'Choose the boot-start drivers that can be initialized:' to 'Enabled:Good, unknown and bad but critical'	Windows	CIS Windows 8 L1 v1.0.0
1.18 Ensure 'Scan device for security threats' is set to 'Enabled'	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.18 Ensure 'Scan device for security threats' is set to 'Enabled'	MDM	AirWatch - CIS Google Android v1.3.0 L1
1.19 Ensure 'Improve harmful app detection' is set to 'Enabled'	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.19 Ensure 'Improve harmful app detection' is set to 'Enabled'	MDM	AirWatch - CIS Google Android v1.3.0 L1
2.1 Ensure 'Block File Types' is configured to match the enterprise blacklist	Windows	CIS Microsoft SharePoint 2016 OS v1.1.0
2.1 Ensure 'Blocked File Types' is configured to match the enterprise blacklist	Windows	CIS Microsoft SharePoint 2019 OS v1.0.0
2.3.7.2 (L1) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.4.9 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.4.9 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.4.9 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.8.14.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.77.3.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
Boot-Start Driver Initialization Policy	Windows	MSCT Windows Server v2004 MS v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows Server 1903 MS v1.19.9
Boot-Start Driver Initialization Policy	Windows	MSCT Windows Server 1903 DC v1.19.9
Boot-Start Driver Initialization Policy	Windows	MSCT Windows Server 2016 MS v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows Server v1909 MS v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows Server v20H2 MS v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows Server 2019 MS v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows Server 2019 DC v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows Server 2016 DC v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows 10 1909 v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows 10 1809 v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows 10 v2004 v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows 10 v21H2 v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows Server v2004 DC v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows Server v1909 DC v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows Server v20H2 DC v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows 10 1903 v1.19.9
Boot-Start Driver Initialization Policy	Windows	MSCT Windows 10 v1507 v1.0.0
Boot-Start Driver Initialization Policy	Windows	MSCT Windows 10 v20H2 v1.0.0
Boot-Start Driver Initialization Policy - DriverLoadPolicy	Windows	MSCT Windows 10 1803 v1.0.0
Ensure noexec option set on removable media partitions	Unix	Tenable Cisco Firepower Management Center OS Best Practices Audit
Interactive logon: Do not require CTRL+ALT+DEL	Windows	MSCT Windows Server 2012 R2 DC v1.0.0

Detections

Analytics

CSCv6|8

Title

Description

Reference Item Details

Audit Items