Theme

CSCv6|8

Title

Malware Defenses

Description

Malware Defenses

Reference Item Details

Reference: CIS Critical Security Controls v6

Category: Malware Defenses

Family: System

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3.6.8 Set 'Interactive logon: Do not require CTRL+ALT+DEL' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.19 Ensure noexec option set on removable media partitions	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.1.20 Ensure noexec option set on removable media partitions	Unix	CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.1.20 Ensure noexec option set on removable media partitions	Unix	CIS Distribution Independent Linux Workstation L1 v2.0.0
1.1.20 Ensure noexec option set on removable media partitions	Unix	CIS Distribution Independent Linux Server L1 v2.0.0
1.1.20 Ensure noexec option set on removable media partitions	Unix	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.1.21 Ensure noexec option set on removable media partitions	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.1.21 Ensure noexec option set on removable media partitions	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.1.0
1.1.21 Ensure noexec option set on removable media partitions	Unix	CIS Ubuntu Linux 20.04 LTS Server L1 v1.1.0
1.1.21 Ensure noexec option set on removable media partitions	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.2.3.9 Set 'Choose the boot-start drivers that can be initialized:' to 'Enabled:Good, unknown and bad but critical'	Windows	CIS Windows 8 L1 v1.0.0
1.18 Ensure 'Scan device for security threats' is set to 'Enabled'	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.18 Ensure 'Scan device for security threats' is set to 'Enabled'	MDM	AirWatch - CIS Google Android v1.3.0 L1
1.19 Ensure 'Improve harmful app detection' is set to 'Enabled'	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.19 Ensure 'Improve harmful app detection' is set to 'Enabled'	MDM	AirWatch - CIS Google Android v1.3.0 L1
2.1 Ensure 'Block File Types' is configured to match the enterprise blacklist	Windows	CIS Microsoft SharePoint 2016 OS v1.1.0
2.1 Ensure 'Blocked File Types' is configured to match the enterprise blacklist	Windows	CIS Microsoft SharePoint 2019 OS v1.0.0
2.3.7.1 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
2.3.7.1 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
2.3.7.1 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1
2.3.7.1 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
2.3.7.2 (L1) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
2.3.7.2 (L1) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
18.4.9 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.4.9 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
18.4.9 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.4.9 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.4.9 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.4.9 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1
18.4.9 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
18.4.9 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.8.14.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
18.8.14.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.9.47.4.1 Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
18.9.47.4.1 Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1
18.9.47.4.1 Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.9.47.4.1 Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.9.77.3.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
18.9.77.3.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker