CSCv7|16.5

Title

Encrypt Transmittal of Username and Authentication Credentials

Description

Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
1.1.2 (L1) Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
1.1.3 (L1) Ensure 'Minimum password age' is set to '1 or more day(s)'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
1.1.4 (L1) Ensure 'Minimum password length' is set to '14 or more character(s)'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.1.4 Ensure 'Minimum password length' is set to '14 or more character(s)'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
1.1.5 (L1) Ensure 'Password must meet complexity requirements' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.1.5 Ensure 'Password must meet complexity requirements' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
1.2.3 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.2.4 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
1.2.4 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'	Windows	CIS Windows Server 2012 DC L1 v3.0.0
1.2.4 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
1.2.4 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
1.2.4 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)' - 15 or more minute(s)	Windows	CIS Microsoft Windows Server 2019 Standalone DC L1 vCIS Microsoft Windows Server 2019 Standalone DC L1 v1.0.0
1.2.4 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)' - 15 or more minute(s)	Windows	CIS Microsoft Windows Server 2019 MS Standalone L1 v1.0.0
1.2.4 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)' - 15 or more minute(s)	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 MS
1.2.4 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)' - 15 or more minute(s)	Windows	CIS Microsoft Windows Server 2016 DC L1 v2.0.0
1.2.4 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)' - 15 or more minute(s)	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 DC
1.2.4 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)' - 15 or more minute(s)	Windows	CIS Microsoft Windows Server 2019 MS L1 v2.0.0
1.2.4 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)' - 15 or more minute(s)	Windows	CIS Microsoft Windows Server 2019 DC L1 v2.0.0
1.2.4 Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)' - 15 or more minute(s)	Windows	CIS Microsoft Windows Server 2016 MS L1 v2.0.0
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - Telnet	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - Telnet	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.2.5 Ensure valid certificate is set for browser-based administrator interface	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificates	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificates	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
18.10.89.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1
18.10.89.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.10.89.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0

Detections

Analytics

CSCv7|16.5

Title

Description

Reference Item Details

Audit Items