Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.6.12 - TCP/IP Tuning - 'udp_pmtu_discover = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.13 - TCP/IP Tuning - 'ipsrcrouterecv = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.14 - TCP/IP Tuning - 'nonlocsrcroute = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.16 - TCP/IP Tuning - 'sockthresh <= 60'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.19 - TCP/IP Tuning - 'tcp_recvspace >= 262144'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Allow Docker to make changes to iptablesCIS Docker 1.6 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10.1 - TCP Wrappers - installing TCP Wrappers - 'netsec.options.tcpwrapper.license is installed'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10.4 - TCP Wrappers - wrapping inetd services - 'all enabled inetd.conf services use TCP wrappers'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.2 Ensure packet redirect sending is disabled - /etc/sysctl ipv4 all sendCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Ensure ICMP redirects are not accepted - /etc/sysctl ipv4 all acceptCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Ensure ICMP redirects are not accepted - sysctl ipv4 default acceptCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.3 Ensure secure ICMP redirects are not accepted - /etc/sysctl ipv4 all secureCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.6 Ensure bogus ICMP responses are ignored - sysctlCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.7 Ensure Reverse Path Filtering is enabled - /etc/sysctl ipv4 default rp_filterCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.7 Ensure Reverse Path Filtering is enabled - sysctl ipv4 all rp_filterCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 Ensure IPv6 router advertisements are not accepted - /etc/sysctl ipv6 all acceptCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 Ensure IPv6 router advertisements are not accepted - /etc/sysctl ipv6 default acceptCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.9 ipsrcrouterecvCIS IBM AIX 7.1 L1 v2.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.11 ip6srcrouteforwardCIS IBM AIX 7.1 L1 v2.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.17 udp_pmtu_discoverCIS IBM AIX 7.1 L1 v2.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1.5 Ensure default zone is setCIS Oracle Linux 7 Server L1 v3.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.5 Ensure a table existsCIS Oracle Linux 7 Server L1 v3.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.9 Ensure default deny firewall policy - forwardCIS Oracle Linux 7 Server L1 v3.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.2.2 Ensure loopback traffic is configured - inputCIS Oracle Linux 7 Server L1 v3.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.3.2 Ensure IPv6 loopback traffic is configured - inputCIS Oracle Linux 7 Server L1 v3.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'CIS Microsoft Intune for Windows 11 v3.0.1 L2Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Ignore erroneous or unwanted traffic 'Link Local'CIS ISC BIND 9.0/9.5 v2.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.2.6 ipignoreredirectsCIS IBM AIX 7.2 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.2.8 ipsrcrouteforwardCIS IBM AIX 7.2 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.2.9 ipsrcrouterecvCIS IBM AIX 7.2 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.2.17 udp_pmtu_discoverCIS IBM AIX 7.2 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Ensure Firewall is active - iptables-persistent run level 3CIS Debian Linux 7 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows Server 2019 v3.0.1 L1 MSWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'CIS Windows Server 2012 DC L2 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'CIS Windows Server 2012 R2 MS L2 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'CIS Microsoft Windows Server 2022 STIG v1.0.0 L2 MSWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes'CIS Microsoft Windows 11 Stand-alone v3.0.0 L2 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT Windows 10 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT Windows 11 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Public ProfileMSCT Windows 10 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT Windows 11 v23H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)MSCT Windows 10 v21H1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows 11 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows 11 v23H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION