Item Search

NameAudit NamePluginCategory
1.1 Ensure DNS server is configuredCIS Fortigate 7.0.x Level 1 v1.2.0FortiGate
1.1 Ensure DNS server is configured - dns server 2CIS Fortigate Level 1 v1.0.0FortiGate
1.2.1 Ensure Trusted Locations Are DefinedCIS Microsoft Azure Foundations v1.5.0 L1microsoft_azure
1.2.2 Ensure 'Host Name' is setCIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP addressCIS Cisco ASA 9.x Firewall L2 v1.0.0Cisco
1.8.3 Ensure 'HTTP idle timeout' is less than or equal to '5' minutesCIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
1.10.2 Ensure 'logging to Serial console' is disabledCIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
1.10.4 Ensure 'syslog hosts' is configured correctlyCIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
1.10.11 Ensure email logging is configured for critical to emergencyCIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
1.11.3 Ensure 'snmp-server host' is set to 'version 3'CIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
1.11.5 Ensure 'SNMP community string' is not the default stringCIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
2.1.1 Ensure 'RIP authentication' is enabledCIS Cisco ASA 9.x Firewall L2 v1.0.0Cisco
2.1.2 Ensure 'OSPF authentication' is enabledCIS Cisco ASA 9.x Firewall L2 v1.0.0Cisco
2.1.2 Ensure 'Post-Login-Banner' is set - warning messageCIS Fortigate Level 1 v1.1.0FortiGate
2.1.2 Ensure 'Post-Login-Banner' is set - warning messageCIS Fortigate 7.0.x Level 1 v1.2.0FortiGate
2.1.4 Ensure 'BGP authentication' is enabledCIS Cisco ASA 9.x Firewall L2 v1.0.0Cisco
2.4 Ensure DHCP services are disabled for untrusted interfaces - dhcprelayCIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
2.5.1 Ensure High Availability configuration is enabledCIS Fortigate 7.0.x Level 2 v1.2.0FortiGate
2.5.3 Ensure HA Reserved Management Interface is configuredCIS Fortigate 7.0.x Level 1 v1.2.0FortiGate
3.1 Ensure DNS services are configured correctly - domain-lookupCIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
3.1 Ensure That the Default Network Does Not Exist in a ProjectCIS Google Cloud Platform v1.3.0 L2GCP
3.1 Ensure That the Default Network Does Not Exist in a ProjectCIS Google Cloud Platform v2.0.0 L2GCP
3.2 Ensure intrusion prevention is enabled for untrusted interfacesCIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
3.2 Ensure legacy networks do not exist for a projectCIS Google Cloud Platform v1.1.0 L1GCP
3.2 Ensure Legacy Networks Do Not Exist for Older ProjectsCIS Google Cloud Platform v1.3.0 L1GCP
3.2.1.1 Configure RA Guard - policyCIS Cisco NX-OS L1 v1.0.0Cisco
3.2.3 Disable Proxy ARP on all Layer 3 InterfacesCIS Cisco NX-OS L1 v1.0.0Cisco
3.2.6 Ensure that the --make-iptables-util-chains argument is set to trueCIS Google Kubernetes Engine (GKE) v1.4.0 L1 NodeUnix
3.2.7 Ensure that the --make-iptables-util-chains argument is set to trueCIS Google Kubernetes Engine (GKE) v1.3.0 L1 NodeUnix
3.3 Ensure That DNSSEC Is Enabled for Cloud DNSCIS Google Cloud Platform v1.3.0 L1GCP
3.4 Ensure non-default application inspection is configured correctlyCIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
3.4 Ensure that RSASHA1 is not used for the key-signing key in Cloud DNS DNSSECCIS Google Cloud Platform v1.1.0 L1GCP
3.4 Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSECCIS Google Cloud Platform v1.3.0 L1GCP
3.5 Ensure DOS protection is enabled for untrusted interfacesCIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
3.5 Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSECCIS Google Cloud Platform v2.0.0 L1GCP
3.5 Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSECCIS Google Cloud Platform v1.3.0 L1GCP
3.6 Ensure 'threat-detection statistics' is set to 'tcp-intercept'CIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
3.7 Ensure 'ip verify' is set to 'reverse-path' for untrusted interfacesCIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
3.10 Ensure ActiveX filtering is enabledCIS Cisco ASA 9.x Firewall L2 v1.0.0Cisco
3.11 Ensure Java applet filtering is enabledCIS Cisco ASA 9.x Firewall L2 v1.0.0Cisco
3.12 Ensure explicit deny in access lists is configured correctlyCIS Cisco ASA 9.x Firewall L1 v1.0.0Cisco
18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'CIS Microsoft Windows Server 2019 v3.0.0 L2 Domain ControllerWindows
18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'CIS Microsoft Windows Server 2016 STIG v2.0.0 L2 DCWindows
18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'CIS Microsoft Windows Server 2016 STIG v2.0.0 L2 MSWindows
18.5.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' - Enabled: 3CIS Microsoft Windows Server 2019 Standalone DC L2 v1.0.0Windows
18.5.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' - Enabled: 3CIS Microsoft Windows Server Standalone 2019 Standalone MS L2 v1.0.0Windows
18.5.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' - Enabled: 3CIS Microsoft Windows Server 2022 v2.0.0 L2 DCWindows
18.5.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' - Enabled: 3CIS Windows Server 2016 DC L2 v2.0.0Windows
18.5.11 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' - Enabled: 3CIS Microsoft Windows 10 Stand-alone v2.0.0 L2Windows
18.5.12 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1Windows