Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.2.27 Ensure that the --client-ca-file argument is set as appropriateCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.3.6 Ensure that the RotateKubeletServerCertificate argument is set to trueCIS Kubernetes v1.20 Benchmark v1.0.1 L2 MasterUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.1 Ensure system wide crypto policy is not set to legacyCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure system wide crypto policy disables sha1 hash and signature supportCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure system wide crypto policy disables sha1 hash and signature supportCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure system wide crypto policy is not set in sshd configurationCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure system wide crypto policy is not set in sshd configurationCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure system wide crypto policy disables cbc for sshCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Ensure 'forms authentication' require SSL - DefaultCIS IIS 10 v1.2.1 Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.5.3 Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only)CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.2 (L1) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'CIS Windows Server 2012 R2 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.6 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM' - Send NTLMv2 response only. Refuse LM & NTLMCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.7 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.7 Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher - Negotiate signing or higherCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.8 (L1) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higherCIS Windows Server 2012 R2 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.8 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.9 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.10 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Windows Server 2012 R2 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.4.5 Ensure only encrypted access channels are enabledCIS Fortigate 7.0.x v1.3.0 L1FortiGate

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.6.1 Ensure 'VPN' is 'Configured'AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1MDM

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - ApplicationsCIS IIS 10 v1.2.1 Level 2Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.10 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyCIS Kubernetes v1.23 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.22 Ensure sshd crypto_policy is not setCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.4 Ensure sshd Ciphers are configuredCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.5 Ensure sshd KexAlgorithms is configuredCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3 Database Manager Configuration Parameter: ALTERNATE_AUTH_ENCCIS IBM DB2 11 v1.1.0 Linux OS Level 1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3 Database Manager Configuration Parameter: ALTERNATE_AUTH_ENCCIS IBM DB2 11 v1.1.0 Windows OS Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.6.7 Ensure use of Google-managed SSL CertificatesCIS Google Kubernetes Engine (GKE) v1.6.1 L2GCP

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure SSLEnabled is set to True for Sensitive Connectors - verify SSLEnabled is set to trueCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure a Valid Trusted Certificate Is InstalledCIS Apache HTTP Server 2.4 L1 v2.1.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2.1 Encrypt Log Transmission to FortiAnalyzer / FortiManagerCIS Fortigate 7.0.x v1.3.0 L1FortiGate

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Ensure SSL Compression is not EnabledCIS Apache HTTP Server 2.4 L1 v2.1.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.10 Ensure OCSP Stapling Is Enabled - SSLStaplingCacheCIS Apache HTTP Server 2.4 L2 v2.1.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.10 Ensure OCSP Stapling Is Enabled - SSLUseStaplingCIS Apache HTTP Server 2.4 L2 v2.1.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.11 Ensure HTTP Strict Transport Security Is EnabledCIS Apache HTTP Server 2.4 L2 v2.1.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.12 Ensure TLS Cipher Suite ordering is ConfiguredCIS IIS 10 v1.2.1 Level 2Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1.5 Configure a Secure TLS Version (SSL_VERSIONS)CIS IBM DB2 11 v1.1.0 Windows OS Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1.6 Configure Secure TLS Cipher Suites (SSL_CIPHERSPECS)CIS IBM DB2 11 v1.1.0 Linux OS Level 1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1.9 Configure a Client-side Stash File for TLS (SSL_CLNT_STASH)CIS IBM DB2 11 v1.1.0 Windows OS Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1.11 Enable Remote TLS Connections to Db2 (DB2COMM)CIS IBM DB2 11 v1.1.0 Windows OS Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.4 Force SSL when accessing the manager application via HTTPCIS Apache Tomcat 10 L1 v1.1.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.2.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-70-000090 - The ESXi host rhttpproxy daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions.DISA STIG VMware vSphere 7.0 ESXi OS v1r2Unix

ACCESS CONTROL

SYMP-AG-000040 - Symantec ProxySG providing reverse proxy intermediary services for TLS must be configured to version 1.1 or higher with an approved cipher suite.DISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

ACCESS CONTROL

SYMP-AG-000050 - Symantec ProxySG storing secret or private keys must use FIPS-approved key management technology and processes in the production and control of private/secret cryptographic keys.DISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

ACCESS CONTROL

UBTU-20-010045 - The Ubuntu operating system SSH server must be configured to use only FIPS-validated key exchange algorithms.DISA STIG Ubuntu 20.04 LTS v2r1Unix

ACCESS CONTROL