Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.6.2 Ensure system wide crypto policy disables sha1 hash and signature supportCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure system wide crypto policy is not set in sshd configurationCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure system wide crypto policy is not set in sshd configurationCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure system wide crypto policy disables cbc for sshCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.5 Ensure 'Enable S/MIME for OWA' is set to 'True'CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.1 (L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.1 (L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.6 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.6 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.7 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.7 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.7 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.7 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.10 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.4.3 Ensure 'Receive connector' is set to 'TLS'CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3 Ensure 'log_error' Has Appropriate PermissionsCIS MariaDB 10.6 on Linux L1 v1.1.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.11.36.4.9.3 (L1) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.11.36.4.9.4 (L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.11.55.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.11.55.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.4 Ensure sshd Ciphers are configuredCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.5 Ensure sshd KexAlgorithms is configuredCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.2 Ensure login via 'host' TCP/IP Socket is configured correctlyCIS PostgreSQL 12 OS v1.1.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3.1 Ensure server parameter 'require_secure_transport' is set to 'ON' for MySQL flexible serverCIS Microsoft Azure Foundations v3.0.0 L1microsoft_azure

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure SSLEnabled is set to True for Sensitive Connectors - verify SSLEnabled is set to trueCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is UsedCIS PostgreSQL 13 OS v1.2.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is UsedCIS PostgreSQL 16 OS v1.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.8 Ensure TLS is enabled and configured correctlyCIS PostgreSQL 13 DB v1.2.0PostgreSQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.8 Ensure TLS is enabled and configured correctlyCIS PostgreSQL 14 DB v 1.2.0PostgreSQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databasesCIS Microsoft SQL Server 2019 v1.4.0 L1 Database EngineMS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure Network Encryption is Configured and EnabledCIS Microsoft SQL Server 2019 v1.4.0 L2 Database EngineMS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure WAL archiving is configured and functionalCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.5 Ensure streaming replication parameters are configured correctlyCIS PostgreSQL 14 DB v 1.2.0PostgreSQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.5.4.1 (L1) Ensure 'Configure DNS over HTTPS (DoH) name resolution' is set to 'Enabled: Allow DoH' or higherCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.56.3.9.2 (L1) Ensure 'Require secure RPC communication' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.56.3.9.3 (L1) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.56.3.9.5 (L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.88.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.88.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

45.27 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLM and 128-bit encryption'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION