1.1.3.7.2 Set 'Microsoft network client: Digitally sign communications (always)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.3.7.3 Set 'Microsoft network client: Digitally sign communications (if server agrees)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.3.8.5 Set 'Microsoft network server: Digitally sign communications (always)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.39 Ensure that the API Server only makes use of Strong Cryptographic Ciphers | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPS | CIS Microsoft SharePoint 2016 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Auth Provider | CIS Microsoft SharePoint 2016 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3 | CIS Cisco IOS 15 L2 v4.0.1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
1.10 Ensure system-wide crypto policy is FUTURE or FIPS | CIS Oracle Linux 8 Server L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
1.10 Ensure system-wide crypto policy is FUTURE or FIPS | CIS Oracle Linux 8 Workstation L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
1.11 Ensure system-wide crypto policy is FUTURE or FIPS | CIS Red Hat EL8 Workstation L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
1.11 Ensure system-wide crypto policy is FUTURE or FIPS | CIS Red Hat EL8 Server L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.3.11.4 Ensure 'Network Security: Encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Ensure TLS authentication for Docker daemon is configured --tlscert | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
4.1 Ensure TLS or SSL protects all network communications | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
4.1 Use TSIG Keys 256 Bits in Length | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved MAC algorithms are used | CIS CentOS 6 Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved MAC algorithms are used | CIS Red Hat 6 Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved MAC algorithms are used | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved MAC algorithms are used | CIS Ubuntu Linux 16.04 LTS Server L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.13 Ensure only strong ciphers are used | CIS Debian 9 Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.13 Ensure only strong ciphers are used | CIS Debian 9 Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.13 Ensure only strong Ciphers are used - approved ciphers | CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.14 Ensure only strong Key Exchange algorithms are used | CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.14 Ensure only strong MAC algorithms are used | CIS SUSE Linux Enterprise 15 Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.14 Ensure only strong MAC algorithms are used - weak MACs | CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.15 Ensure only strong Key Exchange algorithms are used | CIS SUSE Linux Enterprise 15 Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.15 Ensure only strong Key Exchange algorithms are used | CIS SUSE Linux Enterprise 15 Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.15 Ensure only strong Key Exchange algorithms are used - approved algorithms | CIS Red Hat EL7 Workstation L1 v3.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.15 Ensure only strong Key Exchange algorithms are used - weak algorithms | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.15 Ensure that strong Key Exchange algorithms are used | CIS Amazon Linux 2 v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.20 Ensure system-wide crypto policy is not over-ridden | CIS Oracle Linux 8 Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.3.4 Ensure password hashing algorithm is SHA-512 | CIS Debian 9 Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.2 Ensure SSLEnabled is set to True for Sensitive Connectors - verify SSLEnabled is set to true | CIS Apache Tomcat 9 L1 v1.0.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.2 Ensure SSLEnabled is set to True for Sensitive Connectors - verify SSLEnabled is set to true | CIS Apache Tomcat 9 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.3 Ensure scheme is set accurately | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to true | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to true | CIS Apache Tomcat 9 L1 v1.0.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.8 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabled | CIS PostgreSQL 9.5 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - key-exchange restriction | CIS Juniper OS Benchmark v2.0.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
6.10.5.6 Ensure REST HTTPS Cipher List is Set to Suite B Only | CIS Juniper OS Benchmark v2.0.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
7.1 Ensure HSTS Header is set | CIS IIS 10 v1.1.0 Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
7.2 Ensure SSLv2 is disabled | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
7.4 Ensure Weak SSL Protocols Are Disabled - 'TLSv1' | CIS Apache HTTP Server 2.2 L1 v3.5.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
7.6 Ensure Insecure SSL Renegotiation Is Not Enabled | CIS Apache HTTP Server 2.2 L1 v3.5.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
7.6 Ensure swarm manager is run in auto-lock mode | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
7.7 Ensure SSL Compression is Not Enabled | CIS Apache HTTP Server 2.2 L1 v3.5.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
7.12 Ensure TLS Cipher Suite ordering is configured | CIS IIS 10 v1.1.0 Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
18.8.4.1 Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients' | CIS Windows Server 2012 R2 MS L1 v2.4.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
18.8.4.1 Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients' | CIS Windows Server 2012 R2 MS L1 v2.5.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
18.8.4.1 Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients' | CIS Windows Server 2012 R2 DC L1 v2.4.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |