1.1.3.1 Configure Authorization | CIS Cisco IOS XR 7.x v1.0.0 L2 | Cisco | ACCESS CONTROL |
1.2.1 Ensure the container host has been Hardened | CIS Docker v1.7.0 L1 Docker - Linux | Unix | CONFIGURATION MANAGEMENT |
1.3.1 Ensure 'Minimum Password Complexity' is enabled | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
2.2.2 Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users, ENTERPRISE DOMAIN CONTROLLERS' (DC only) | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
2.2.2 Ensure 'Access this computer from the network' is set to 'Administrators, Remote Desktop Users' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
2.2.3 Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users' (MS only) - Administrators, Authenticated Users | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
2.3.5.3 (L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only) | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.3.5.4 (L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only) | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.3.11.6 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM' - Send NTLMv2 response only. Refuse LM & NTLM | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.3.11.6 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM' - Send NTLMv2 response only. Refuse LM & NTLM | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.3.11.7 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
4.4 Enable Auditing of Process and Privilege Events - AUE_CHROOT : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.4 Enable Auditing of Process and Privilege Events - AUE_CHROOT : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.4 Enable Auditing of Process and Privilege Events - AUE_NICE : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.4 Enable Auditing of Process and Privilege Events - AUE_PRIOCNTLSYS : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.4 Enable Auditing of Process and Privilege Events - AUE_SETGID : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.4 Enable Auditing of Process and Privilege Events - AUE_SETPPRIV : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.4 Enable Auditing of Process and Privilege Events - AUE_SETSID : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.4 Enable Auditing of Process and Privilege Events - AUE_SETUID : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.3 Ensure password protection is enabled for on-prem Active Directory | CIS Microsoft 365 Foundations E3 L1 v3.1.0 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
17.4.2 Ensure 'Audit Directory Service Access' is set to include 'Success and Failure' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
17.4.2 Ensure 'Audit Directory Service Access' is set to include 'Success and Failure' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
17.4.3 Ensure 'Audit Directory Service Access' is set to include 'Success and Failure' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows Server 2019 STIG v2.0.0 L2 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows Server 2019 v3.0.1 L2 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + NG | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows Server 2019 v3.0.1 L2 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
18.9.23.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows Server 2022 STIG v1.0.0 L2 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
18.9.23.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows Server 2022 STIG v1.0.0 L2 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
AADC-CL-000210 - Adobe Acrobat Pro DC Classic Enhanced Security for browser mode must be enabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
AADC-CL-001280 - Adobe Acrobat Pro DC Classic Default Handler changes must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
AADC-CL-001320 - Adobe Acrobat Pro DC Classic Periodic downloading of Adobe certificates must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
ARDC-CL-000085 - Adobe Reader DC must disable Adobe Send for Signature. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
ARDC-CL-000090 - Adobe Reader DC must disable access to Webmail. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
ARDC-CN-000025 - Adobe Reader DC must Block Websites. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
CIS_Palo_Alto_Firewall_8_Benchmark_L2_v1.0.0.audit from CIS Palo Alto Firewall 8 Benchmark v1.0.0 | CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0 | Palo_Alto | |
JUSX-VN-000019 - The Juniper SRX Services Gateway VPN must use multifactor authentication (e.g., DoD PKI) for network access to non-privileged accounts. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
Network security: Do not store LAN Manager hash value on next password change | MSCT Windows Server v2004 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
Network security: Do not store LAN Manager hash value on next password change | MSCT Windows 10 1809 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
Network security: Do not store LAN Manager hash value on next password change | MSCT Windows 10 v21H2 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
Network security: Do not store LAN Manager hash value on next password change | MSCT Windows 11 v23H2 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
Network security: Do not store LAN Manager hash value on next password change | MSCT Windows Server 1903 MS v1.19.9 | Windows | IDENTIFICATION AND AUTHENTICATION |
Network security: Do not store LAN Manager hash value on next password change | MSCT Windows Server v1909 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
Network security: Do not store LAN Manager hash value on next password change | MSCT Windows Server 2019 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
WN22-DC-000020 - Windows Server 2022 Kerberos user logon restrictions must be enforced. | DISA Windows Server 2022 STIG v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
WN22-DC-000320 - Windows Server 2022 domain controllers must require LDAP access signing. | DISA Windows Server 2022 STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |