1.1.3.5.2 Set 'Domain member: Digitally sign secure channel data (when possible)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.3.5.3 Set 'Domain member: Digitally encrypt secure channel data (when possible)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.3.8.3 Set 'Microsoft network server: Digitally sign communications (if client agrees)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Auth Provider | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.15 Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.3.11.4 Ensure 'Network Security: Encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Ensure TLS authentication for Docker daemon is configured --tlscacert | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Ensure TLS authentication for Docker daemon is configured --tlskey | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Ensure TLS authentication for Docker daemon is configured --tlsverify | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.7.2 Time Machine Volumes Are Encrypted | CIS Apple macOS 10.14 v1.3.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
4.1 Ensure TLS or SSL protects all network communications | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
4.1 Use TSIG Keys 256 Bits in Length | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
4.3 Ensure Windows Authentication uses Kerberos and not the NT Lan Manager (NTLM) authentication protocol | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved ciphers are used | Huawei EulerOS 2 Workstation L1 v1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved MAC algorithms are used | CIS Oracle Linux 6 Server L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved MAC algorithms are used | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved MAC algorithms are used | CIS Ubuntu Linux 16.04 LTS Workstation L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved MAC algorithms are used | CIS Distribution Independent Linux Server L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved MAC algorithms are used | CIS Distribution Independent Linux Workstation L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved MAC algorithms are used | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.12 Ensure only approved MAC algorithms are used | Huawei EulerOS 2 Server L1 v1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.13 Ensure only strong ciphers are used | CIS Amazon Linux 2 v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.13 Ensure only strong Ciphers are used - approved ciphers | CIS Red Hat EL7 Workstation L1 v3.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.13 Ensure only strong Ciphers are used - approved ciphers | CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.13 Ensure only strong Ciphers are used - weak ciphers | CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.14 Ensure only strong MAC algorithms are used - approved MACs | CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.15 Ensure only strong Key Exchange algorithms are used | CIS SUSE Linux Enterprise 15 Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.15 Ensure only strong Key Exchange algorithms are used - weak algorithms | CIS Red Hat EL7 Workstation L1 v3.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.20 Ensure system-wide crypto policy is not over-ridden | CIS CentOS Linux 8 Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.20 Ensure system-wide crypto policy is not over-ridden | CIS CentOS Linux 8 Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.3.4 Ensure password hashing algorithm is SHA-512 | CIS Debian 9 Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.2 Ensure SSLEnabled is set to True for Sensitive Connectors - verify SSLEnabled is set to true | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.2 Ensure SSLEnabled is set to True for Sensitive Connectors - verify SSLEnabled is set to true | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to true | CIS Apache Tomcat 9 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to true | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - openssl version | CIS PostgreSQL 10 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.10.1.7 Ensure Only Suite B Ciphers are set for SSH - ciphers restriction | CIS Juniper OS Benchmark v2.0.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
6.10.1.11 Ensure Strong Key Signing Algorithms are set for SSH | CIS Juniper OS Benchmark v2.0.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - DSA keys | CIS Juniper OS Benchmark v2.0.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - ECDSA Key | CIS Juniper OS Benchmark v2.0.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
6.10.2.3 Ensure Web-Management is Set to use PKI Certificate for HTTPS | CIS Juniper OS Benchmark v2.0.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
6.10.3.4 Ensure XNM-SSL SSLv3 Support is Not Set | CIS Juniper OS Benchmark v2.0.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
6.10.5.5 Ensure REST HTTPS Cipher List is Set | CIS Juniper OS Benchmark v2.0.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
7.2 Ensure SSLv2 is disabled | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
7.4 Ensure Weak SSL Protocols Are Disabled - 'SSLv2 or SSLv3' | CIS Apache HTTP Server 2.2 L1 v3.5.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
10.4 Force SSL when accessing the manager application | CIS Apache Tomcat 9 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
10.4 Force SSL when accessing the manager application | CIS Apache Tomcat 9 L1 v1.0.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
10.11 Force SSL for all applications | CIS Apache Tomcat 9 L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
18.8.4.1 Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients' | CIS Microsoft Windows Server 2016 DC L1 v1.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
18.8.4.1 Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients' | CIS Windows Server 2012 R2 DC L1 v2.5.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |