Item Search

NameAudit NamePluginCategory
1.1.3.10.10 Set 'Network access: Remotely accessible registry paths' to the following listCIS Windows 8 L1 v1.0.0Windows

ACCESS CONTROL

2.2.25 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only)CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL

2.2.25 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only)CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL

2.2.25 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only)CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

2.2.26 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only)CIS Windows Server 2012 MS L1 v3.0.0Windows

ACCESS CONTROL

2.2.26 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only)CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL

2.2.26 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only)CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain ControllerWindows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.2.27 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only)CIS Microsoft Windows Server 2019 v3.0.1 L1 MSWindows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.2.27 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only)CIS Microsoft Windows Server 2022 v3.0.0 L1 Member ServerWindows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.2.31 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only)CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.2.32 Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only)CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DCWindows

ACCESS CONTROL

2.2.32 Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only)CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DCWindows

ACCESS CONTROL

2.2.34 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only)CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MSWindows

ACCESS CONTROL

2.2.39 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (STIG MS only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL

2.2.41 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (STIG MS only)CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MSWindows

ACCESS CONTROL

2.2.42 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (STIG MS only)CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MSWindows

ACCESS CONTROL

2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

IDENTIFICATION AND AUTHENTICATION

2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

CONFIGURATION MANAGEMENT

2.3.11.8 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption' - Require NTLMv2 session security, Require 128-bit encryptionCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.9 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption' - Require NTLMv2 session security, Require 128-bit encryptionCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROLCIS MySQL 5.6 Community Database L1 v2.0.0MySQLDB

ACCESS CONTROL

2.11 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTSCIS MySQL 5.6 Enterprise Database L1 v2.0.0MySQLDB

ACCESS CONTROL

2.11 Implement Connection Delays to Limit Failed Login Attempts - connection_control_min_connection_delayCIS MySQL 5.6 Enterprise Database L1 v2.0.0MySQLDB

ACCESS CONTROL

2.15 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROLCIS MySQL 5.7 Community Database L1 v2.0.0MySQLDB

ACCESS CONTROL

18.3.2 Ensure 'Configure SMB v1 server' is set to 'Disabled' - DisabledCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.3.2 Ensure 'Configure SMB v1 server' is set to 'Disabled' - DisabledCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT

18.3.6 (L1) Ensure 'Extended Protection for LDAP Authentication (Domain Controllers only)' is set to 'Enabled: Enabled, always (recommended)' (DC Only)CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

18.3.7 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 60 or fewer' (STIG MS only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

IDENTIFICATION AND AUTHENTICATION

18.9.11.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL

18.9.11.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.10.9.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

ACCESS CONTROL

18.10.9.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

ACCESS CONTROL

18.10.9.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLockerWindows

ACCESS CONTROL

18.10.9.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 BLWindows

ACCESS CONTROL

18.10.9.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

ACCESS CONTROL

18.10.9.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NGWindows

ACCESS CONTROL

18.10.9.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

ACCESS CONTROL

18.10.9.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

ACCESS CONTROL

GEN002860 - Audit logs must be rotated daily.DISA STIG for Oracle Linux 5 v2r1Unix

CONFIGURATION MANAGEMENT

GEN002860 - Audit logs must be rotated daily.DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

CONFIGURATION MANAGEMENT

Network security: Allow Local System to use computer identity for NTLMMSCT Windows 10 v1507 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Network security: Allow Local System to use computer identity for NTLMMSCT Windows Server 2012 R2 DC v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Network security: Allow Local System to use computer identity for NTLMMSCT Windows Server 2016 MS v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Network security: Allow Local System to use computer identity for NTLMMSCT Windows Server 2012 R2 MS v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Network security: Allow Local System to use computer identity for NTLMMSCT Windows Server 2016 DC v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

WN16-MS-000120 - Windows Server 2016 must be running Credential Guard on domain-joined member servers.DISA Windows Server 2016 STIG v2r9Windows

CONFIGURATION MANAGEMENT

WN19-MS-000030 - Windows Server 2019 local users on domain-joined member servers must not be enumerated.DISA Windows Server 2019 STIG v3r2Windows

CONFIGURATION MANAGEMENT

WN19-MS-000140 - Windows Server 2019 must be running Credential Guard on domain-joined member servers.DISA Windows Server 2019 STIG v3r2Windows

CONFIGURATION MANAGEMENT

WN22-MS-000140 - Windows Server 2022 must be running Credential Guard on domain-joined member servers.DISA Windows Server 2022 STIG v2r2Windows

CONFIGURATION MANAGEMENT