1.1.3.5.5 Set 'Domain member: Digitally encrypt or sign secure channel data (always)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.30 Ensure that the API Server only makes use of Strong Cryptographic Ciphers | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPS | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443 | CIS Microsoft SharePoint 2016 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
1.2.35 Ensure that the API Server only makes use of Strong Cryptographic Ciphers | CIS Kubernetes Benchmark v1.5.1 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
1.3 Configure SSH - Check if RhostsRSAAuthentication is set to no and not commented for server. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
1.11 Ensure system-wide crypto policy is FUTURE or FIPS | CIS CentOS Linux 8 Workstation L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
1.11 Ensure system-wide crypto policy is FUTURE or FIPS | CIS CentOS Linux 8 Server L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.15 Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
4.2 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
4.2.13 Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | CIS Kubernetes Benchmark v1.5.1 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
4.3 Ensure Windows Authentication uses Kerberos and not the NT Lan Manager (NTLM) authentication protocol | CIS Microsoft SharePoint 2016 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved ciphers are used | Huawei EulerOS 2 Server L1 v1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved MAC algorithms are used | CIS Red Hat 6 Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved MAC algorithms are used | CIS CentOS 6 Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.11 Ensure only approved MAC algorithms are used | CIS Oracle Linux 6 Workstation L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.13 Ensure only strong Ciphers are used | CIS SUSE Linux Enterprise 15 Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.13 Ensure only strong Ciphers are used | CIS SUSE Linux Enterprise 15 Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.13 Ensure only strong Ciphers are used - approved ciphers | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.13 Ensure only strong Ciphers are used - weak ciphers | CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.14 Ensure only strong Key Exchange algorithms are used | CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.14 Ensure only strong MAC algorithms are used | CIS SUSE Linux Enterprise 15 Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.14 Ensure only strong MAC algorithms are used - approved MACs | CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.14 Ensure only strong MAC algorithms are used - weak MACs | CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.15 Ensure only strong Key Exchange algorithms are used | CIS Debian 8 Server L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.15 Ensure only strong Key Exchange algorithms are used | CIS Debian 8 Workstation L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.15 Ensure only strong Key Exchange algorithms are used - approved algorithms | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.20 Ensure system-wide crypto policy is not over-ridden | CIS Oracle Linux 8 Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.2.23 Ensure RSA rhosts authentication is not allowed | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
5.4.1.1 Ensure password hashing algorithm is SHA-512 | CIS SUSE Linux Enterprise 15 Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.4.1.1 Ensure password hashing algorithm is SHA-512 | CIS SUSE Linux Enterprise 15 Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.1.8 Set SSH RhostsRSAAuthentication to no - Check if RhostsRSAAuthentication is set to no and not commented for the server. | CIS Solaris 10 v5.2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
6.2 Ensure HTTPS binding: TCP 32844 is used | CIS Microsoft SharePoint 2016 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
6.3 Ensure scheme is set accurately | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.3 Ensure scheme is set accurately | CIS Apache Tomcat 9 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.3 Ensure scheme is set accurately | CIS Apache Tomcat 9 L1 v1.0.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.5 Ensure SSL Protocol is set to TLS for Secure Connectors - verify sslProtocol is set to TLS | CIS Apache Tomcat 9 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabled | CIS PostgreSQL 10 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.8 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - openssl version | CIS PostgreSQL 9.5 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.10.2.2 Ensure Web-Management is Set to use HTTPS | CIS Juniper OS Benchmark v2.0.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
6.10.2.3 Ensure Web-Management is Set to use PKI Certificate for HTTPS | CIS Juniper OS Benchmark v2.0.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
7.3 Ensure SSLv3 is disabled | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
7.4 Ensure data exchanged between containers are encrypted on different nodes on the overlay network | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
7.4 Ensure Weak SSL Protocols Are Disabled - 'SSLv2 or SSLv3' | CIS Apache HTTP Server 2.4 L1 v1.5.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
7.7 Ensure SSL Compression is not Enabled | CIS Apache HTTP Server 2.4 L1 v1.5.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
7.7 Ensure SSL Compression is not Enabled | CIS Apache HTTP Server 2.4 L1 v1.5.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
10.11 Force SSL for all applications | CIS Apache Tomcat 9 L2 v1.0.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
18.8.4.1 Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients' | CIS Microsoft Windows Server 2016 MS L1 v1.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
Fortigate - SNMP v3 is not enabled | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
PCI 2.2.4 Configure system security parameters to prevent misuse - Configure SSH (/etc/ssh/sshd_config RhostsRSAAuthentication) | PCI DSS 2.0/3.0 - Solaris 10 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |