Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NGWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.2.29 Ensure that the --encryption-provider-config argument is set as appropriateCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.2.30 Ensure that encryption providers are appropriately configuredCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.2.31 Ensure that the --etcd-cafile argument is set as appropriateCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.4.2 Enable 'service password-encryption'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.4.2 Enable 'service password-encryption'CIS Cisco IOS XE 17.x v2.1.0 L1Cisco

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1 Ensure that the --cert-file and --key-file arguments are set as appropriateCIS Kubernetes v1.10.0 L1 MasterUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1 Ensure that the --cert-file and --key-file arguments are set as appropriate - certCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1 Ensure that the --cert-file and --key-file arguments are set as appropriate - keyCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2 Ensure that the --client-cert-auth argument is set to trueCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.2 (L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.5 (L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.5 (L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.5 (L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.5 (L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.5 (L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.14.1 (L2) Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User is prompted when the key is first used' or higherCIS Microsoft Windows 10 Enterprise v3.0.0 L2Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate - keyCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.7 Ensure 'passwordFormat' is not set to clear - DefaultCIS IIS 10 v1.2.1 Level 1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Encryption: File System Level (EFS)CIS IBM AIX 7.2 L2 v1.1.0Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1 (L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.4.2.3.4 Ensure pam_pwhistory includes use_authtokCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.4.3.4.3 Ensure pam_unix includes a strong password hashing algorithmCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.4.4 Ensure strong password hashing algorithm is configuredCIS Debian 10 Server L1 v2.0.0Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.4.4 Ensure strong password hashing algorithm is configuredCIS Debian 10 Workstation L1 v2.0.0Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.5.4 Ensure password hashing algorithm is SHA-512CIS Amazon Linux 2023 Server L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.9 Enable data-at-rest encryption in MariaDBCIS MariaDB 10.6 on Linux L2 v1.1.0Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed keyCIS Microsoft Azure Foundations v3.0.0 L2microsoft_azure

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.2.3 Ensure password hashing algorithm is SHA-512CIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3.3.3.3 Ensure pam_pwhistory includes use_authtokCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3.3.4.3 Ensure pam_unix includes a strong password hashing algorithmCIS Debian Linux 11 v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3.3.4.4 Ensure pam_unix includes use_authtokCIS Debian Linux 12 v1.1.0 L1 WorkstationUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3.3.4.4 Ensure pam_unix includes use_authtokCIS Debian Linux 11 v2.0.0 L1 WorkstationUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.4.1.4 Ensure strong password hashing algorithm is configuredCIS Debian Linux 12 v1.1.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.9.2 Enable Customer-Managed Encryption Keys (CMEK) for Boot DisksCIS Google Kubernetes Engine (GKE) v1.6.1 L2GCP

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.2.1 Ensure accounts in /etc/passwd use shadowed passwordsCIS Debian 10 Workstation L1 v2.0.0Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.2.1 Ensure accounts in /etc/passwd use shadowed passwordsCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Disable use of the mysql_old_password pluginCIS MariaDB 10.6 Database L1 v1.1.0MySQLDB

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.5 Ensure Databases are Encrypted with TDECIS SQL Server 2022 Database L2 DB v1.1.0MS_SQLDB

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.2 Ensure Virtual Machines are utilizing Managed DisksCIS Microsoft Azure Foundations v3.0.0 L1microsoft_azure

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.4.1 (L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.4.8 (L1) Ensure 'WDigest Authentication' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.4.9 (L1) Ensure 'WDigest Authentication' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.5.1 (L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'CIS Windows Server 2012 R2 MS L1 v3.0.0Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.5.1 (L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION