1.4 SNMP Security - c) SNMP Security Protection Function | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
2.3.3 - AirWatch - Mark Company Mail Domain | AirWatch - CIS Apple iOS 9 v1.0.0 L2 | MDM | ACCESS CONTROL |
3.1.14 Set maximum connection limits - 'max_connections <= 100' | CIS IBM DB2 OS L2 v1.2.0 | Unix | ACCESS CONTROL |
5.28 Use PIDs cgroup limit | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
18.10.16.1 Ensure 'Download Mode' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
22.1 (L1) Ensure 'DO Download Mode' is NOT set to 'HTTP blended with Internet Peering' | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
100. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:migrate' | TNS OpenStack Nova/Compute Security Guide | Unix | ACCESS CONTROL |
100. OpenStack Identity - Policy.json - 'identity:list_policies' | TNS OpenStack Keystone/Identity Security Guide | Unix | ACCESS CONTROL |
100. OpenStack Networking - Policy.json - 'get_subnet' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
Buffer overflow protection should be configured 'LimitRequestBody' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
Buffer overflow protection should be configured 'LimitRequestBody' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
Buffer overflow protection should be configured 'LimitRequestFields' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND INFORMATION INTEGRITY |
Buffer overflow protection should be configured 'LimitRequestFields' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
Buffer overflow protection should be configured 'LimitRequestFields' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
Buffer overflow protection should be configured 'LimitRequestFieldsize' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND INFORMATION INTEGRITY |
Buffer overflow protection should be configured 'LimitRequestFieldsize' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
Buffer overflow protection should be configured 'LimitRequestFieldsize' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
Buffer overflow protection should be configured 'LimitRequestline' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND INFORMATION INTEGRITY |
Buffer overflow protection should be configured 'LimitRequestline' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
DKER-EE-001950 - Linux Kernel capabilities must be restricted within containers as defined in the System Security Plan (SSP) for Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
DTAVSEL-100 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to run a scheduled On-Demand scan at least once a week. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
ESXI-80-000113 - The ESXi host must allocate audit record storage capacity to store at least one week's worth of audit records. | DISA VMware vSphere 8.0 ESXi STIG v2r2 | VMware | AUDIT AND ACCOUNTABILITY |
FNFG-FW-000090 - The FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly - av-failopen | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
FNFG-FW-000090 - The FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly - fail-open | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
MaxKeepAliveRequests parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
OL6-00-000009 - The Red Hat Network Service (rhnsd) service must not be running, unless it is being used to query the Oracle Unbreakable Linux Network for updates and information - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
OL07-00-010491 - Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - UEFI must require authentication upon booting into single-user and maintenance modes. | DISA Oracle Linux 7 STIG v3r1 | Unix | ACCESS CONTROL |
RHEL-07-010010 - The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
RHEL-07-010482 - Red Hat Enterprise Linux operating systems version 7.2 or newer with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
RHEL-07-020620 - The Red Hat Enterprise Linux operating system must be configured so that all local interactive users have a home directory assigned and defined in the /etc/passwd file. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
RHEL-07-020650 - The Red Hat Enterprise Linux operating system must be configured so that all local interactive user home directories are group-owned by the home directory owners primary group. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
RHEL-07-020660 - The Red Hat Enterprise Linux operating system must be configured so that all files and directories contained in local interactive user home directories have a valid owner. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
RHEL-07-020690 - The Red Hat Enterprise Linux operating system must be configured so that all local initialization files for interactive users are owned by the home directory user or root. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
RHEL-07-021030 - The Red Hat Enterprise Linux operating system must be configured so that all world-writable directories are group-owned by root, sys, bin, or an application group. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
RHEL-07-021310 - The Red Hat Enterprise Linux operating system must be configured so that a separate file system is used for user home directories (such as /home or an equivalent). | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
RHEL-07-030310 - The Red Hat Enterprise Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
RHEL-07-040170 - The Red Hat Enterprise Linux operating system must display the Standard Mandatory DoD Notice and Consent Banner immediately prior to, or as part of, remote access logon prompts. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
RHEL-07-040320 - The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
RHEL-07-040430 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Generic Security Service Application Program Interface (GSSAPI) authentication unless needed. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
RHEL-07-040630 - The Red Hat Enterprise Linux operating system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
WG110 A22 - The number of allowed simultaneous requests must be set. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
WG110 A22 - The number of allowed simultaneous requests must be set. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |