Item Search

NameAudit NamePluginCategory
1.4 SNMP Security - c) SNMP Security Protection FunctionTenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

2.3.3 - AirWatch - Mark Company Mail DomainAirWatch - CIS Apple iOS 9 v1.0.0 L2MDM

ACCESS CONTROL

3.1.14 Set maximum connection limits - 'max_connections <= 100'CIS IBM DB2 OS L2 v1.2.0Unix

ACCESS CONTROL

5.28 Use PIDs cgroup limitCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NGWindows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet'CIS Microsoft Windows 11 Enterprise v3.0.0 L1Windows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.10.16.1 Ensure 'Download Mode' is set to 'Enabled' (STIG only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

22.1 (L1) Ensure 'DO Download Mode' is NOT set to 'HTTP blended with Internet Peering'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

100. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:migrate'TNS OpenStack Nova/Compute Security GuideUnix

ACCESS CONTROL

100. OpenStack Identity - Policy.json - 'identity:list_policies'TNS OpenStack Keystone/Identity Security GuideUnix

ACCESS CONTROL

100. OpenStack Networking - Policy.json - 'get_subnet'TNS OpenStack Neutron/Networking Security GuideUnix

ACCESS CONTROL

Buffer overflow protection should be configured 'LimitRequestBody'TNS IBM HTTP Server Best PracticeWindows

SYSTEM AND COMMUNICATIONS PROTECTION

Buffer overflow protection should be configured 'LimitRequestBody'TNS IBM HTTP Server Best Practice MiddlewareUnix

SYSTEM AND INFORMATION INTEGRITY

Buffer overflow protection should be configured 'LimitRequestFields'TNS IBM HTTP Server Best PracticeUnix

SYSTEM AND INFORMATION INTEGRITY

Buffer overflow protection should be configured 'LimitRequestFields'TNS IBM HTTP Server Best Practice MiddlewareUnix

SYSTEM AND INFORMATION INTEGRITY

Buffer overflow protection should be configured 'LimitRequestFields'TNS IBM HTTP Server Best PracticeWindows

SYSTEM AND COMMUNICATIONS PROTECTION

Buffer overflow protection should be configured 'LimitRequestFieldsize'TNS IBM HTTP Server Best PracticeUnix

SYSTEM AND INFORMATION INTEGRITY

Buffer overflow protection should be configured 'LimitRequestFieldsize'TNS IBM HTTP Server Best PracticeWindows

SYSTEM AND COMMUNICATIONS PROTECTION

Buffer overflow protection should be configured 'LimitRequestFieldsize'TNS IBM HTTP Server Best Practice MiddlewareUnix

SYSTEM AND INFORMATION INTEGRITY

Buffer overflow protection should be configured 'LimitRequestline'TNS IBM HTTP Server Best PracticeUnix

SYSTEM AND INFORMATION INTEGRITY

Buffer overflow protection should be configured 'LimitRequestline'TNS IBM HTTP Server Best Practice MiddlewareUnix

SYSTEM AND INFORMATION INTEGRITY

DKER-EE-001950 - Linux Kernel capabilities must be restricted within containers as defined in the System Security Plan (SSP) for Docker Enterprise.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DTAVSEL-100 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to run a scheduled On-Demand scan at least once a week.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5Unix

SYSTEM AND INFORMATION INTEGRITY

ESXI-80-000113 - The ESXi host must allocate audit record storage capacity to store at least one week's worth of audit records.DISA VMware vSphere 8.0 ESXi STIG v2r2VMware

AUDIT AND ACCOUNTABILITY

FNFG-FW-000090 - The FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly - av-failopenDISA Fortigate Firewall STIG v1r3FortiGate

SYSTEM AND COMMUNICATIONS PROTECTION

FNFG-FW-000090 - The FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly - fail-openDISA Fortigate Firewall STIG v1r3FortiGate

SYSTEM AND COMMUNICATIONS PROTECTION

MaxKeepAliveRequests parameter value should be appropriately configured.TNS IBM HTTP Server Best PracticeUnix

SYSTEM AND COMMUNICATIONS PROTECTION

OL6-00-000009 - The Red Hat Network Service (rhnsd) service must not be running, unless it is being used to query the Oracle Unbreakable Linux Network for updates and information - CHKCONFIGDISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

OL07-00-010491 - Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - UEFI must require authentication upon booting into single-user and maintenance modes.DISA Oracle Linux 7 STIG v3r1Unix

ACCESS CONTROL

RHEL-07-010010 - The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

RHEL-07-010482 - Red Hat Enterprise Linux operating systems version 7.2 or newer with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

ACCESS CONTROL

RHEL-07-020620 - The Red Hat Enterprise Linux operating system must be configured so that all local interactive users have a home directory assigned and defined in the /etc/passwd file.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEL-07-020650 - The Red Hat Enterprise Linux operating system must be configured so that all local interactive user home directories are group-owned by the home directory owners primary group.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEL-07-020660 - The Red Hat Enterprise Linux operating system must be configured so that all files and directories contained in local interactive user home directories have a valid owner.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEL-07-020690 - The Red Hat Enterprise Linux operating system must be configured so that all local initialization files for interactive users are owned by the home directory user or root.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEL-07-021030 - The Red Hat Enterprise Linux operating system must be configured so that all world-writable directories are group-owned by root, sys, bin, or an application group.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEL-07-021310 - The Red Hat Enterprise Linux operating system must be configured so that a separate file system is used for user home directories (such as /home or an equivalent).DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEL-07-030310 - The Red Hat Enterprise Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

AUDIT AND ACCOUNTABILITY

RHEL-07-040170 - The Red Hat Enterprise Linux operating system must display the Standard Mandatory DoD Notice and Consent Banner immediately prior to, or as part of, remote access logon prompts.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

ACCESS CONTROL

RHEL-07-040320 - The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-07-040430 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Generic Security Service Application Program Interface (GSSAPI) authentication unless needed.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEL-07-040630 - The Red Hat Enterprise Linux operating system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

WG110 A22 - The number of allowed simultaneous requests must be set.DISA STIG Apache Site 2.2 Unix v1r11Unix

SYSTEM AND COMMUNICATIONS PROTECTION

WG110 A22 - The number of allowed simultaneous requests must be set.DISA STIG Apache Site 2.2 Unix v1r11 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION