Item Search

NameAudit NamePluginCategory
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - lsmodCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 WorkstationUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.1.2 Ensure mounting of squashfs filesystems is disabled - lsmodCIS Fedora 19 Family Linux Workstation L2 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.1.2 Ensure mounting of squashfs filesystems is disabled - lsmodCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.1.2 Ensure mounting of squashfs filesystems is disabled - modprobeCIS Fedora 19 Family Linux Server L2 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.1.2 Ensure mounting of squashfs filesystems is disabled - modprobeCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.1.6 Ensure mounting of squashfs filesystems is disabled - lsmodCIS Debian Family Server L2 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.1.6 Ensure mounting of squashfs filesystems is disabled - modprobeCIS Debian Family Workstation L2 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.4.5 Ensure version 7.2 or newer booted with a BIOS have a unique name for the grub superusers accountCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

ACCESS CONTROL

1.6.3 Ensure system wide crypto policy disables sha1 hash and signature supportCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1 Secure DB2 Runtime LibraryCIS IBM DB2 v10 v1.1.0 Linux OS Level 1Unix
2.1 Secure DB2 Runtime LibraryCIS IBM DB2 v10 v1.1.0 Windows OS Level 1Windows
2.1 Secure DB2 Runtime LibraryCIS IBM DB2 v10 v1.1.0 Windows OS Level 2Windows
2.1 Secure DB2 Runtime LibraryCIS IBM DB2 v10 v1.1.0 Linux OS Level 2Unix
2.6 Ensure aufs storage driver is not usedCIS Docker v1.7.0 L1 Docker - LinuxUnix

SYSTEM AND SERVICES ACQUISITION

3.1.14 Set maximum connection limits - 'maxappls <= 99'CIS IBM DB2 OS L2 v1.2.0Unix

ACCESS CONTROL

3.2.11 Establish retention set size for backups - 'num_db_backups <= 100'CIS IBM DB2 OS L2 v1.2.0Unix

CONTINGENCY PLANNING, SYSTEM AND INFORMATION INTEGRITY

3.5.1.1 Ensure firewalld is installedCIS Amazon Linux 2 STIG v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Defend against Denial of Service AttacksCIS ISC BIND 9.0/9.5 v2.0.0Unix
5.20 Do not share the host's UTS namespaceCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

9.6 Secure the permission of the IBMLDAPSecurity.ini fileCIS IBM DB2 v10 v1.1.0 Windows OS Level 2Windows
9.6 Secure the permission of the IBMLDAPSecurity.ini fileCIS IBM DB2 v10 v1.1.0 Linux OS Level 2Unix
9.6 Secure the permission of the IBMLDAPSecurity.ini fileCIS IBM DB2 v10 v1.1.0 Linux OS Level 1Unix
9.6 Secure the permission of the IBMLDAPSecurity.ini fileCIS IBM DB2 v10 v1.1.0 Windows OS Level 1Windows
APPL-14-001150 The macOS system must disable password authentication for SSH.DISA Apple macOS 14 (Sonoma) STIG v2r3Unix

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

APPL-15-001150 - The macOS system must disable password authentication for SSH.DISA Apple macOS 15 (Sequoia) STIG v1r3Unix

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AS24-W2-000010 - The Apache web server must limit the number of allowed simultaneous session requests.DISA STIG Apache Server 2.4 Windows Site v2r2Windows

ACCESS CONTROL

DTAVSEL-002 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive automatic updates.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6Unix

SYSTEM AND INFORMATION INTEGRITY

ESXI-70-000084 - The ESXi host must enable audit logging.DISA STIG VMware vSphere 7.0 ESXi OS v1r4Unix

CONFIGURATION MANAGEMENT

Excel 2 worksheetsMSCT Office 365 ProPlus 1908 v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

Excel 2 worksheetsMSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

Excel 2 worksheetsMSCT M365 Apps for enterprise 2412 v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

Excel 2 worksheetsMicrosoft 365 Apps for Enterprise 2306 v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

Excel 2 worksheetsMSCT Office 2016 v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

Excel 2 worksheetsMSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

FFOX-00-000024 - Firefox cryptomining protection must be enabled.DISA STIG Mozilla Firefox Windows v6r6Windows

CONFIGURATION MANAGEMENT

FFOX-00-000027 - Firefox deprecated ciphers must be disabled.DISA STIG Mozilla Firefox Windows v6r6Windows

CONFIGURATION MANAGEMENT

FFOX-00-000028 - Firefox must not recommend extensions as the user is using the browser.DISA STIG Mozilla Firefox Windows v6r6Windows

CONFIGURATION MANAGEMENT

FFOX-00-000033 - Firefox must be configured so that DNS over HTTPS is disabled.DISA STIG Mozilla Firefox Windows v6r6Windows

CONFIGURATION MANAGEMENT

MADB-10-004400 - MariaDB must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.DISA MariaDB Enterprise 10.x v2r3 DBMySQLDB

IDENTIFICATION AND AUTHENTICATION

MADB-10-004400 - MariaDB must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.DISA MariaDB Enterprise 10.x v2r3 OS LinuxUnix

IDENTIFICATION AND AUTHENTICATION

PANW-NM-000144 - The Palo Alto Networks security platform must generate an audit log record when the Data Plane CPU utilization is 100%.DISA STIG Palo Alto NDM v3r2Palo_Alto

CONFIGURATION MANAGEMENT

PGS9-00-007000 - PostgreSQL, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation.DISA STIG PostgreSQL 9.x on RHEL OS v2r5Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-07-020670 - The Red Hat Enterprise Linux operating system must be configured so that all files and directories contained in local interactive user home directories are group-owned by a group of which the home directory owner is a member.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEL-07-030340 - The Red Hat Enterprise Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when the threshold for the repository maximum audit record storage capacity is reached.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

AUDIT AND ACCOUNTABILITY

RHEL-07-030350 - The Red Hat Enterprise Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

AUDIT AND ACCOUNTABILITY

VCLU-70-000019 - Lookup Service must limit the number of allowed connections.DISA STIG VMware vSphere 7.0 Lookup Service v1r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

VCST-67-000019 - The Security Token Service must limit the number of allowed connections.DISA STIG VMware vSphere 6.7 STS Tomcat v1r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

VCST-70-000019 - The Security Token Service must limit the number of allowed connections.DISA STIG VMware vSphere 7.0 STS Tomcat v1r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

WINER-000012 - The maximum number of error reports to archive on a system must be configured to 100 or greater.DISA Windows Vista STIG v6r41Windows

SYSTEM AND INFORMATION INTEGRITY

WN10-CC-000206 - Windows Update must not obtain updates from other PCs on the internet.DISA Microsoft Windows 10 STIG v3r4Windows

CONFIGURATION MANAGEMENT