1.5.2 Ensure bootloader password is set | CIS Red Hat EL8 Server L1 v1.0.0 | Unix | ACCESS CONTROL |
1.6.1.2 Ensure the SELinux state is enforcing - 'Current mode' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.1.2 Ensure the SELinux state is enforcing - 'SELINUX' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.1.3 Ensure SELinux policy is configured | CIS Amazon Linux v2.0.0 L2 | Unix | ACCESS CONTROL |
1.6.1.3 Ensure SELinux policy is configured | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.1.3 Ensure SELinux policy is configured - 'Policy from config file' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.1.3 Ensure SELinux policy is configured - 'SELINUXTYPE' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.2.2 Ensure all AppArmor Profiles are enforcing - 'complian mode' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.2.2 Ensure all AppArmor Profiles are enforcing - profiles loaded | CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0 | Unix | ACCESS CONTROL |
1.19 Oracle software owner host account - 'Lock account' | CIS Oracle 9/10 OS Audit L2 v2.01 | Unix | ACCESS CONTROL |
2.1 Ensure 'global authorization rule' is set to restrict access | CIS IIS 8.0 v1.5.1 Level 1 | Windows | ACCESS CONTROL |
2.2.14 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to 'DELAY,3' or 'DROP,3' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | ACCESS CONTROL |
2.2.26 Ensure 'Deny log on as a batch job' to include 'Guests, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
2.2.27 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
2.2.31 Ensure 'Deny log on locally' to include 'Guests, Enterprise Admins group, and Domain Admins group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS | Windows | ACCESS CONTROL |
2.7 Prevent unintended use of dvfilter network APIs | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | ACCESS CONTROL |
2.17.5 Ensure 'Allow Users With Earlier Versions of Office to Read with Browsers....' is set to Disabled | CIS Microsoft Office 2016 v1.1.0 | Windows | ACCESS CONTROL |
3.1.11 Authenticate federated users at the instance level | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
4.2.7 Ensure 'Allow Window Management permission on these sites' Is Configured | CIS Google Chrome L2 v3.0.0 | Windows | ACCESS CONTROL |
4.4.2 Remote command lockdown | CIS IBM AIX 7.2 L2 v1.1.0 | Unix | ACCESS CONTROL |
4.5.1.5 CDE - sgid/suid binary lockdown | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
4.5.1.11 CDE - /etc/dt/config/*/Xresources permissions and ownership | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
4.08 init.ora - 'os_authent_prefix = NULL String' | CIS Oracle 9/10 OS Audit L1 v2.01 | Unix | ACCESS CONTROL |
4.42 listener.ora - 'dynamic_registration_listener_name = OFF' | CIS v1.1.0 Oracle 11g OS L2 | Unix | ACCESS CONTROL |
5.6 Ensure access to the su command is restricted | CIS Oracle Linux 7 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
6.1.3 Disable guest account login | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | ACCESS CONTROL |
6.1.3 Disable guest account login | CIS Apple OSX 10.9 Mavericks L1 v1.0.0 | Unix | ACCESS CONTROL |
7.7 Set Default umask for FTP Users - Check if 'defumask' is set to 077. | CIS Solaris 10 v5.2 | Unix | ACCESS CONTROL |
8.1 Block system accounts, Ensure account 'adm' is locked. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.1 Block system accounts, Ensure account 'lp' is locked. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.1 Block system accounts, Ensure account 'nobody' is locked. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.1 Block system accounts, Ensure account 'nuucp' is locked. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.1 Block System Accounts, should pass if the default shell for 'nobody4' is set to /dev/null. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.1 Block System Accounts, should pass if the default shell for 'nuucp' is set to /dev/null. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.1 Block System Accounts, should pass if the default shell for 'smtp' is set to /dev/null. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.4.1 Control access to VMs through the dvfilter network APIs | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
Configure Role-Based Access Control - 'security.authorization = enabled' | TNS MongoDB 2.6 Best Practices Linux OS Audit v1.0 | Unix | ACCESS CONTROL |
Ensure Standalone LDAP Registry SSL is Enabled | TNS IBM WebSphere Application Server 9 Linux Best Practices | Unix | ACCESS CONTROL |
IBM i : Authority for New Objects (QCRTAUT) - '*CHANGE' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
IBM i : Authority for New Objects (QCRTAUT) - '*CHANGE' | IBM System i Security Reference for V7R3 | AS/400 | ACCESS CONTROL |
Logon options - Internet Zone | MSCT Windows 10 v1703 v1.0.0 | Windows | ACCESS CONTROL |
Logon options - Restricted Sites Zone | MSCT Windows 10 v1511 v1.0.0 | Windows | ACCESS CONTROL |
Logon options - Restricted Sites Zone | MSCT Windows Server 1903 DC v1.0.0 | Windows | ACCESS CONTROL |
Logon options - Restricted Sites Zone | MSCT Windows 10 v1709 v1.0.0 | Windows | ACCESS CONTROL |
Network access: Allow anonymous SID/Name translation | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
Network access: Allow anonymous SID/Name translation | MSCT Windows 10 v21H1 v1.0.0 | Windows | ACCESS CONTROL |
Network access: Allow anonymous SID/Name translation | MSCT Windows 11 v1.0.0 | Windows | ACCESS CONTROL |
Network access: Allow anonymous SID/Name translation | MSCT Windows 10 v1703 v1.0.0 | Windows | ACCESS CONTROL |
User IDs which disclose the privileges associated with it, should not be created. 'lock' | TNS IBM HTTP Server Best Practice | Unix | ACCESS CONTROL |
WG470 - Wscript.exe and Cscript.exe are accessible by users other than the SA and Web Manager. - 'wscript.exe' | DISA STIG IIS 6.0 Installation v6r1 | Windows | ACCESS CONTROL |