Item Search

Name	Audit Name	Plugin	Category
6.6 (L1) Ensure 'Account Management Audit Application Group Management' is set to 'Success and Failure'	CIS Microsoft Intune for Windows 11 v4.0.0 L1	Windows	AUDIT AND ACCOUNTABILITY
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'	CIS Microsoft Windows Server 2025 v1.0.0 L1 MS	Windows	AUDIT AND ACCOUNTABILITY
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	AUDIT AND ACCOUNTABILITY
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'	CIS Microsoft Windows Server 2022 v4.0.0 L1 MS	Windows	AUDIT AND ACCOUNTABILITY
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'	CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS	Windows	AUDIT AND ACCOUNTABILITY
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'	CIS Microsoft Windows Server 2022 v4.0.0 L1 DC	Windows	AUDIT AND ACCOUNTABILITY
18.3.2 Ensure 'Configure SMB v1 server' is set to 'Disabled' - Disabled	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC	Windows	CONFIGURATION MANAGEMENT
18.5.11.3 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
18.6.11.3 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'	CIS Microsoft Windows Server 2019 v4.0.0 L1 DC	Windows	ACCESS CONTROL
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.20.1.3 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
18.9.20.1.3 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L2 NG	Windows	CONFIGURATION MANAGEMENT
18.10.10.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL	Windows	MEDIA PROTECTION
18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	MEDIA PROTECTION
18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	MEDIA PROTECTION
18.10.10.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	MEDIA PROTECTION
18.10.10.3.12 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'	CIS Microsoft Windows 11 Stand-alone v4.0.0 BL	Windows	MEDIA PROTECTION
18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L2 MS	Windows	CONFIGURATION MANAGEMENT
18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS	Windows	CONFIGURATION MANAGEMENT
18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows Server 2022 v4.0.0 L2 MS	Windows	CONFIGURATION MANAGEMENT
18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows Server 2016 v4.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
19.1.3.4 Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	ACCESS CONTROL
WN12-00-000009-02 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	CONFIGURATION MANAGEMENT
WN12-00-000011 - Windows 2012/2012 R2 manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	CONFIGURATION MANAGEMENT
WN12-00-000013 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	CONFIGURATION MANAGEMENT
WN12-SO-000066 - The system must be configured to force users to log off when their allowed logon hours expire.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
WN12-SO-000068 - The system must be configured to the required LDAP client signing level.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	CONFIGURATION MANAGEMENT
WN12-SO-000073 - The shutdown option must not be available from the logon dialog box.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	CONFIGURATION MANAGEMENT
WN12-SO-000075 - The system must be configured to require case insensitivity for non-Windows subsystems.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	CONFIGURATION MANAGEMENT
WN12-SO-000081 - Windows must elevate all applications in User Account Control, not just signed ones.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
WN12-SO-000084 - User Account Control must switch to the secure desktop when prompting for elevation.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
WN12-SV-000103 - The Peer Networking Identity Manager service must be disabled if installed.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	CONFIGURATION MANAGEMENT
WN12-UC-000008 - Windows Help Ratings feedback must be turned off.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	CONFIGURATION MANAGEMENT
WN12-UC-000009 - Zone information must be preserved when saving attachments.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	CONFIGURATION MANAGEMENT
WN12-UC-000011 - The system must notify antivirus when file attachments are opened.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	CONFIGURATION MANAGEMENT
WN12-UR-000003 - The Act as part of the operating system user right must not be assigned to any groups or accounts.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	ACCESS CONTROL
WN12-UR-000006-MS - The Allow log on through Remote Desktop Services user right must only be assigned to the Administrators group and other approved groups.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	ACCESS CONTROL
WN12-UR-000014 - The Create permanent shared objects user right must not be assigned to any groups or accounts.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	ACCESS CONTROL
WN12-UR-000019-MS - The Deny log on as a service user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems. No other groups or accounts must be assigned this right.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	ACCESS CONTROL
WN12-UR-000023 - The Force shutdown from a remote system user right must only be assigned to the Administrators group.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	ACCESS CONTROL
WN12-UR-000029 - The Lock pages in memory user right must not be assigned to any groups or accounts.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	ACCESS CONTROL
WN12-UR-000034 - The Modify firmware environment values user right must only be assigned to the Administrators group.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	ACCESS CONTROL
WN12-UR-000040 - The Restore files and directories user right must only be assigned to the Administrators group.	DISA Windows Server 2012 and 2012 R2 MS STIG v3r7	Windows	ACCESS CONTROL

Detections

Analytics

Item Search