Item Search

NameAudit NamePluginCategory
1.1.2.1.3 Ensure nosuid option set on /tmp partitionCIS Debian Linux 12 v1.1.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.2.2 Ensure nodev option set on /dev/shm partitionCIS Debian Linux 12 v1.1.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.3.1 Ensure separate partition exists for /homeCIS Amazon Linux 2 v3.0.0 L2Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.4.3 Ensure nosuid option set on /var partitionCIS Debian Linux 12 v1.1.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.1 Ensure separate partition exists for /var/tmpCIS AlmaLinux OS 8 Server L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.3 Ensure nosuid option set on /var/tmp partitionCIS Debian Linux 12 v1.1.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.3 Ensure nosuid option set on /var/tmp partitionCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.7.2 Ensure nodev option set on /var/log/audit partitionCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.7.3 Ensure nosuid option set on /var/log/audit partitionCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.5.1 Ensure SELinux is configuredCIS Bottlerocket L1Unix

ACCESS CONTROL, MEDIA PROTECTION

2.2.1.10 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1MDM

ACCESS CONTROL, MEDIA PROTECTION

2.2.1.13 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled'AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1MDM

ACCESS CONTROL, MEDIA PROTECTION

2.2.1.13 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled'MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1MDM

ACCESS CONTROL, MEDIA PROTECTION

2.4.2.1 Ensure at is restricted to authorized usersCIS Debian Linux 12 v1.1.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

2.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled'AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1MDM

ACCESS CONTROL, MEDIA PROTECTION

3.2.1.1 Ensure 'Allow screenshots and screen recording' is set to 'Disabled'AirWatch - CIS Apple iOS 17 Institution Owned L2MDM

ACCESS CONTROL, MEDIA PROTECTION

3.2.1.21 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled'AirWatch - CIS Apple iOS 17 Institution Owned L1MDM

ACCESS CONTROL, MEDIA PROTECTION

3.2.1.21 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled'MobileIron - CIS Apple iOS 17 Institution Owned L1MDM

ACCESS CONTROL, MEDIA PROTECTION

3.2.1.27 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled'MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1MDM

ACCESS CONTROL, MEDIA PROTECTION

3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured'AirWatch - CIS Apple iOS 17 Institution Owned L1MDM

ACCESS CONTROL, MEDIA PROTECTION

3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured'MobileIron - CIS Apple iOS 17 Institution Owned L1MDM

ACCESS CONTROL, MEDIA PROTECTION

3.5 Ensure Access to Audit Records Is Controlled - /var/auditCIS Apple macOS 10.15 Catalina v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

3.5 Ensure the Group Is Set Correctly on Apache Directories and FilesCIS Apache HTTP Server 2.4 L1 v2.1.0Unix

ACCESS CONTROL, MEDIA PROTECTION

3.6 Ensure Other Write Access on Apache Directories and Files Is RestrictedCIS Apache HTTP Server 2.4 L1 v2.1.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

3.10 Ensure the ScoreBoard File Is SecuredCIS Apache HTTP Server 2.4 L1 v2.1.0Unix

ACCESS CONTROL, MEDIA PROTECTION

3.10 Ensure the ScoreBoard File Is SecuredCIS Apache HTTP Server 2.4 L1 v2.1.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.1 Ensure Access to OS Root Directory Is Denied By Default - allowCIS Apache HTTP Server 2.4 L1 v2.1.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.1 Restrict access to $CATALINA_HOMECIS Apache Tomcat 10 L1 v1.1.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.2 Ensure Appropriate Access to Web Content Is AllowedCIS Apache HTTP Server 2.4 L1 v2.1.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.3.7 Ensure access to the su command is restrictedCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.5.2.3 Ensure system accounts are securedCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.10 Restrict access to Tomcat context.xmlCIS Apache Tomcat 10 L1 v1.1.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.1 Ensure the audit log directory is 0750 or more restrictiveCIS Amazon Linux 2 v3.0.0 L2Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.6 Ensure audit configuration files are owned by rootCIS AlmaLinux OS 8 Server L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.7 Ensure audit configuration files belong to group rootCIS AlmaLinux OS 8 Server L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.8 Ensure audit tools are 755 or more restrictiveCIS Amazon Linux 2 v3.0.0 L2Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.4 Ensure Guest Access to Shared Folders Is DisabledCIS Apple macOS 11.0 Big Sur v4.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.5 Ensure permissions on /etc/group- are configuredCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

6.2.2.1 Ensure access to all logfiles has been configuredCIS Debian Linux 11 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

6.2.11 Ensure local interactive user dot files access is configuredCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

6.4.4.3 Ensure audit log files group owner is configuredCIS Debian Linux 11 v2.0.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.4.4.4 Ensure the audit log file directory mode is configuredCIS Debian Linux 11 v2.0.0 L2 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

6.4.4.7 Ensure audit configuration files group owner is configuredCIS Debian Linux 11 v2.0.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.4.4.9 Ensure audit tools owner is configuredCIS Debian Linux 11 v2.0.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.4.4.9 Ensure audit tools owner is configuredCIS Debian Linux 11 v2.0.0 L2 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

6.4.4.10 Ensure audit tools group owner is configuredCIS Debian Linux 11 v2.0.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

7.1.11 Ensure world writable files and directories are securedCIS Debian Linux 11 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

7.2.4 Ensure shadow group is emptyCIS Debian Linux 11 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly'CIS Apache HTTP Server 2.4 L1 v2.1.0Unix

ACCESS CONTROL, MEDIA PROTECTION

11.2 Ensure Apache Processes Run in the httpd_t Confined Context - httpdCIS Apache HTTP Server 2.4 L2 v2.1.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION