Item Search

NameAudit NamePluginCategory
1.2.1.3 Ensure repo_gpgcheck is globally activatedCIS Red Hat Enterprise Linux 9 v2.0.0 L2 ServerUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1.3 Ensure repo_gpgcheck is globally activatedCIS Red Hat Enterprise Linux 9 v2.0.0 L2 WorkstationUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1.3 Ensure repo_gpgcheck is globally activatedCIS Rocky Linux 9 v2.0.0 L2 ServerUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.3 Ensure repo_gpgcheck is globally activatedCIS CentOS Linux 7 v4.0.0 L2 ServerUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.3 Ensure repo_gpgcheck is globally activatedCIS AlmaLinux OS 8 Workstation L2 v3.0.0Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.3 Ensure repo_gpgcheck is globally activatedCIS Rocky Linux 8 Server L2 v2.0.0Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.3 Ensure repo_gpgcheck is globally activatedCIS AlmaLinux OS 8 Server L2 v3.0.0Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.3 Ensure repo_gpgcheck is globally activatedCIS CentOS Linux 7 v4.0.0 L2 WorkstationUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.3 Ensure repo_gpgcheck is globally activatedCIS Red Hat EL8 Workstation L2 v3.0.0Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.4 Ensure repo_gpgcheck is globally activatedCIS Amazon Linux 2023 Server L2 v1.0.0Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.3.1.8 Ensure SETroubleshoot is not installedCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

1.3.1.8 Ensure SETroubleshoot is not installedCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

1.3.1.8 Ensure SETroubleshoot is not installedCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

1.5.1.8 Ensure SETroubleshoot is not installedCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

1.5.1.8 Ensure SETroubleshoot is not installedCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

CONFIGURATION MANAGEMENT

1.6.1.4 Ensure SETroubleshoot is not installedCIS Aliyun Linux 2 L2 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.6.1.7 Ensure SETroubleshoot is not installedCIS Amazon Linux 2023 Server L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.6.1.7 Ensure SETroubleshoot is not installedCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

1.6.1.7 Ensure SETroubleshoot is not installedCIS CentOS Linux 8 Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

1.8.6.1 Ensure 'Default File Format' is set to Enabled (Word Document (.docx))CIS Microsoft Office Word 2016 v1.1.0Windows

CONFIGURATION MANAGEMENT

1.8.6.1 Ensure 'Default File Format' is set to Enabled (Word Document (.docx))CIS Microsoft Office Word 2013 v1.1.0Windows

CONFIGURATION MANAGEMENT

1.10.11 Ensure 'logging trap severity ' is greater than or equal to '5'Tenable Cisco Firepower Best Practices AuditCisco

AUDIT AND ACCOUNTABILITY

2.1 Disable Local-only Graphical Login EnvironmentCIS Solaris 11.2 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

2.2 Disable Local-only Graphical Login EnvironmentCIS Oracle Solaris 11.4 L1 v1.1.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.16 Ensure kernel module loading and unloading is collected - auditctl modprobeCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0Unix

CONFIGURATION MANAGEMENT

4.1.16 Ensure kernel module loading and unloading is collected - auditctl rmmodCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0Unix

CONFIGURATION MANAGEMENT

4.1.16 Ensure kernel module loading and unloading is collected - init_module/delete_module (32-bit)CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0Unix

CONFIGURATION MANAGEMENT

4.1.16 Ensure kernel module loading and unloading is collected - insmodCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0Unix

CONFIGURATION MANAGEMENT

4.1.16 Ensure kernel module loading and unloading is collected - modprobeCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0Unix

CONFIGURATION MANAGEMENT

4.4.3 Ensure password reuse is limitedCIS Debian 10 Workstation L1 v2.0.0Unix

IDENTIFICATION AND AUTHENTICATION

5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900'CIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900'CIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth [default=die] pam_faillock.so'CIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.3.3 Ensure password reuse is limitedCIS SUSE Linux Enterprise 12 v3.2.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.4.3 Ensure password reuse is limitedCIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0Unix

ACCESS CONTROL

5.7 Do not enable the "root" accountCIS Apple OSX 10.9 L1 v1.3.0Unix

ACCESS CONTROL

5.14 Ensure 'on-failure' container restart policy is set to '5' - RestartPolicyNameCIS Docker Community Edition v1.1.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=alwaysCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

8.1.17 Collect Kernel Module Loading and Unloading - /sbin/modprobeCIS Debian Linux 7 L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

8.1.17 Collect Kernel Module Loading and Unloading - /sbin/rmmodCIS Debian Linux 7 L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

8.1.17 Collect Kernel Module Loading and Unloading - 32 bit init_moduleCIS Debian Linux 7 L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

AIX7-00-002128 - If bash is used, AIX must display logout messages.DISA STIG AIX 7.x v3r1Unix

ACCESS CONTROL

CISC-RT-000820 - The Cisco multicast Rendezvous Point (RP) switch must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries.DISA STIG Cisco NX-OS Switch RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

Configure IPsec Tunnel Parameters - rekeyTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

ACCESS CONTROL

DTAVSEL-012 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must only be configured with exclusions that are documented and approved by the ISSO/ISSM/AO.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6Unix

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-012 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must only be configured with exclusions which are documented and approved by the ISSO/ISSM/AO.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5Unix

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-014 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when a virus or Trojan is detected.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6Unix

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-108 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must only be configured with exclusions that are documented and approved by the ISSO/ISSM/AO.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6Unix

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-108 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must only be configured with exclusions which are documented and approved by the ISSO/ISSM/AO.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5Unix

SYSTEM AND INFORMATION INTEGRITY

EP11-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for all cryptographic operations including generation of cryptographic hashes and data protection - versionEDB PostgreSQL Advanced Server v11 DB Audit v2r4PostgreSQLDB

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION