Item Search

NameAudit NamePluginCategory
1.6.1 Ensure system wide crypto policy is not set to legacyCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.1 Ensure system wide crypto policy is not set to legacyCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.4 Ensure system wide crypto policy disables macs less than 128 bitsCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.4 Ensure system wide crypto policy disables macs less than 128 bitsCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.5 Ensure system wide crypto policy disables cbc for sshCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.6 Ensure system wide crypto policy disables chacha20-poly1305 for sshCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.12 Ensure 'Internet-facing receive connectors' is set to 'Tls, BasicAuth, BasicAuthRequireTLS'CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.9 Ensure 'External send connector authentication: IgnoreStartTLS' is set to 'False'CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only)CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6 Ensure 'Require client MAPI encryption' is set to 'True'CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.1 (L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.1 (L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.1 (L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.2 (L1) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.2 (L1) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.2 (L1) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.8 (L1) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higherCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.9 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.6.1 Ensure 'VPN' is 'Configured'MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1MDM

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.6.1 Ensure 'VPN' is 'Configured'AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1MDM

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.11.36.4.9.4 (L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.11.55.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.11.55.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Intune for Windows 11 v3.0.1 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.11.55.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.6 Ensure sshd Ciphers are configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.22 Ensure sshd crypto_policy is not setCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.5 Ensure sshd KexAlgorithms is configuredCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure SSLEnabled is set to True for Sensitive ConnectorsCIS Apache Tomcat 10 L1 v1.1.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure SSLEnabled is set to True for Sensitive ConnectorsCIS Apache Tomcat 10 L1 v1.1.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databasesCIS SQL Server 2016 Database L1 DB v1.4.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS SQL Server 2016 Database L1 AWS RDS v1.4.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS Microsoft SQL Server 2019 v1.4.0 L1 AWS RDSMS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure Network Encryption is Configured and EnabledCIS SQL Server 2016 Database L2 DB v1.4.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Ensure SSL Compression is not EnabledCIS Apache HTTP Server 2.4 L1 v2.1.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1 Ensure 'require_secure_transport' is Set to 'ON' and 'have_ssl' is Set to 'YES'CIS MariaDB 10.6 Database L1 v1.1.0MySQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

9.1 Ensure 'HTTPS Only' is set to 'On'CIS Microsoft Azure Foundations v3.0.0 L1microsoft_azure

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.4 Force SSL when accessing the manager application via HTTPCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.56.3.9.3 (L1) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.56.3.9.3 (L1) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.56.3.9.4 (L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.56.3.9.5 (L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.88.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.88.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.88.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION