Item Search

NameAudit NamePluginCategory
2.2 Ensure access to sensitive site features is restricted to authenticated principals onlyCIS IIS 8.0 v1.5.1 Level 1Windows

ACCESS CONTROL

2.2.29 Configure 'Log on as a service'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

ACCESS CONTROL

2.3 Ensure 'forms authentication' require SSLCIS IIS 8.0 v1.5.1 Level 1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Ensure 'debug' is turned off - DefaultCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - DefaultCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND SERVICES ACQUISITION

3.5 Ensure ASP.NET stack tracing is not enabledCIS IIS 8.0 v1.5.1 Level 2Windows

CONFIGURATION MANAGEMENT

3.5 Ensure ASP.NET stack tracing is not enabled - DefaultCIS IIS 10 v1.2.1 Level 2Windows

SYSTEM AND SERVICES ACQUISITION

3.6 Set 'Allow basic authentication' to 'False'CIS Microsoft Exchange Server 2013 CAS v1.1.0Windows

IDENTIFICATION AND AUTHENTICATION

3.6 Set 'Allow basic authentication' to 'False'CIS Microsoft Exchange Server 2016 CAS v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - DefaultCIS IIS 10 v1.2.1 Level 2Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured - DefaultCIS IIS 10 v1.2.1 Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Ensure global .NET trust level is configured - ApplicationsCIS IIS 10 v1.2.1 Level 1Windows

ACCESS CONTROL, MEDIA PROTECTION

4.6 Ensure 'HTTP Trace Method' is disabledCIS IIS 8.0 v1.5.1 Level 1Windows

CONFIGURATION MANAGEMENT

4.6 Ensure 'HTTP Trace Method' is disabled - ApplicationsCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND SERVICES ACQUISITION

4.8 Ensure Handler is not granted Write and Script/ExecuteCIS IIS 8.0 v1.5.1 Level 1Windows

ACCESS CONTROL

5.2.7 Ensure pwd_algorithm is configuredCIS IBM AIX 7 v1.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

5.11 (L1) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

CONFIGURATION MANAGEMENT

6.1 Ensure FTP requests are encrypted - Data Channel SitesCIS IIS 10 v1.2.1 Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure FTP Logon attempt restrictions is enabledCIS IIS 8.0 v1.5.1 Level 1Windows
6.2 Ensure FTP Logon attempt restrictions is enabledCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND INFORMATION INTEGRITY

7.1 Ensure HSTS Header is set - SitesCIS IIS 10 v1.2.1 Level 2Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure that the MaxZoneParts setting for Web Part limits is set to 100.CIS Microsoft SharePoint 2016 OS v1.1.0Windows

CONFIGURATION MANAGEMENT

7.1 Ensure that the MaxZoneParts setting for Web Parts is configuredCIS Microsoft SharePoint 2019 OS v1.0.0Windows

CONFIGURATION MANAGEMENT

7.2 Ensure SSLv2 is DisabledCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

7.5 Ensure TLS 1.1 is DisabledCIS IIS 10 v1.2.1 Level 1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

7.9 Ensure RC4 Cipher Suites is Disabled - RC4 128/128CIS IIS 10 v1.2.1 Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.11 Ensure Triple DES Cipher Suite is configuredCIS IIS 8.0 v1.5.1 Level 1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

17.4.2 Ensure 'Audit Directory Service Access' is set to include 'Success and Failure' (STIG DC only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

AUDIT AND ACCOUNTABILITY

17.4.2 Ensure 'Audit Directory Service Access' is set to include 'Success and Failure' (STIG DC only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

AUDIT AND ACCOUNTABILITY

18.9.59.3.9.4 Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

IDENTIFICATION AND AUTHENTICATION

CIS Control 6 (6.2(a)) Activate Audit LoggingCAS Implementation Group 1 Audit FileUnix

AUDIT AND ACCOUNTABILITY

CIS Control 10 (10.1) Ensure Regular Automated BackupsCAS Implementation Group 1 Audit FileUnix

CONTINGENCY PLANNING

CIS_AlmaLinux_OS_9_v2.0.0_L2_Server.audit from CIS AlmaLinux OS 9 Benchmark v2.0.0CIS AlmaLinux OS 9 v2.0.0 L2 ServerUnix
CIS_Apache_Tomcat_9_L1_v1.2.0.audit from CIS Apache Tomcat 9 BenchmarkCIS Apache Tomcat 9 L1 v1.2.0Unix
CIS_Bottlerocket_v1.0.0_L2.audit from CIS Bottlerocket Benchmark Level 2CIS Bottlerocket L2Unix
CIS_CentOS_Linux_7_v4.0.0_L1_Server.audit from CIS CentOS Linux 7 Benchmark v4.0.0CIS CentOS Linux 7 v4.0.0 L1 ServerUnix
CIS_Debian_Linux_11_v2.0.0_L2_Workstation.audit from CIS Debian Linux 11 Benchmark v2.0.0CIS Debian Linux 11 v2.0.0 L2 WorkstationUnix
CIS_Google_Chrome_L1_v3.0.0.audit from CIS Google Chrome Benchmark v3.0.0CIS Google Chrome L1 v3.0.0Windows
CIS_IBM_DB2_10_v1.1.0_Level_2_OS_Windows.audit from CIS DB2 10.x Windows OSCIS IBM DB2 v10 v1.1.0 Windows OS Level 2Windows
CIS_IBM_DB2_11_v1.1.0_Level_1_OS_Linux.audit from CIS IBM DB2 11 v1.1.0 BenchmarkCIS IBM DB2 11 v1.1.0 Linux OS Level 1Unix
CIS_MacOS_Safari_Benchmark_v2.0.0_L2.audit from CIS MacOS Safari Benchmark v2.0.0CIS MacOS Safari v2.0.0 L2Unix
CIS_Oracle_Server_18c_v1.1.0_L1_Linux.audit from CIS Oracle Database 18c Benchmark v1.1.0CIS Oracle Server 18c Linux v1.1.0Unix
CIS_Oracle_Server_19c_v1.2.0_L1_Linux.audit from CIS Oracle Database 19c Benchmark v1.2.0CIS Oracle Server 19c Linux v1.2.0Unix
CIS_Rocky_Linux_8_v2.0.0_L2_Server.audit from CIS Rocky Linux 8 Benchmark v2.0.0CIS Rocky Linux 8 Server L2 v2.0.0Unix
CIS_Ubuntu_20.04_LTS_v2.0.1_L1_Server.audit from CIS Ubuntu Linux 20.04 LTS BenchmarkCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1Unix
CIS_VMware_ESXi_7.0_v1.4.0_L2_Bare_Metal.audit from CIS VMware ESXi 7.0 Benchmark v1.4.0CIS VMware ESXi 7.0 v1.4.0 L2 Bare MetalUnix
CIS_VMware_ESXi_8.0_v1.1.0_L1_Bare_Metal.audit from CIS VMware ESXi 8.0 Benchmark v1.1.0CIS VMware ESXi 8.0 v1.1.0 L1 Bare MetalUnix
IIST-SV-000121 - The accounts created by uninstalled features (i.e., tools, utilities, specific, etc.) must be deleted from the IIS 10.0 server.DISA IIS 10.0 Server v3r2Windows

CONFIGURATION MANAGEMENT

IISW-SI-000256 - The maximum queue length for HTTP.sys for each IIS 8.5 website must be explicitly configured.DISA IIS 8.5 Site v2r9Windows

CONFIGURATION MANAGEMENT

SPLK-CL-000490 - Splunk Enterprise must accept the DOD CAC or other PKI credential for identity management and personal authentication.DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST APISplunk

IDENTIFICATION AND AUTHENTICATION