Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.16 Ensure that the --secure-port argument is not set to 0CIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.2.25 Ensure that the --client-ca-file argument is set as appropriateCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.2.30 Ensure that the --etcd-cafile argument is set as appropriateCIS RedHat OpenShift Container Platform v1.6.0 L1OpenShift

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Ensure 'forms authentication' require SSL - ApplicationsCIS IIS 10 v1.2.1 Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Ensure that the --auto-tls argument is not set to trueCIS RedHat OpenShift Container Platform v1.6.0 L1OpenShift

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.1 (L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'CIS Windows Server 2012 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.1 (L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.1 Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.6.1 Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'CIS Windows Server 2012 R2 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.6 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.7 (L1) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higherCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.8 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption' - Require NTLMv2 session security, Require 128-bit encryptionCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.9 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Windows Server 2012 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.9 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption' - Require NTLMv2 session security, Require 128-bit encryptionCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.10 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'CIS Windows Server 2012 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Specify Secure Remote Shell Command (DB2RSHCMD)CIS IBM DB2 11 v1.1.0 Linux OS Level 1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.3 Ensure that a Client CA File is ConfiguredCIS Google Kubernetes Engine (GKE) v1.6.1 L1 NodeUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.9 Ensure that the RotateKubeletServerCertificate argument is set to trueCIS Google Kubernetes Engine (GKE) v1.6.1 L1 NodeUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured - ApplicationsCIS IIS 10 v1.2.1 Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.3 Ensure that the --client-ca-file argument is set as appropriateCIS Kubernetes v1.20 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.10 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyCIS Kubernetes v1.24 Benchmark v1.0.0 L1 WorkerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.12 Verify that the RotateKubeletServerCertificate argument is set to trueCIS Kubernetes v1.23 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.12 Verify that the RotateKubeletServerCertificate argument is set to trueCIS Kubernetes v1.24 Benchmark v1.0.0 L1 WorkerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.15 Ensure only strong Key Exchange algorithms are usedCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure sshd Ciphers are configuredCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.12 Ensure sshd KexAlgorithms is configuredCIS Ubuntu Linux 22.04 LTS v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.12 Ensure sshd KexAlgorithms is configuredCIS Ubuntu Linux 22.04 LTS v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.12 Ensure sshd KexAlgorithms is configuredCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.15 Ensure only strong Key Exchange algorithms are usedCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.1 Ensure FTP requests are encrypted - Control Channel SitesCIS IIS 10 v1.2.1 Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.4.1 Ensure Trusted Contexts are EnabledCIS IBM DB2 11 v1.1.0 Database Level 2IBM_DB2DB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is UsedCIS PostgreSQL 16 OS v1.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1.1 Configure a Server-side Key Store for TLS (SSL_SVR_KEYDB)CIS IBM DB2 11 v1.1.0 Windows OS Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1.5 Configure a Secure TLS Version (SSL_VERSIONS)CIS IBM DB2 11 v1.1.0 Linux OS Level 1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1.8 Configure a Client-side Key Store for TLS (SSL_CLNT_KEYDB)CIS IBM DB2 11 v1.1.0 Windows OS Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.2.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled' - DisabledCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Windows Server 2012 R2 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Windows Server 2012 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Windows Server 2012 R2 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Windows Server 2012 R2 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.89.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Windows Server 2012 R2 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

OL08-00-040159 - All OL 8 networked systems must have SSH installed.DISA Oracle Linux 8 STIG v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-09-255015 - All RHEL 9 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.DISA Red Hat Enterprise Linux 9 STIG v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

SLES-15-010530 - All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.DISA SLES 15 STIG v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION