Item Search

NameAudit NamePluginCategory
1.6.6 - TCP/IP Tuning - 'ipsendredirects = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.7 - TCP/IP Tuning - 'ip6srcrouteforward = 0'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.18 - TCP/IP Tuning - 'tcp_sendspace >= 262144'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Allow Docker to make changes to iptablesCIS Docker 1.13.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10.1 - TCP Wrappers - installing TCP Wrappers - 'netsec.options.tcpwrapper.base is installed'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.10.1 - TCP Wrappers - installing TCP Wrappers - 'netsec.options.tcpwrapper.man.en_US is installed'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.1 Ensure IP forwarding is disabled - sysctlCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.3 Ensure secure ICMP redirects are not accepted - /etc/sysctl ipv4 default secureCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.3 Ensure secure ICMP redirects are not accepted - sysctl ipv4 default secureCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.5 Ensure broadcast ICMP requests are ignored - /etc/sysctlCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.8 Ensure TCP SYN Cookies is enabled - /etc/sysctlCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 Ensure IPv6 router advertisements are not accepted - /etc/sysctl ipv6 all acceptCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 Ensure IPv6 router advertisements are not accepted - /etc/sysctl ipv6 default acceptCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2 Ensure IPv6 redirects are not accepted - /etc/sysctl ipv6 all acceptCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2 Ensure IPv6 redirects are not accepted - sysctl ipv6 all acceptCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.5 ipforwardingCIS IBM AIX 7.1 L1 v2.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Intune for Windows 10 v3.0.1 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

4.2.11 ip6srcrouteforwardCIS IBM AIX 7.2 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Network Parameter Modifications - Check if '/dev/tcp tcp_conn_req_max_q' is set to 1024 in /etc/init.d/netconfig.CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Network Parameter Modifications - Check if 'ip_ignore_redirect' is set to 1 in /etc/init.d/netconfig.CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Network Parameter Modifications - Check if 'ip_respond_to_timestamp_broadcast' is set to 0 in /etc/init.d/netconfig.CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Network Parameter Modifications - Check if 'ip_respond_to_timestamp' is set to 0 in /etc/init.d/netconfig.CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Network Parameter Modifications - Check if 'tcp_conn_req_max_q0' is set to 4096 in /etc/init.d/netconfig.CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Network Parameter Modifications - Check if 'tcp_extra_priv_ports_add' is set to 6112 in /etc/init.d/netconfig (Solaris 7, 8 or later)CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.5 Additional network parameter - If Firewall/Gateway, Check 'ip_strict_dst_multihoming' = 1 in /etc/init.d/netconfig.CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.5 Additional network parameter - If Firewall/Gateway, Check 'ip6_strict_dst_multihoming' = 1 in /etc/init.d/netconfig (Solaris 8 or later)CIS Solaris 9 v1.3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.5.1 Ensure sockthresh is configuredCIS IBM AIX 7 v1.0.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Ensure Firewall is active - iptablesCIS Debian Linux 7 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Ensure Firewall is active - iptables-persistentCIS Debian Linux 7 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Ensure Firewall is active - iptables-persistent run level 2CIS Debian Linux 7 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 1918 addresses (10.0.0.0/8)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 1918 addresses (172.16.0.0/12)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (0.0.0.0/8)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (198.51.100.0/24)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT Windows 10 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT Windows 11 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Private ProfileMSCT MSCT Windows Server 2022 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Public ProfileMSCT Windows 10 v22H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall State - Public ProfileMSCT Windows Server 2022 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT Windows 11 v23H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)MSCT MSCT Windows Server 2022 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)MSCT Windows 10 v21H1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)MSCT MSCT Windows Server 2022 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows 11 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routesMSCT Windows 11 v23H2 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

vNetwork : reject-promiscuous-mode - 'portgroup'VMWare vSphere 6.0 Hardening GuideVMware

SYSTEM AND COMMUNICATIONS PROTECTION