1.2.1 Use an EFI password | CIS Apple OSX 10.6 Snow Leopard L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.4.2 Ensure bootloader password is set - 'passwd_pbkdf2' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.4.2 Ensure bootloader password is set - password_pbkdf2 | CIS SUSE Linux Enterprise Server 12 L1 v2.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.4.2 Ensure filesystem integrity is regularly checked - aidecheck.timer status | CIS Oracle Linux 8 Server L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.4.3 Ensure boot loader does not allow removable media | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.5.3 Ensure authentication required for single user mode - rescue.service | CIS Red Hat EL8 Workstation L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
2.2.1 Use an Open Firmware or EFI password | CIS Apple OSX 10.5 Leopard L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
2.4 Do not use insecure registries | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND INFORMATION INTEGRITY |
2.13 Ensure EFI version is valid and being regularly checked - daemon | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
2.29.2 Ensure 'Legacy Format Signatures' is set to Disabled | CIS Microsoft Office 2013 v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
2.030 - A file integrity tool must verify the baseline operating system configuration at least weekly - cron | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
2.040 - Designated personnel must be notified if baseline configurations are changed in an unauthorized manner. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
3.3 Set Boot Loader Password - password | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
3.3.3 Ensure IPv6 is disabled | CIS SUSE Linux Enterprise Server 11 L1 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Oracle Linux 8 Server L1 v3.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
5.23 System Integrity Protection status | CIS Apple macOS 10.13 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
6.1.1 Audit system file permissions | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
6.13 Secure the GRUB Menu - Check if 'password' is set in /boot/grub/menu.lst. Note: This check only checks if password is set | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
6.16 Set EEPROM Security Mode and Log Failed Access (SPARC) - eeprom security-#badlogins = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
6.16 Set EEPROM Security Mode and Log Failed Access (SPARC) - eeprom security-mode = command | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
6.17 Secure the GRUB Menu (Intel) - grub.cfg password | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
6.17 Secure the GRUB Menu (Intel) - grub2_defs.bios GRUB_TIMEOUT = 30 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
6.17 Secure the GRUB Menu (Intel) - grub2_defs.bios GRUB_TIMEOUT = 30 | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
6.17 Secure the GRUB Menu (Intel) - menu.conf timeout = 30 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
6.17 Secure the GRUB Menu (Intel) - menu.conf timeout = 30 | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
9.2 Verify System File Permissions | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
18.4.6 (L1) Ensure 'LSA Protection' is set to 'Enabled' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
18.9.25.1 (NG) Ensure 'Configures LSASS to run as a protected process' is set to 'Enabled: Enabled with UEFI Lock' | CIS Microsoft Windows Server 2019 STIG v2.0.0 NG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
Big Sur - Ensure Secure Boot Level Set to Full | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | SYSTEM AND INFORMATION INTEGRITY |
Big Sur - Ensure Secure Boot Level Set to Full | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | SYSTEM AND INFORMATION INTEGRITY |
Big Sur - Ensure Secure Boot Level Set to Full | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | SYSTEM AND INFORMATION INTEGRITY |
Brocade - Enable the power-on self-test (POST) | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND INFORMATION INTEGRITY |
Brocade : 'Enforce signature validation for firmware' | TNS Brocade FabricOS Best Practices | Brocade | SYSTEM AND INFORMATION INTEGRITY |
Catalina - Ensure Secure Boot Level Set to Full | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | SYSTEM AND INFORMATION INTEGRITY |
Catalina - Ensure Secure Boot Level Set to Full | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | SYSTEM AND INFORMATION INTEGRITY |
Check for signatures on downloaded programs | MSCT Windows Server 1903 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
Check for signatures on downloaded programs | MSCT Windows 10 v1709 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
Ensure GPG keys are configured - apt-key list | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
Monterey - Ensure Secure Boot Level Set to Full | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | SYSTEM AND INFORMATION INTEGRITY |
Monterey - Ensure Secure Boot Level Set to Full | NIST macOS Monterey v1.0.0 - All Profiles | Unix | SYSTEM AND INFORMATION INTEGRITY |
Monterey - Ensure Secure Boot Level Set to Full | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | SYSTEM AND INFORMATION INTEGRITY |
PCI 2.2.4 - Verify that common security parameter settings are included - NFS - 'all entries in /etc/exports contain sec=' | PCI DSS 2.0/3.0 - AIX | Unix | SYSTEM AND INFORMATION INTEGRITY |
Require that application add-ins are signed by Trusted Publisher - requireaddinsig - excel | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
Require that application add-ins are signed by Trusted Publisher - requireaddinsig - ms project | MSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
Turn On Virtualization Based Security - ConfigureSystemGuardLaunch | MSCT Windows 10 v1903 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
Turn On Virtualization Based Security - EnableVirtualizationBasedSecurity | MSCT Windows 10 v1703 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
Turn On Virtualization Based Security - HVCIMATRequired | MSCT Windows Server 1903 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
Turn On Virtualization Based Security - HVCIMATRequired | MSCT Windows 10 v1903 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
Turn On Virtualization Based Security - LsaCfgFlags | MSCT Windows 10 v1709 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
Turn On Virtualization Based Security - RequirePlatformSecurityFeatures | MSCT Windows 10 v1903 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |