1.1.3.17.7 Set 'User Account Control: Switch to the secure desktop when prompting for elevation' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
2.2.27 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
2.2.29 Ensure 'Deny log on as a service' to include 'No one' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
2.2.30 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
2.2.46 Ensure 'Manage auditing and security log' is set to 'Administrators' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
3.1.3.2 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | ACCESS CONTROL |
4.1.6 Ensure events that modify user/group information are collected - auditctl /etc/shadow | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
5.4.7 Ensure minimum and maximum requirements are set for password changes - maxrepeat | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
5.018 - Windows Messenger (MSN Messenger, .NET messenger) is run at system startup. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
5.140 - The HBSS McAfee Agent is not installed. - FrameworkService | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
5.140 - The HBSS McAfee Agent is not installed. - masvc | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
7.1 Ensure that the vSwitch Forged Transmits policy is set to reject | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
7.1 Ensure the vSwitch Forged Transmits policy is set to reject | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
7.1 Ensure the vSwitch Forged Transmits policy is set to reject | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
7.2 Set Strong Password Creation Policies - DICTIONDBDIR = /var/passwd | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.2 Set Strong Password Creation Policies - MAXREPEATS = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.2 Set Strong Password Creation Policies - MAXREPEATS = 0 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.2 Set Strong Password Creation Policies - MINDIFF = 3 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.2 Set Strong Password Creation Policies - MINDIFF = 3 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.2 Set Strong Password Creation Policies - MINUPPER = 1 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.2 Set Strong Password Creation Policies - WHITESPACE = yes | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.2 Set Strong Password Creation Policies - WHITESPACE = yes | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | ACCESS CONTROL |
18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | CONFIGURATION MANAGEMENT |
18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | ACCESS CONTROL |
18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | ACCESS CONTROL |
18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | CONFIGURATION MANAGEMENT |
18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
18.10.6.1 Ensure 'Turn off Inventory Collector' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
Access control lists | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
AIOS-18-015500 - Apple iOS/iPadOS 18 must disable the download of iOS/iPadOS beta updates. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
AIOS-18-015500 - Apple iOS/iPadOS 18 must disable the download of iOS/iPadOS beta updates. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
Brocade - root account is enabled with root role assigned | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
CISC-ND-000250 - The Cisco router must be configured to generate audit records when successful/unsuccessful attempts to logon with access privileges occur. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
Console inactivity timer | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
DG0096-ORACLE11 - The DBMS IA policies and procedures should be reviewed annually or more frequently. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
GEN003619 - The system must not be configured for network bridging. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
HP ProCurve - 'Disable TFTP client' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT |
HP ProCurve - 'Disable TFTP server' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT |
HP ProCurve - 'Enable DHCP snooping' | TNS HP ProCurve | HPProCurve | SYSTEM AND COMMUNICATIONS PROTECTION |
HP ProCurve - 'Enable SNMPv3' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
SNMP Destination - Community Name | Tenable Cisco ACI | Cisco_ACI | IDENTIFICATION AND AUTHENTICATION |
SNMPv1 and v2c vs SNMPv3 - snmpv3 enable | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
SQL6-D0-004300 - SQL Server must be configured to generate audit records for DoD-defined auditable events within all DBMS/database components. | DISA STIG SQL Server 2016 Instance DB Audit v3r2 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
Syslog - Local File Destination - Admin State | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
Syslog - Local File Destination - Severity | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
Syslog - Show MilliSeconds in Timestamp | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |