Item Search

NameAudit NamePluginCategory
1.1.1.6 Ensure squashfs kernel module is not availableCIS Rocky Linux 9 v2.0.0 L2 ServerUnix

CONFIGURATION MANAGEMENT

1.1.1.6 Ensure squashfs kernel module is not availableCIS Rocky Linux 9 v2.0.0 L2 WorkstationUnix

CONFIGURATION MANAGEMENT

1.1.1.7 Ensure squashfs kernel module is not availableCIS Debian Linux 12 v1.1.0 L2 WorkstationUnix

CONFIGURATION MANAGEMENT

1.1.1.7 Ensure squashfs kernel module is not availableCIS Ubuntu Linux 24.04 LTS v1.0.0 L2 WorkstationUnix

CONFIGURATION MANAGEMENT

1.2 Ensure Installation of Binary PackagesCIS PostgreSQL 10 OS v1.0.0Unix

CONFIGURATION MANAGEMENT

1.2 Ensure Installation of Binary PackagesCIS PostgreSQL 9.6 OS v1.0.0Unix

CONFIGURATION MANAGEMENT

1.2.1 Ensure package manager repositories are properly configuredCIS NGINX Benchmark v2.1.0 L1 WebserverUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1 Ensure package manager repositories are properly configuredCIS NGINX Benchmark v2.1.0 L1 LoadbalancerUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1 Ensure package manager repositories are properly configuredCIS NGINX Benchmark v2.1.0 L1 ProxyUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.5.6 Ensure NIST FIPS-validated cryptography is configured - grubCIS Amazon Linux 2 STIG v1.0.0 L3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.2.2 Ensure X Window System is not installedCIS Distribution Independent Linux Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

2.3 Set umask value for DB2 admin user .profile fileCIS IBM DB2 v10 v1.1.0 Linux OS Level 2Unix

ACCESS CONTROL

2.8 Ensure the default ulimit is configured appropriatelyCIS Docker v1.7.0 L1 Docker - LinuxUnix

CONFIGURATION MANAGEMENT

2.14 Ensure 'sa' Login Account is set to 'Disabled'CIS SQL Server 2008 R2 DB Engine L1 v1.7.0MS_SQLDB

ACCESS CONTROL

3.1.17 Reserve the desired port number or name for incoming connection requestsCIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS LinuxUnix

CONFIGURATION MANAGEMENT

3.1.17 Reserve the desired port number or name for incoming connection requestsCIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS WindowsWindows

CONFIGURATION MANAGEMENT

3.4.1.3 Ensure nftables either not installed or masked with firewalldCIS CentOS Linux 8 Workstation L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.1.3 Ensure nftables either not installed or masked with firewalldCIS Fedora 28 Family Linux Server L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.1.3 Ensure nftables either not installed or masked with firewalldCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.1.3 Ensure nftables either not installed or masked with firewalldCIS CentOS Linux 8 Server L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3.1.2 Ensure nftables is not installed with iptablesCIS CentOS Linux 8 Workstation L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3.1.2 Ensure nftables is not installed with iptablesCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.4.1.2 Ensure nftables is not in use with iptablesCIS Debian Linux 12 v1.1.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3 Ensure Linux Kernel Capabilities are restricted within containersCIS Docker Community Edition v1.1.0 L1 DockerUnix

ACCESS CONTROL

5.4 CIFS - 'ldap.security.level = 1 or 2'TNS NetApp Data ONTAP 7GNetApp

SYSTEM AND COMMUNICATIONS PROTECTION

6.1 Setup Client-cert AuthenticationCIS Apache Tomcat 10 L2 v1.1.0 MiddlewareUnix

IDENTIFICATION AND AUTHENTICATION

6.1 Setup Client-cert AuthenticationCIS Apache Tomcat 10 L2 v1.1.0Unix

IDENTIFICATION AND AUTHENTICATION

6.1 Setup Client-cert AuthenticationCIS Apache Tomcat 9 L2 v1.2.0Unix

IDENTIFICATION AND AUTHENTICATION

6.1 Setup Client-cert AuthenticationCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

IDENTIFICATION AND AUTHENTICATION

6.2.1 Set SSH Protocol to 2CIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT

8.3.1 Disable unnecessary or superfluous functions inside VMsCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
8.3.1 Ensure unnecessary or superfluous functions inside VMs are disabledCIS VMware ESXi 6.5 v1.0.0 Level 1VMware

SYSTEM AND INFORMATION INTEGRITY

8.4.26 Ensure all but VGA mode on virtual machines is disabledCIS VMware ESXi 6.7 v1.3.0 Level 2VMware

CONFIGURATION MANAGEMENT

9.3.1 Set SSH Protocol to 2CIS Debian Linux 7 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

9.3.1 Set SSH Protocol to 2CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

CIS_Docker_1.6_v1.0.0_L2_Docker.audit Level 2CIS Docker 1.6 v1.0.0 L2 DockerUnix
DKER-EE-001810 - On Linux, a non-AUFS storage driver in the Docker Engine - Enterprise component of Docker Enterprise must be used.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-002130 - The Docker Enterprise socket must not be mounted inside any containers.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DTAVSEL-003 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to enable On-Access scanning.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6Unix

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-113 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to include all local drives and their sub-directories.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6Unix

SYSTEM AND INFORMATION INTEGRITY

Enable IKE Version 1/2 - groupTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

SYSTEM AND COMMUNICATIONS PROTECTION

Enable IKE Version 1/2 - rekeyTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

ACCESS CONTROL

Enable QoS on all VM guestsTNS Citrix HypervisorUnix

SYSTEM AND COMMUNICATIONS PROTECTION

GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warnDISA STIG Solaris 10 X86 v2r4Unix

AUDIT AND ACCOUNTABILITY

GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfreeDISA STIG Solaris 10 SPARC v2r4Unix

AUDIT AND ACCOUNTABILITY

OL08-00-030603 - OL 8 must enable Linux audit logging for the USBGuard daemon.DISA Oracle Linux 8 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-08-030603 - RHEL 8 must enable Linux audit logging for the USBGuard daemon.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-213105 - RHEL 9 must disable the use of user namespaces.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

SonicWALL - Flood Protection - Layer 2 - ThresholdTNS SonicWALL v5.9SonicWALL

SYSTEM AND COMMUNICATIONS PROTECTION

XenServer - Enable QoS on all VM guestsTNS Citrix XenServerUnix