1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
1.2 Enable SSH (Protocol 2) | CIS FreeBSD v1.0.5 | Unix | |
1.7.1.7 Ensure the Standard Mandatory DoD Notice and Consent Banner are configured - issue | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
2. OpenStack Networking - Policy.json - 'shared_firewalls' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
2.1.2 Ensure X Window System is not installed | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
2.2.1 Ensure xorg-x11-server-common is not installed | CIS Amazon Linux 2023 Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
2.2.2 Ensure xorg-x11-server-common is not installed | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
2.2.2 Ensure xorg-x11-server-common is not installed | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
2.3 Set umask value for DB2 admin user .profile file | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL |
2.4 Password Security - 'security.passwd.rules.minimum.alphabetic = 2' | TNS NetApp Data ONTAP 7G | NetApp | IDENTIFICATION AND AUTHENTICATION |
2.9 Ensure 'SQL Mail XPs' Server Configuration Option is set to '0' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
3.5.3.1.2 Ensure nftables is not installed with iptables | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
4.1.7 Ensure events that modify the system's network environment are collected - /etc/hosts | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.7 Ensure events that modify the system's network environment are collected - /etc/hosts | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.7 Ensure events that modify the system's network environment are collected - /etc/hosts | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.7 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.7 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network-scripts | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/hosts | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/issue | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/issue | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.7 Ensure events that modify the system's network environment are collected - auditctl b32 sethostname | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.7 Ensure events that modify the system's network environment are collected - auditctl sethostname 32 bit | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
4.1.7 Ensure events that modify the system's network environment are collected - b32 sethostname | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.7 Ensure events that modify the system's network environment are collected - b32 sethostname | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
5.16 Do not share the host's IPC namespace | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.1 Setup Client-cert Authentication | CIS Apache Tomcat 10.1 v1.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
check for ntp server 2 | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | |
DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - default.scanMaxTmo | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - scanMaxTmo | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
DTAVSEL-013 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean as first action when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
DTAVSEL-014 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
DTAVSEL-015 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean as first action when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
DTAVSEL-301 - Access to the McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x Web UI must be enforced by firewall rules. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | CONFIGURATION MANAGEMENT |
Ensure IMAP and POP3 server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
FFOX-00-000004 - Firefox must be configured to not automatically check for updated versions of installed search plugins. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | CONFIGURATION MANAGEMENT |
FFOX-00-000010 - Firefox must be configured to prevent JavaScript from moving or resizing windows. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | CONFIGURATION MANAGEMENT |
FFOX-00-000011 - Firefox must be configured to prevent JavaScript from raising or lowering windows. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | CONFIGURATION MANAGEMENT |
FFOX-00-000025 - Firefox Enhanced Tracking Protection must be enabled. | DISA STIG Mozilla Firefox MacOS v6r5 | Unix | CONFIGURATION MANAGEMENT |
FFOX-00-000025 - Firefox Enhanced Tracking Protection must be enabled. | DISA STIG Mozilla Firefox Linux v6r5 | Unix | CONFIGURATION MANAGEMENT |
FFOX-00-000026 - Firefox extension recommendations must be disabled. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | CONFIGURATION MANAGEMENT |
Huawei: Require SSH version 2 | TNS Huawei VRP Best Practice Audit | Huawei | |
NTP Servers configured equals 2 | DISA STIG Palo Alto NDM v3r2 | Palo_Alto | |
PHTN-30-000240 - The Photon operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, generate cryptographic hashes, and protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
RHEL-09-213105 - RHEL 9 must disable the use of user namespaces. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
Salesforce.com : Email Services - 'AddressInactiveAction != 2' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
Salesforce.com : Email Services - 'AuthorizationFailureAction != 2' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
Salesforce.com : Email Services - 'FunctionInactiveAction != 2' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |