Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.3.10.10 Set 'Network access: Remotely accessible registry paths' to the following listCIS Windows 8 L1 v1.0.0Windows

ACCESS CONTROL

18.8.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows 8.1 v2.4.1 L2Windows

SECURITY ASSESSMENT AND AUTHORIZATION

18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.3 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'CIS Windows 7 Workstation Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.30.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

18.10.9.1.4 (L1) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 11 Enterprise v4.0.0 BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.3.9 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 11 Enterprise v4.0.0 BitLockerWindows

MEDIA PROTECTION

18.10.57.3.2.1 (L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BLWindows

CONFIGURATION MANAGEMENT

18.10.57.3.2.1 (L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BLWindows

CONFIGURATION MANAGEMENT

18.10.57.3.2.1 (L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BLWindows

CONFIGURATION MANAGEMENT

CNTR-R2-000160 - The Kubernetes API server must have anonymous authentication disabled.DISA Rancher Government Solutions RKE2 STIG v2r3Unix

ACCESS CONTROL

WN12-00-000001 - Server systems must be located in a controlled access area, accessible only to authorized personnel.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000007 - Windows 2012/2012 R2 password for the built-in Administrator account must be changed at least annually or when a member of the administrative team leaves the organization.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000015 - User-level information must be backed up in accordance with local recovery time and recovery point objectives.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000210 - PowerShell script block logging must be enabled on Windows 2012/2012 R2 - PatchDISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AC-000006 - The minimum password age must meet requirements.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-AU-000002 - The system must be configured to audit Account Logon - Credential Validation failures.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000015 - The system must be configured to audit Account Management - Other Account Management Events successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000019 - The system must be configured to audit Account Management - User Account Management successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000020 - The system must be configured to audit Account Management - User Account Management failures.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000047 - The system must be configured to audit Logon/Logoff - Logon successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000048 - The system must be configured to audit Logon/Logoff - Logon failures.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000089 - The system must be configured to audit Policy Change - Authorization Policy Change successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000200 - Audit data must be reviewed on a regular basis.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-AU-000201 - Audit data must be retained for at least one year.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000005 - Domain users must be required to elevate when setting a networks location.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-CC-000019 - Remote access to the Plug and Play interface must be disabled for device installation.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000022 - Device metadata retrieval from the Internet must be prevented.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000035 - Errors in handwriting recognition on tablet PCs must not be reported to Microsoft.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000045 - The Windows Customer Experience Improvement Program must be disabled.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000059 - Solicited Remote Assistance must not be allowed.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-CC-000064-MS - Unauthenticated RPC clients must be restricted from connecting to the RPC server.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-CC-000068 - Responsiveness events must be prevented from being aggregated and sent to Microsoft.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000075 - The use of biometrics must be disabled.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000076 - The password reveal button must not be displayed.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-CC-000084 - The Application event log size must be configured to 32768 KB or greater.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-CC-000086 - The Setup event log size must be configured to 32768 KB or greater.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-CC-000087 - The System event log size must be configured to 32768 KB or greater.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-CC-000089 - Explorer Data Execution Prevention must be enabled.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND INFORMATION INTEGRITY

WN12-CC-000090 - Turning off File Explorer heap termination on corruption must be disabled.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-CC-000098 - Local drives must be prevented from sharing with Remote Desktop Session Hosts. (Remote Desktop Services Role).DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-CC-000106 - Basic authentication for RSS feeds over HTTP must be turned off.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000120 - Windows Media Digital Rights Management (DRM) must be prevented from accessing the Internet.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000125 - The Windows Remote Management (WinRM) client must not use Digest authentication.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

MAINTENANCE