Detections
Analytics

Item Search

NameAudit NamePluginCategory
18.10.9.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 10 Enterprise v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 11 Enterprise v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.17 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'CIS Microsoft Windows 11 Stand-alone v3.0.0 BLWindows

ACCESS CONTROL

18.10.9.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 10 Enterprise v3.0.0 BLWindows

MEDIA PROTECTION

18.10.9.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

MEDIA PROTECTION

18.10.9.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BLWindows

MEDIA PROTECTION

18.10.9.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NGWindows

MEDIA PROTECTION

18.10.9.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

MEDIA PROTECTION

18.10.9.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLockerWindows

MEDIA PROTECTION

18.10.9.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

MEDIA PROTECTION

18.10.9.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

MEDIA PROTECTION

18.10.56.3.2.1 (L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L2Windows

CONFIGURATION MANAGEMENT

18.10.56.3.2.1 (L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L2Windows

CONFIGURATION MANAGEMENT

18.10.56.3.2.1 (L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BLWindows

CONFIGURATION MANAGEMENT

18.10.56.3.2.1 (L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NGWindows

CONFIGURATION MANAGEMENT

Network security: LAN Manager authentication levelMSCT Windows 11 v24H2 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Network security: LAN Manager authentication levelMSCT Windows Server v2004 MS v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Network security: LAN Manager authentication levelMSCT Windows Server v20H2 DC v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Network security: LAN Manager authentication levelMSCT Windows 10 1809 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Network security: LAN Manager authentication levelMSCT Windows 10 v21H2 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

WN12-00-000004 - Users with administrative privilege must be documented.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000005 - Users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000017 - System-related documentation must be backed up in accordance with local recovery time and recovery point objectives.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000020 - Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-AC-000005 - The maximum password age must meet requirements.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-AC-000009 - Reversible password encryption must be disabled.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-AU-000001 - The system must be configured to audit Account Logon - Credential Validation successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000060 - The system must be configured to audit Object Access - Central Access Policy Staging failures.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000082 - The system must be configured to audit Object Access - Removable Storage failures.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000085 - The system must be configured to audit Policy Change - Audit Policy Change successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000087 - The system must be configured to audit Policy Change - Authentication Policy Change successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000104 - The system must be configured to audit System - IPsec Driver failures.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-CC-000003 - Windows Peer-to-Peer networking services must be turned off.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000004 - Network Bridges must be prohibited in Windows.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000016 - Windows Update must be prevented from searching for point and print drivers.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000020 - An Error Report must not be sent when a generic device driver is installed.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000025 - Device driver updates must only search managed servers, not Windows Update.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000028 - Group Policy objects must be reprocessed even if they have not changed.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000030 - Access to the Windows Store must be turned off.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000033 - Event Viewer Events.asp links must be turned off.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000047 - Windows must be prevented from using Windows Update to search for drivers.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000051 - Local users on domain-joined computers must not be enumerated.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000052 - App notifications on the lock screen must be turned off.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000071 - The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000099 - Remote Desktop Services must always prompt a client for passwords upon connection.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-CC-000104 - Remote Desktop Services must be configured to use session-specific temporary folders.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT