Item Search

NameAudit NamePluginCategory
1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION

1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION

1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION

1.4.4 Set IP address for 'logging host'CIS Cisco IOS XR 7.x v1.0.0 L1Cisco

AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY

2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1.2 Set version 2 for 'ip ssh version'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.4 Set IP address for 'logging host'CIS Cisco IOS XE 17.x v2.1.1 L2Cisco

AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY

3.121 - The system does not have a backup administrator accountDISA Windows Vista STIG v6r41Windows

CONFIGURATION MANAGEMENT

4.1.11 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/lchown/fchownat 32 bitCIS Amazon Linux 2 STIG v1.0.0 L2Unix

CONFIGURATION MANAGEMENT

4.1.11 Ensure discretionary access control permission modification events are collected - auditctl setxattr/lsetxattr/fsetxattr/removexattr 64 bitCIS Amazon Linux 2 STIG v1.0.0 L2Unix

CONFIGURATION MANAGEMENT

5.4.1 Ensure password creation requirements are configured - dcreditCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.4.1 Ensure password creation requirements are configured - dcreditCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

IDENTIFICATION AND AUTHENTICATION

5.4.1 Ensure password creation requirements are configured - dcreditCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

IDENTIFICATION AND AUTHENTICATION

5.4.1 Ensure password creation requirements are configured - lcreditCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.4.1 Ensure password creation requirements are configured - lcreditCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

IDENTIFICATION AND AUTHENTICATION

5.4.1 Ensure password creation requirements are configured - password-auth retry=3CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.4.1 Ensure password creation requirements are configured - password-auth retry=3CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

IDENTIFICATION AND AUTHENTICATION

5.4.1 Ensure password creation requirements are configured - password-auth try_first_passCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

IDENTIFICATION AND AUTHENTICATION

5.4.1 Ensure password creation requirements are configured - system-auth retry=3CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

IDENTIFICATION AND AUTHENTICATION

5.4.1 Ensure password creation requirements are configured - system-auth try_first_passCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

IDENTIFICATION AND AUTHENTICATION

5.4.1 Ensure password creation requirements are configured - ucreditCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

7.3 Ensure that the vSwitch Promiscuous Mode policy is set to rejectCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

SYSTEM AND COMMUNICATIONS PROTECTION

20.32 Ensure 'krbtgt account password' is no more than '180 days old' (STIG DC only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION

20.32 Ensure 'krbtgt account password' is no more than '180 days old' (STIG DC only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

AIOS-13-013100 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch.MobileIron - DISA Apple iOS/iPadOS 13 v2r1MDM

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-011000 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch.MobileIron - DISA Apple iOS/iPadOS 14 v1r3MDM

ACCESS CONTROL, CONFIGURATION MANAGEMENT

ARST-L2-000020 - The Arista MLS layer 2 switch must uniquely identify all network-connected endpoint devices before establishing any connection.DISA STIG Arista MLS EOS 4.2x L2S v2r1Arista

IDENTIFICATION AND AUTHENTICATION

ARST-RT-000650 - The Arista perimeter router must be configured to block all outbound management traffic.DISA STIG Arista MLS EOS 4.2x Router v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-ND-000580 - The Cisco router must be configured to enforce password complexity by requiring that at least one lowercase character be used.DISA STIG Cisco IOS XE Router NDM v3r2Cisco

IDENTIFICATION AND AUTHENTICATION

CISC-ND-000590 - The Cisco router must be configured to enforce password complexity by requiring that at least one numeric character be used.DISA STIG Cisco IOS XE Router NDM v3r2Cisco

IDENTIFICATION AND AUTHENTICATION

CISC-ND-000600 - The Cisco router must be configured to enforce password complexity by requiring that at least one special character be used.DISA STIG Cisco IOS Router NDM v3r2Cisco

IDENTIFICATION AND AUTHENTICATION

CISC-ND-001250 - The Cisco router must be configured to generate log records when administrator privileges are deleted.DISA STIG Cisco IOS XE Router NDM v3r2Cisco

AUDIT AND ACCOUNTABILITY

CISC-ND-001250 - The Cisco router must be configured to generate log records when administrator privileges are deleted.DISA STIG Cisco IOS Router NDM v3r2Cisco

AUDIT AND ACCOUNTABILITY

CISC-ND-001270 - The Cisco router must be configured to generate log records for privileged activities.DISA STIG Cisco IOS XE Router NDM v3r2Cisco

AUDIT AND ACCOUNTABILITY

CISC-RT-000070 - The Cisco router must be configured to have all non-essential capabilities disabled.DISA STIG Cisco IOS-XR Router RTR v3r2Cisco

CONFIGURATION MANAGEMENT

DNS Profile - Address - DNS Server 2Tenable Cisco ACICisco_ACI

SYSTEM AND COMMUNICATIONS PROTECTION

EX16-ED-000350 - Exchange filtered messages must be archived.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5Windows

SYSTEM AND INFORMATION INTEGRITY

EX16-ED-000350 - Exchange filtered messages must be archived.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6Windows

SYSTEM AND INFORMATION INTEGRITY

JUNI-RT-000070 - The Juniper router must be configured to have all non-essential capabilities disabled - fingerDISA STIG Juniper Router RTR v3r1Juniper

CONFIGURATION MANAGEMENT

JUNI-RT-000070 - The Juniper router must be configured to have all non-essential capabilities disabled - telnetDISA STIG Juniper Router RTR v3r1Juniper

CONFIGURATION MANAGEMENT

JUNI-RT-000380 - The Juniper perimeter router must be configured to block all outbound management traffic.DISA STIG Juniper Router RTR v3r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

Management Access Policy - HTTPS - SSL Protocols - TLSv1Tenable Cisco ACICisco_ACI

SYSTEM AND COMMUNICATIONS PROTECTION

Management Access Policy - Telnet - Admin StateTenable Cisco ACICisco_ACI

CONFIGURATION MANAGEMENT

WN10-CC-000063 - Windows 10 systems must use either Group Policy or an approved Mobile Device Management (MDM) product to enforce STIG compliance.DISA Windows 10 STIG v3r2Windows

CONFIGURATION MANAGEMENT