1.1.3.17.7 Set 'User Account Control: Switch to the secure desktop when prompting for elevation' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
2.2.28 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS | Windows | ACCESS CONTROL |
2.2.28 Ensure 'Deny log on as a service' to include 'No one' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
3.1.3.1 Set Interfaces with no Peers to Passive-Interface | CIS Cisco NX-OS L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
3.121 - The system does not have a backup administrator account | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
5.140 - The HBSS McAfee Agent is not installed. - FrameworkService | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
5.140 - The HBSS McAfee Agent is not installed. - masvc | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
7.1 Ensure that the vSwitch Forged Transmits policy is set to reject | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
7.1 Ensure the vSwitch Forged Transmits policy is set to reject | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
7.1 Ensure the vSwitch Forged Transmits policy is set to reject | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
7.6 Ensure port groups are not configured to VLAN 4095 except for Virtual Guest Tagging (VGT) | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
7.6 Ensure port groups are not configured to VLAN 4095 except for Virtual Guest Tagging (VGT) | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL |
18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller | Windows | CONFIGURATION MANAGEMENT |
18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | ACCESS CONTROL |
18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
20.32 Ensure 'krbtgt account password' is no more than '180 days old' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
20.32 Ensure 'krbtgt account password' is no more than '180 days old' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
20.67 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS' | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
20.67 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS' | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS' | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS' | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
Access control lists | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
AIOS-14-011000 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
ARST-ND-000810 - The network device must be configured to use an authentication server to authenticate users prior to granting administrative access. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | CONFIGURATION MANAGEMENT |
Auditing and logging | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY |
CASA-ND-000520 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one uppercase character be used. | DISA STIG Cisco ASA NDM v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CASA-ND-001200 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to modify administrator privileges occur. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
CASA-ND-001210 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to delete administrator privileges occur. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
CISC-ND-001260 - The Cisco router must be configured to generate audit records when successful/unsuccessful logon attempts occur. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
Console inactivity timer | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
EX19-ED-000128 - The Exchange Sender Reputation filter must be enabled. | DISA Microsoft Exchange 2019 Edge Server STIG v2r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
Extreme : switch Info | TNS Extreme ExtremeXOS Best Practice Audit | Extreme_ExtremeXOS | CONFIGURATION MANAGEMENT |
GEN003619 - The system must not be configured for network bridging. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
HP ProCurve - 'Disable SNMPv2' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
HP ProCurve - 'Disable TFTP server' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT |
HP ProCurve - 'Enable DHCP snooping' | TNS HP ProCurve | HPProCurve | SYSTEM AND COMMUNICATIONS PROTECTION |
HP ProCurve - 'Enable SNMPv3' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
JUEX-L2-000090 - The Juniper EX switch must be configured to enable BPDU Protection on all user-facing or untrusted access switch ports. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
Local password complexity - password minimum-length | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
Policies - Pod - Date and Time Policy - Administrative State | Tenable Cisco ACI | Cisco_ACI | |
SQL6-D0-004300 - SQL Server must be configured to generate audit records for DoD-defined auditable events within all DBMS/database components. | DISA STIG SQL Server 2016 Instance DB Audit v3r2 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
Web Token Timeout (s) | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |