Item Search

NameAudit NamePluginCategory
1.1.3.17.7 Set 'User Account Control: Switch to the secure desktop when prompting for elevation' to 'Enabled'CIS Windows 8 L1 v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

1.3.4 Ensure 'Maximum lifetime for user ticket renewal' is set to '7 or fewer days' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION

2.2.28 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only)CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MSWindows

ACCESS CONTROL

2.2.28 Ensure 'Deny log on as a service' to include 'No one' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL

3.1.3.1 Set Interfaces with no Peers to Passive-InterfaceCIS Cisco NX-OS L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.121 - The system does not have a backup administrator accountDISA Windows Vista STIG v6r41Windows

CONFIGURATION MANAGEMENT

5.140 - The HBSS McAfee Agent is not installed. - FrameworkServiceDISA Windows Vista STIG v6r41Windows

CONFIGURATION MANAGEMENT

5.140 - The HBSS McAfee Agent is not installed. - masvcDISA Windows Vista STIG v6r41Windows

CONFIGURATION MANAGEMENT

7.1 Ensure that the vSwitch Forged Transmits policy is set to rejectCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure the vSwitch Forged Transmits policy is set to rejectCIS VMware ESXi 6.7 v1.3.0 Level 1VMware

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure the vSwitch Forged Transmits policy is set to rejectCIS VMware ESXi 6.5 v1.0.0 Level 1VMware

SYSTEM AND COMMUNICATIONS PROTECTION

7.6 Ensure port groups are not configured to VLAN 4095 except for Virtual Guest Tagging (VGT)CIS VMware ESXi 6.7 v1.3.0 Level 1VMware

SYSTEM AND INFORMATION INTEGRITY

7.6 Ensure port groups are not configured to VLAN 4095 except for Virtual Guest Tagging (VGT)CIS VMware ESXi 6.5 v1.0.0 Level 1VMware

SYSTEM AND INFORMATION INTEGRITY

18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

ACCESS CONTROL

18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain ControllerWindows

CONFIGURATION MANAGEMENT

18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

ACCESS CONTROL

18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'CIS Microsoft Windows Server 2016 v3.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DCWindows

CONFIGURATION MANAGEMENT

20.32 Ensure 'krbtgt account password' is no more than '180 days old' (STIG DC only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

20.32 Ensure 'krbtgt account password' is no more than '180 days old' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL

20.67 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

20.67 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

Access control listsArubaOS CX 10.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

AIOS-14-011000 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch.MobileIron - DISA Apple iOS/iPadOS 14 v1r3MDM

ACCESS CONTROL, CONFIGURATION MANAGEMENT

ARST-ND-000810 - The network device must be configured to use an authentication server to authenticate users prior to granting administrative access.DISA STIG Arista MLS EOS 4.2x NDM v2r1Arista

CONFIGURATION MANAGEMENT

Auditing and loggingArubaOS CX 10.x Hardening Guide v1.0.0ArubaOS

AUDIT AND ACCOUNTABILITY

CASA-ND-000520 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one uppercase character be used.DISA STIG Cisco ASA NDM v2r2Cisco

IDENTIFICATION AND AUTHENTICATION

CASA-ND-001200 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to modify administrator privileges occur.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CASA-ND-001210 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CISC-ND-001260 - The Cisco router must be configured to generate audit records when successful/unsuccessful logon attempts occur.DISA STIG Cisco IOS Router NDM v3r2Cisco

AUDIT AND ACCOUNTABILITY

CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values.DISA STIG Cisco IOS-XR Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

Console inactivity timerArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

ACCESS CONTROL

EX19-ED-000128 - The Exchange Sender Reputation filter must be enabled.DISA Microsoft Exchange 2019 Edge Server STIG v2r1Windows

SYSTEM AND INFORMATION INTEGRITY

Extreme : switch InfoTNS Extreme ExtremeXOS Best Practice AuditExtreme_ExtremeXOS

CONFIGURATION MANAGEMENT

GEN003619 - The system must not be configured for network bridging.DISA STIG for Oracle Linux 5 v2r1Unix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

HP ProCurve - 'Disable SNMPv2'TNS HP ProCurveHPProCurve

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

HP ProCurve - 'Disable TFTP server'TNS HP ProCurveHPProCurve

CONFIGURATION MANAGEMENT

HP ProCurve - 'Enable DHCP snooping'TNS HP ProCurveHPProCurve

SYSTEM AND COMMUNICATIONS PROTECTION

HP ProCurve - 'Enable SNMPv3'TNS HP ProCurveHPProCurve

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

JUEX-L2-000090 - The Juniper EX switch must be configured to enable BPDU Protection on all user-facing or untrusted access switch ports.DISA Juniper EX Series Layer 2 Switch v2r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

Local password complexity - password minimum-lengthArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

IDENTIFICATION AND AUTHENTICATION

Policies - Pod - Date and Time Policy - Administrative StateTenable Cisco ACICisco_ACI
SQL6-D0-004300 - SQL Server must be configured to generate audit records for DoD-defined auditable events within all DBMS/database components.DISA STIG SQL Server 2016 Instance DB Audit v3r2MS_SQLDB

AUDIT AND ACCOUNTABILITY

Web Token Timeout (s)Tenable Cisco ACICisco_ACI

ACCESS CONTROL