Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.7.10 Ensure XDMCP is not enabledCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

1.7.10 Ensure XDMCP is not enabledCIS Red Hat Enterprise Linux 7 v4.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

1.7.10 Ensure XDMCP is not enabledCIS CentOS Linux 7 v4.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

1.8.10 Ensure XDCMP is not enabledCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

1.8.10 Ensure XDMCP is not enabledCIS Oracle Linux 8 Workstation L1 v3.0.0Unix

CONFIGURATION MANAGEMENT

1.8.10 Ensure XDMCP is not enabledCIS Red Hat EL8 Server L1 v3.0.0Unix

CONFIGURATION MANAGEMENT

1.8.10 Ensure XDMCP is not enabledCIS Red Hat EL8 Workstation L1 v3.0.0Unix

CONFIGURATION MANAGEMENT

1.8.10 Ensure XDMCP is not enabledCIS SUSE Linux Enterprise 15 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

1.8.10 Ensure XDMCP is not enabledCIS Rocky Linux 8 Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

1.8.10 Ensure XDMCP is not enabledCIS Oracle Linux 8 Server L1 v3.0.0Unix

CONFIGURATION MANAGEMENT

2.2.2 Ensure time set is within appropriate limitsCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix
2.5.4 Ensure the NGINX reverse proxy does not enable information disclosureCIS NGINX Benchmark v2.1.0 L1 ProxyUnix

SYSTEM AND SERVICES ACQUISITION

4.3 Ensure excessive function privileges are revokedCIS PostgreSQL 10 OS v1.0.0Unix

ACCESS CONTROL

4.4 Ensure excessive function privileges are revokedCIS PostgreSQL 9.5 DB v1.1.0PostgreSQLDB

ACCESS CONTROL

5.3.3 Ensure password reuse is limitedCIS Distribution Independent Linux Workstation L1 v2.0.0Unix

ACCESS CONTROL

5.3.3 Ensure password reuse is limitedCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0Unix

ACCESS CONTROL

5.3.3 Ensure password reuse is limitedCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

IDENTIFICATION AND AUTHENTICATION

5.3.3 Ensure password reuse is limitedCIS Debian 9 Server L1 v1.0.1Unix

ACCESS CONTROL

5.3.3 Ensure password reuse is limitedCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0Unix

ACCESS CONTROL

5.3.3 Ensure password reuse is limitedCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.3.3 Ensure password reuse is limitedCIS Debian 9 Workstation L1 v1.0.1Unix

ACCESS CONTROL

5.3.3 Ensure password reuse is limitedCIS Distribution Independent Linux Server L1 v2.0.0Unix

ACCESS CONTROL

5.3.3 Ensure password reuse is limitedCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

IDENTIFICATION AND AUTHENTICATION

5.3.3 Ensure password reuse is limited - password-authCIS Amazon Linux 2 STIG v1.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

5.4.4 Ensure password reuse is limitedCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.4.4 Ensure password reuse is limitedCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

IDENTIFICATION AND AUTHENTICATION

6.1.1 Audit system file permissionsCIS Distribution Independent Linux Server L2 v2.0.0Unix

ACCESS CONTROL

6.12 Ensure all HTTP Header Logging options are enabled - User-AgentCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION

7.5 Firewall ConsiderationCIS Apple macOS 10.12 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

7.5 Firewall ConsiderationCIS Apple OSX 10.9 L2 v1.3.0Unix
7.7 App Store Automatically download apps purchased on other Macs ConsiderationsCIS Apple OSX 10.9 L2 v1.3.0Unix
BIND-9X-000001 - A BIND 9.x server implementation must be running in a chroot(ed) directory structure.DISA BIND 9.x STIG v2r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

BIND-9X-001002 - The platform on which the name server software is hosted must only run processes and services needed to support the BIND 9.x implementation.DISA BIND 9.x STIG v2r3Unix

CONFIGURATION MANAGEMENT

BIND-9X-001055 - A BIND 9.x server implementation must prohibit recursion on authoritative name servers.DISA BIND 9.x STIG v2r3Unix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

BIND-9X-001610 - A BIND 9.x server NSEC3 must be used for all internal DNS zones.DISA BIND 9.x STIG v2r3Unix

CONFIGURATION MANAGEMENT

Configure IPsec Tunnel Parameters - perfect-forward-secrecyTenable Cisco Viptela SD-WAN - vEdgeCisco_Viptela

ACCESS CONTROL

DTAVSEL-016 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Move infected files to the quarantine directory if first action fails when programs and jokes are found.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5Unix

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-111 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to Move infected files to the quarantine directory if first action fails when programs and jokes are found.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6Unix

SYSTEM AND INFORMATION INTEGRITY

ESXI-67-000032 - The ESXi host must prohibit the reuse of passwords within five iterations.DISA STIG VMware vSphere 6.7 ESXi v1r3VMware

IDENTIFICATION AND AUTHENTICATION

GEN002320 - Audio devices must have mode 0660 or less permissive - '/dev/snd/*'DISA STIG for Oracle Linux 5 v2r1Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

GEN002320 - Audio devices must have mode 0660 or less permissive - /dev/audio*DISA STIG Solaris 10 X86 v2r4Unix

ACCESS CONTROL

GEN002320 - Audio devices must have mode 0660 or less permissive - /dev/sound/*DISA STIG Solaris 10 SPARC v2r4Unix

ACCESS CONTROL

GEN002340 - Audio devices must be owned by root - '/dev/audio*'DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

ACCESS CONTROL

GEN002340 - Audio devices must be owned by root - /dev/sound/*DISA STIG Solaris 10 X86 v2r4Unix

CONFIGURATION MANAGEMENT

GEN002340 - Audio devices must be owned by root - /dev/sound/*DISA STIG Solaris 10 SPARC v2r4Unix

CONFIGURATION MANAGEMENT

GEN002340 - Audio devices must be owned by root.DISA STIG AIX 5.3 v1r2Unix

ACCESS CONTROL

MD3X-00-000380 - MongoDB must use NIST FIPS 140-2-validated cryptographic modules for cryptographic operations.DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OSUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

OH12-1X-000025 - OHS must have a SSL log format defined to allow generated information to be used by external applications or entities to monitor and control remote access in accordance with the categorization of data hosted by the web server.DISA STIG Oracle HTTP Server 12.1.3 v2r2Unix

ACCESS CONTROL

OH12-1X-000064 - OHS, behind a load balancer or proxy server, must have the SSL log format set correctly to produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event.DISA STIG Oracle HTTP Server 12.1.3 v2r2Unix

AUDIT AND ACCOUNTABILITY

OH12-1X-000070 - OHS must have a SSL log format defined to produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event.DISA STIG Oracle HTTP Server 12.1.3 v2r2Unix

AUDIT AND ACCOUNTABILITY