Item Search

NameAudit NamePluginCategory
1.1.6 Ensure separate partition exists for /varCIS Debian Family Server L2 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.6 Ensure separate partition exists for /varCIS Debian Family Workstation L2 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.10 Ensure separate partition exists for /varCIS Fedora 19 Family Linux Server L2 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.10 Ensure separate partition exists for /varCIS Fedora 19 Family Linux Workstation L2 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.11 Ensure separate partition exists for /var/logCIS Debian Family Server L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

1.1.11 Ensure separate partition exists for /var/logCIS Debian 9 Workstation L2 v1.0.1Unix

AUDIT AND ACCOUNTABILITY

1.1.15 Ensure separate partition exists for /var/logCIS Fedora 19 Family Linux Server L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

1.1.15 Ensure separate partition exists for /var/logCIS Fedora 19 Family Linux Workstation L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

1.1.16 Ensure separate partition exists for /var/log/auditCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

1.3.1 (L1) Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)'CIS Microsoft 365 Foundations v5.0.0 L1 E5microsoft_azure

IDENTIFICATION AND AUTHENTICATION

1.3.1 (L1) Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)'CIS Microsoft 365 Foundations v5.0.0 L1 E3microsoft_azure

IDENTIFICATION AND AUTHENTICATION

2.6.1.1 Audit iCloud KeychainCIS Apple macOS 10.15 Catalina v3.0.0 L2Unix

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.6.1.1 Audit iCloud KeychainCIS Apple macOS 11.0 Big Sur v4.0.0 L2Unix

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.6.1.2 Audit iCloud KeychainCIS Apple macOS 10.14 v2.0.0 L2Unix

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.6.2 iCloud keychainCIS Apple macOS 10.13 L2 v1.1.0Unix

ACCESS CONTROL

2.7 Ensure monitoring and alerting exist for SCIM token creationCIS Snowflake Foundations v1.0.0 L1Snowflake

AUDIT AND ACCOUNTABILITY

2.7.2 iCloud keychainCIS Apple macOS 10.12 L2 v1.2.0Unix

ACCESS CONTROL

5.2.2.1 (L1) Ensure multifactor authentication is enabled for all users in administrative rolesCIS Microsoft 365 Foundations v5.0.0 L1 E3microsoft_azure

IDENTIFICATION AND AUTHENTICATION

5.3.2 Ensure that guest users are reviewed on a regular basisCIS Microsoft Azure Foundations v5.0.0 L1microsoft_azure

ACCESS CONTROL

5.4.1 Enable VPC Flow Logs and Intranode VisibilityCIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L1GCP

AUDIT AND ACCOUNTABILITY

5.4.3 Ensure clusters are created with Private Endpoint Enabled and Public Access DisabledCIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.6.4 Ensure clusters are created with Private Endpoint Enabled and Public Access DisabledCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1.5.2 Ensure Advanced Threat Protection Alerts for Storage Accounts Are MonitoredCIS Microsoft Azure Foundations v5.0.0 L2microsoft_azure

AUDIT AND ACCOUNTABILITY

8.1.9.1 Ensure That Microsoft Defender for Resource Manager Is Set To 'On'CIS Microsoft Azure Foundations v5.0.0 L2microsoft_azure

ACCESS CONTROL, RISK ASSESSMENT

8.3.10 Ensure that Azure Key Vault Managed HSM is used when requiredCIS Microsoft Azure Foundations v5.0.0 L2microsoft_azure

SYSTEM AND COMMUNICATIONS PROTECTION

19.7.8.5 (L1) Ensure 'Turn off Spotlight collection on Desktop' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

CONFIGURATION MANAGEMENT

19.7.8.5 (L1) Ensure 'Turn off Spotlight collection on Desktop' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

CONFIGURATION MANAGEMENT

19.7.8.5 (L1) Ensure 'Turn off Spotlight collection on Desktop' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1Windows

CONFIGURATION MANAGEMENT

19.7.8.5 (L1) Ensure 'Turn off Spotlight collection on Desktop' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT

19.7.8.5 (L1) Ensure 'Turn off Spotlight collection on Desktop' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1Windows

CONFIGURATION MANAGEMENT

19.7.8.5 (L1) Ensure 'Turn off Spotlight collection on Desktop' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BLWindows

CONFIGURATION MANAGEMENT

19.7.8.5 (L1) Ensure 'Turn off Spotlight collection on Desktop' is set to 'Enabled'CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

19.7.8.5 (L1) Ensure 'Turn off Spotlight collection on Desktop' is set to 'Enabled'CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

19.7.8.5 (L1) Ensure 'Turn off Spotlight collection on Desktop' is set to 'Enabled'CIS Microsoft Windows Server 2019 v4.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT

19.7.8.5 (L1) Ensure 'Turn off Spotlight collection on Desktop' is set to 'Enabled'CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

AIOS-12-012600 - Apple iOS must not allow managed apps to write contacts to unmanaged contacts accounts.AirWatch - DISA Apple iOS 12 v2r1MDM

CONFIGURATION MANAGEMENT

AIOS-12-012600 - Apple iOS must not allow managed apps to write contacts to unmanaged contacts accounts.MobileIron - DISA Apple iOS 12 v2r1MDM

CONFIGURATION MANAGEMENT

AIOS-12-012700 - Apple iOS must not allow unmanaged apps to read contacts from managed contacts accounts.MobileIron - DISA Apple iOS 12 v2r1MDM

CONFIGURATION MANAGEMENT

AIOS-14-010800 - Apple iOS/iPadOS must not allow unmanaged apps to read contacts from managed contacts accounts.AirWatch - DISA Apple iOS/iPadOS 14 v1r3MDM

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-15-012300 - Apple iOS/iPadOS 15 must not allow managed apps to write contacts to unmanaged contacts accounts.AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4MDM

CONFIGURATION MANAGEMENT

AIOS-15-012300 - Apple iOS/iPadOS 15 must not allow managed apps to write contacts to unmanaged contacts accounts.MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4MDM

CONFIGURATION MANAGEMENT

AIOS-17-012400 - Apple iOS/iPadOS 17 must not allow unmanaged apps to read contacts from managed contacts accounts.AirWatch - DISA Apple iOS/iPadOS 17 v2r2MDM

CONFIGURATION MANAGEMENT

AIOS-17-712300 - Apple iOS/iPadOS 17 must not allow managed apps to write contacts to unmanaged contacts accounts.AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r2MDM

CONFIGURATION MANAGEMENT

AIOS-17-712400 - Apple iOS/iPadOS 17 must not allow unmanaged apps to read contacts from managed contacts accounts.MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r2MDM

CONFIGURATION MANAGEMENT

AIOS-18-012300 - Apple iOS/iPadOS 18 must not allow managed apps to write contacts to unmanaged contacts accounts.AirWatch - DISA Apple iOS/iPadOS 18 v2r1MDM

CONFIGURATION MANAGEMENT

AIOS-18-012300 - Apple iOS/iPadOS 18 must not allow managed apps to write contacts to unmanaged contacts accounts.MobileIron - DISA Apple iOS/iPadOS 18 v2r1MDM

CONFIGURATION MANAGEMENT

AIOS-18-012400 - Apple iOS/iPadOS 18 must not allow unmanaged apps to read contacts from managed contacts accounts.AirWatch - DISA Apple iOS/iPadOS 18 v2r1MDM

CONFIGURATION MANAGEMENT

AIOS-18-012400 - Apple iOS/iPadOS 18 must not allow unmanaged apps to read contacts from managed contacts accounts.MobileIron - DISA Apple iOS/iPadOS 18 v2r1MDM

CONFIGURATION MANAGEMENT

SYMP-AG-000610 - Symantec ProxySG providing content filtering must detect use of network services that have not been authorized or approved by the ISSM and ISSO, at a minimum.DISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

SYSTEM AND INFORMATION INTEGRITY

WPAW-00-000200 - Site IT resources designated as high value by the Authorizing Official (AO) must be remotely managed only via a Windows privileged access workstation (PAW) - AO must be remotely managed only via PAWDISA Microsoft Windows PAW STIG v3r2Windows

CONFIGURATION MANAGEMENT