1.1 (L1) Host hardware must have auditable, authentic, and up to date system and device firmware | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | SYSTEM AND SERVICES ACQUISITION |
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
1.1 Ensure the appropriate MongoDB software version/patches are installed | CIS MongoDB 4 L1 DB v1.0.0 | MongoDB | CONFIGURATION MANAGEMENT |
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | CONFIGURATION MANAGEMENT |
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | CONFIGURATION MANAGEMENT |
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | CONFIGURATION MANAGEMENT |
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | CONFIGURATION MANAGEMENT |
1.1.1 Ensure NGINX is installed | CIS NGINX Benchmark v2.0.1 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
1.1.2 Ensure NGINX is installed from source | CIS NGINX Benchmark v2.0.1 L2 Proxy | Unix | SYSTEM AND SERVICES ACQUISITION |
1.2 Ensure End of Life JUNOS Devices are not used | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
1.2 Ensure the Image Profile VIB acceptance level is configured properly | CIS VMware ESXi 6.5 v1.0.0 Level 1 Bare Metal | Unix | CONFIGURATION MANAGEMENT |
1.2 Ensure the Image Profile VIB acceptance level is configured properly | CIS VMware ESXi 6.7 v1.1.0 Level 1 Bare Metal | Unix | CONFIGURATION MANAGEMENT |
1.2.8 Ensure the version of the operating system is an active vendor supported release | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
1.3 Ensure Apache Is Installed From the Appropriate Binaries | CIS Apache HTTP Server 2.4 L1 v2.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
1.3 Ensure Apache Is Installed From the Appropriate Binaries | CIS Apache HTTP Server 2.4 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
1.3 Ensure no unauthorized kernel modules are loaded on the host | CIS VMware ESXi 6.5 v1.0.0 Level 1 Bare Metal | Unix | CONFIGURATION MANAGEMENT |
2.1.6 Ensure the latest firmware is installed | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
2.11 Ensure EFI version is valid and being regularly checked - daemon | CIS Apple macOS 11 v1.1.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
2.11 Ensure EFI version is valid and being regularly checked - integrity-check | CIS Apple macOS 11 v1.1.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
4.1 Ensure device is not obviously jailbroken | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.1 Ensure device is not obviously jailbroken | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.1 Ensure device is not obviously jailbroken | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.1 Ensure device is not obviously jailbroken | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.1 Ensure device is not obviously jailbroken | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.1 Ensure device is not obviously jailbroken | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.1 Ensure device is not obviously jailbroken | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.1 Ensure device is not obviously jailbroken | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.1 Ensure the Latest Security Patches are Applied | CIS MySQL 5.6 Enterprise Database L1 v2.0.0 | MySQLDB | SYSTEM AND SERVICES ACQUISITION |
4.1 Ensure the Latest Security Patches are Applied | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | SYSTEM AND SERVICES ACQUISITION |
4.2 Ensure 'Software Update' returns 'Your software is up to date.' | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.2 Ensure 'Software Update' returns 'Your software is up to date.' | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.2 Ensure 'Software Update' returns 'Your software is up to date.' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.2 Ensure 'Software Update' returns 'Your software is up to date.' | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.2 Ensure 'Software Update' returns 'Your software is up to date.' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.2 Ensure 'Software Update' returns 'Your software is up to date.' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.2 Ensure 'Software Update' returns 'Your software is up to date.' | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.2 Ensure 'Software Update' returns 'Your software is up to date.' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
4.2 Ensure device is not obviously jailbroken or compromised | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | SYSTEM AND SERVICES ACQUISITION |
4.2 Ensure device is not obviously jailbroken or compromised | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | SYSTEM AND SERVICES ACQUISITION |
5.5 Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads) | CIS Microsoft Azure Foundations v2.1.0 L2 | microsoft_azure | SYSTEM AND SERVICES ACQUISITION |
5.9 Ensure Legacy EFI Is Valid and Updating - checked regularly | CIS Apple macOS 13.0 Ventura v2.0.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
5.9 Ensure Legacy EFI Is Valid and Updating - valid | CIS Apple macOS 13.0 Ventura v2.0.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
5.10.1 Ensure Kubernetes Web UI is Disabled | CIS Google Kubernetes Engine (GKE) v1.5.0 L1 | GCP | CONFIGURATION MANAGEMENT |
7.28 (L2) Virtual machines should have virtual machine hardware version 19 or newer | CIS VMware ESXi 8.0 v1.1.0 L2 | VMware | SYSTEM AND SERVICES ACQUISITION |
20.42 Ensure 'Operating System is maintained at a supported servicing level' | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC | Windows | SYSTEM AND SERVICES ACQUISITION |
20.42 Ensure 'Operating System is maintained at a supported servicing level' | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS | Windows | SYSTEM AND SERVICES ACQUISITION |