Item Search

NameAudit NamePluginCategory
1.1.1.1 TACACS+CIS Cisco IOS XR 7.x v1.0.0 L2Cisco

ACCESS CONTROL

1.1.1.2 RADIUSCIS Cisco IOS XR 7.x v1.0.0 L2Cisco

ACCESS CONTROL

1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL

1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

ACCESS CONTROL

1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL

1.4.2 Enable 'service password-encryption'CIS Cisco IOS 15 L1 v4.1.1Cisco

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.4.2 Enable 'service password-encryption'CIS Cisco IOS XE 17.x v2.1.1 L1Cisco

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.4.2 Enable 'service password-encryption'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User must enter a password each time they use a key'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User must enter a password each time they use a key' (STIG only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User must enter a password each time they use a key' (STIG only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.1.3 Configure EIGRP log-adjacency-changesCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

4.7.1 Ensure authentication is set to MD5CIS Juniper OS Benchmark v2.1.0 L1Juniper

IDENTIFICATION AND AUTHENTICATION

5.10 (L1) Host must restrict the use of Virtual Guest Tagging (VGT) on standard virtual switchesCIS VMware ESXi 8.0 v1.2.0 L1VMware

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systemsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

SYSTEM AND COMMUNICATIONS PROTECTION

20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systems (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number.DISA Cisco IOS Router NDM STIG v3r4Cisco

ACCESS CONTROL

CISC-ND-000120 - The Cisco router must be configured to automatically audit account removal actions.DISA Cisco IOS Router NDM STIG v3r4Cisco

ACCESS CONTROL

CISC-ND-000280 - The Cisco router must produce audit records containing information to establish when (date and time) the events occurred.DISA Cisco IOS Router NDM STIG v3r4Cisco

AUDIT AND ACCOUNTABILITY

CISC-ND-000290 - The Cisco router must produce audit records containing information to establish where the events occurred.DISA Cisco IOS Router NDM STIG v3r4Cisco

AUDIT AND ACCOUNTABILITY

CISC-ND-000390 - The Cisco router must be configured to protect audit information from unauthorized deletion.DISA Cisco IOS Router NDM STIG v3r4Cisco

AUDIT AND ACCOUNTABILITY

CISC-ND-001210 - The Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.DISA Cisco IOS Router NDM STIG v3r4Cisco

MAINTENANCE

CISC-ND-001220 - The Cisco router must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards.DISA Cisco IOS Router NDM STIG v3r4Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-ND-001440 - The Cisco router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.DISA Cisco IOS Router NDM STIG v3r4Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000120 - The Cisco router must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.DISA Cisco IOS Router RTR STIG v3r3Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000180 - The Cisco router must be configured to have Internet Control Message Protocol (ICMP) mask reply messages disabled on all external interfaces.DISA Cisco IOS Router RTR STIG v3r3Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000400 - The Cisco out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel.DISA Cisco IOS Router RTR STIG v3r3Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000420 - The Cisco out-of-band management (OOBM) gateway router must be configured to have separate IGP instances for the managed network and management network.DISA Cisco IOS Router RTR STIG v3r3Cisco

ACCESS CONTROL

CISC-RT-000490 - The Cisco BGP router must be configured to reject inbound route advertisements for any Bogon prefixes.DISA Cisco IOS Router RTR STIG v3r3Cisco

ACCESS CONTROL

CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS).DISA Cisco IOS Router RTR STIG v3r3Cisco

ACCESS CONTROL

CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.DISA Cisco IOS Router RTR STIG v3r3Cisco

ACCESS CONTROL

CISC-RT-000560 - The Cisco BGP router must be configured to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks.DISA Cisco IOS Router RTR STIG v3r3Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000590 - The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.DISA Cisco IOS Router RTR STIG v3r3Cisco

CONTINGENCY PLANNING

CISC-RT-000630 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.DISA Cisco IOS Router RTR STIG v3r3Cisco

CONTINGENCY PLANNING

CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).DISA Cisco IOS Router RTR STIG v3r3Cisco

CONTINGENCY PLANNING

CISC-RT-000670 - The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.DISA Cisco IOS Router RTR STIG v3r3Cisco

CONTINGENCY PLANNING

CISC-RT-000740 - The Cisco PE router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces.DISA Cisco IOS Router RTR STIG v3r3Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000770 - The Cisco P router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications.DISA Cisco IOS Router RTR STIG v3r3Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000910 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to authenticate all received MSDP packets.DISA Cisco IOS Router RTR STIG v3r3Cisco

IDENTIFICATION AND AUTHENTICATION

CISC-RT-000920 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to filter received source-active multicast advertisements for any undesirable multicast groups and sources.DISA Cisco IOS Router RTR STIG v3r3Cisco

ACCESS CONTROL

CISC-RT-000930 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups.DISA Cisco IOS Router RTR STIG v3r3Cisco

ACCESS CONTROL

DG0127-ORACLE11 - DBMS account passwords should not be set to easily guessed words or values - 'limit'DISA STIG Oracle 11 Instance v9r1 DatabaseOracleDB
IISW-SV-000142 - The IIS 8.5 web server must restrict inbound connections from nonsecure zones.DISA IIS 8.5 Server v2r7Windows

ACCESS CONTROL

JUSX-AG-000126 - The Juniper SRX Services Gateway Firewall must only allow inbound communications from organization-defined authorized sources routed to organization-defined authorized destinations.DISA Juniper SRX Services Gateway ALG v3r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

Physical Security - Diagnostic Ports - Password protect Diagnostic ports - diag-portJuniper Hardening JunOS 12 Devices ChecklistJuniper

IDENTIFICATION AND AUTHENTICATION

SLES-12-030140 - The SUSE operating system must deny direct logons to the root account using remote access via SSH.DISA SLES 12 STIG v3r2Unix

IDENTIFICATION AND AUTHENTICATION

UBTU-16-010080 - The Ubuntu operating system must prevent direct login into the root account.DISA STIG Ubuntu 16.04 LTS v2r3Unix

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010036 - The Ubuntu operating system must prevent direct login into the root account.DISA STIG Ubuntu 18.04 LTS v2r15Unix

IDENTIFICATION AND AUTHENTICATION

UBTU-24-400110 - Ubuntu 24.04 LTS must prevent direct login to the root account.DISA Canonical Ubuntu 24.04 LTS STIG v1r1Unix

IDENTIFICATION AND AUTHENTICATION