1.1.1.3 Configure AAA Authentication - RADIUS if applicable | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL |
1.1.4.1.4 Ensure 'Disable user name and password' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
1.1.4.1.6 Ensure 'Local Machine Zone Lockdown Security' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
1.1.4.1.13 Ensure 'Saved from URL' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
1.2.5 Ensure Exec Timeout for Remote Administrative Sessions (VTY) is set to less than 10 | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.2.6 Set the Maximum Number of VTY Sessions | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.2.7 Disable the Telnet Feature | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.4.3 Set password lifetime, warning time and grace time for local credentials | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
1.5.1 Ensure Syslog Logging is configured | CIS Cisco NX-OS v1.2.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
1.5.2 Log all Successful and Failed Administrative Logins | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
1.6.1 Configure at least 2 external NTP Servers | CIS Cisco NX-OS v1.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
2.1 Ensure Authentication is configured | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | IDENTIFICATION AND AUTHENTICATION |
2.1.1.3.2.1.1 Ensure 'Allow Trusted Locations on the network' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
2.1.4.1 Ensure 'Default file format' is set to 'Enabled: Access 2007' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
2.1.5.1 Ensure 'Modal Trust Decision Only' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
2.2 Alter the Advertised server.number String | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
2.2.4.7.2.1.2 Ensure 'Don't allow Dynamic Data Exchange (DDE) server launch in Excel' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
2.2.4.7.2.2.1 Ensure 'dBase III /IV files' is set to 'Enable: Open/Save blocked, use open policy' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
2.2.4.7.2.10 Ensure 'Prevent Excel from running XLM macros' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
2.2.4.7.2.12 Ensure 'Store macro in Personal Macro Workbook by default' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
2.11.8.3.1 Ensure 'Hidden text' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
2.11.8.7.2.1.1 Ensure 'Set default file block behavior' is set to 'Enabled: Blocked files are not opened' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
2.11.8.7.2.1.5 Ensure 'Word 2007 and later binary documents and templates' is set to 'Enabled: Open/Save blocked, use open policy' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
2.11.8.7.2.1.6 Ensure 'Word 6.0 binary documents and templates' is set to 'Enabled: Open/Save blocked, use open policy' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
2.11.8.7.2.5 Ensure 'Disable Trust Bar Notification for unsigned application add-ins and block them' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
2.11.8.7.2.8 Ensure 'Scan encrypted macros in Word Open XML Documents' to 'Enabled: Scan encrypted macros (default)' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
3.1.1.3 Configure EIGRP log-adjacency-changes | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.1.2.2 If Possible, Limit the BGP Routes Accepted from Peers | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.1.2.3 Configure BGP Authentication | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.1.3.2 Authenticate OSPF peers with MD5 authentication keys | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.2 Disable the Shutdown port | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.4 Disable IP Directed Broadcasts on all Layer 3 Interfaces | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.3.2 Configure Storm Control | CIS Cisco NX-OS v1.2.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, INCIDENT RESPONSE, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privileges | CIS MongoDB 6 v1.2.0 L1 MongoDB | MongoDB | ACCESS CONTROL |
3.5 Review Superuser/Admin Roles | CIS MongoDB 6 v1.2.0 L2 MongoDB | MongoDB | ACCESS CONTROL |
3.5 Review Superuser/Admin Roles - userAdminAnyDatabase | CIS MongoDB 5 L2 DB v1.2.0 | MongoDB | ACCESS CONTROL |
3.5.1 Basic Fiber Channel Configuration | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
4.3 Ensure Encryption of Data in Transit TLS or SSL (Transport Encryption) | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
4.4 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
4.5 Ensure Encryption of Data at Rest | CIS MongoDB 6 v1.2.0 L2 MongoDB | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
4.9 Restrict access to Tomcat catalina.policy | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
6.2 Ensure SSLEnabled is set to True for Sensitive Connectors - verify SSLEnabled is set to true | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
6.2 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB 6 v1.2.0 L2 MongoDB | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
7.2 Ensure appropriate database file permissions are set. | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | ACCESS CONTROL |
7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in web application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
8.1 Restrict runtime access to sensitive packages | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
10.3 Restrict manager application | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | ACCESS CONTROL |
10.9 Configure connectionTimeout | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
10.10 Configure maxHttpHeaderSize | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |