Item Search

NameAudit NamePluginCategory
1.1.1.3 Configure AAA Authentication - RADIUS if applicableCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL

1.1.4.1.4 Ensure 'Disable user name and password' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

1.1.4.1.6 Ensure 'Local Machine Zone Lockdown Security' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

1.1.4.1.13 Ensure 'Saved from URL' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.5 Ensure Exec Timeout for Remote Administrative Sessions (VTY) is set to less than 10CIS Cisco NX-OS v1.2.0 L1Cisco

CONFIGURATION MANAGEMENT, MAINTENANCE

1.2.6 Set the Maximum Number of VTY SessionsCIS Cisco NX-OS v1.2.0 L1Cisco

CONFIGURATION MANAGEMENT, MAINTENANCE

1.2.7 Disable the Telnet FeatureCIS Cisco NX-OS v1.2.0 L1Cisco

CONFIGURATION MANAGEMENT, MAINTENANCE

1.4.3 Set password lifetime, warning time and grace time for local credentialsCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

1.5.1 Ensure Syslog Logging is configuredCIS Cisco NX-OS v1.2.0 L2Cisco

AUDIT AND ACCOUNTABILITY

1.5.2 Log all Successful and Failed Administrative LoginsCIS Cisco NX-OS v1.2.0 L2Cisco

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.6.1 Configure at least 2 external NTP ServersCIS Cisco NX-OS v1.2.0 L1Cisco

AUDIT AND ACCOUNTABILITY

2.1 Ensure Authentication is configuredCIS MongoDB 6 v1.2.0 L1 MongoDBUnix

IDENTIFICATION AND AUTHENTICATION

2.1.1.3.2.1.1 Ensure 'Allow Trusted Locations on the network' is set to 'Disabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

2.1.4.1 Ensure 'Default file format' is set to 'Enabled: Access 2007'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

2.1.5.1 Ensure 'Modal Trust Decision Only' is set to 'Disabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

2.2 Alter the Advertised server.number StringCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

2.2.4.7.2.1.2 Ensure 'Don't allow Dynamic Data Exchange (DDE) server launch in Excel' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.2.4.7.2.2.1 Ensure 'dBase III /IV files' is set to 'Enable: Open/Save blocked, use open policy'CIS Microsoft Office Enterprise v1.2.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

2.2.4.7.2.10 Ensure 'Prevent Excel from running XLM macros' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

2.2.4.7.2.12 Ensure 'Store macro in Personal Macro Workbook by default' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all ConnectorsCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

2.11.8.3.1 Ensure 'Hidden text' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

2.11.8.7.2.1.1 Ensure 'Set default file block behavior' is set to 'Enabled: Blocked files are not opened'CIS Microsoft Office Enterprise v1.2.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

2.11.8.7.2.1.5 Ensure 'Word 2007 and later binary documents and templates' is set to 'Enabled: Open/Save blocked, use open policy'CIS Microsoft Office Enterprise v1.2.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

2.11.8.7.2.1.6 Ensure 'Word 6.0 binary documents and templates' is set to 'Enabled: Open/Save blocked, use open policy'CIS Microsoft Office Enterprise v1.2.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

2.11.8.7.2.5 Ensure 'Disable Trust Bar Notification for unsigned application add-ins and block them' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

2.11.8.7.2.8 Ensure 'Scan encrypted macros in Word Open XML Documents' to 'Enabled: Scan encrypted macros (default)'CIS Microsoft Office Enterprise v1.2.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

3.1.1.3 Configure EIGRP log-adjacency-changesCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.2.2 If Possible, Limit the BGP Routes Accepted from PeersCIS Cisco NX-OS v1.2.0 L2Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.2.3 Configure BGP AuthenticationCIS Cisco NX-OS v1.2.0 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.3.2 Authenticate OSPF peers with MD5 authentication keysCIS Cisco NX-OS v1.2.0 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Disable the Shutdown portCIS Apache Tomcat 9 L2 v1.2.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.4 Disable IP Directed Broadcasts on all Layer 3 InterfacesCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2 Configure Storm ControlCIS Cisco NX-OS v1.2.0 L2Cisco

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, INCIDENT RESPONSE, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privilegesCIS MongoDB 6 v1.2.0 L1 MongoDBMongoDB

ACCESS CONTROL

3.5 Review Superuser/Admin RolesCIS MongoDB 6 v1.2.0 L2 MongoDBMongoDB

ACCESS CONTROL

3.5 Review Superuser/Admin Roles - userAdminAnyDatabaseCIS MongoDB 5 L2 DB v1.2.0MongoDB

ACCESS CONTROL

3.5.1 Basic Fiber Channel ConfigurationCIS Cisco NX-OS v1.2.0 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

4.3 Ensure Encryption of Data in Transit TLS or SSL (Transport Encryption)CIS MongoDB 6 v1.2.0 L1 MongoDBUnix

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Ensure Federal Information Processing Standard (FIPS) is enabledCIS MongoDB 6 v1.2.0 L2 MongoDBUnix

SYSTEM AND COMMUNICATIONS PROTECTION

4.5 Ensure Encryption of Data at RestCIS MongoDB 6 v1.2.0 L2 MongoDBWindows

SYSTEM AND COMMUNICATIONS PROTECTION

4.9 Restrict access to Tomcat catalina.policyCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

6.2 Ensure SSLEnabled is set to True for Sensitive Connectors - verify SSLEnabled is set to trueCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.2 Ensure that operating system resource limits are set for MongoDBCIS MongoDB 6 v1.2.0 L2 MongoDBWindows

SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure appropriate database file permissions are set.CIS MongoDB 6 v1.2.0 L1 MongoDBUnix

ACCESS CONTROL

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in web applicationCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

8.1 Restrict runtime access to sensitive packagesCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

10.3 Restrict manager applicationCIS Apache Tomcat 9 L2 v1.2.0Unix

ACCESS CONTROL

10.9 Configure connectionTimeoutCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

10.10 Configure maxHttpHeaderSizeCIS Apache Tomcat 9 L2 v1.2.0Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION