Item Search

NameAudit NamePluginCategory
1.2.5 Ensure valid certificate is set for browser-based administrator interfaceCIS Palo Alto Firewall 11 v1.1.0 L2Palo_Alto

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.1 Ensure 'V3' is selected for SNMP pollingCIS Palo Alto Firewall 11 v1.1.0 L1Palo_Alto

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Windows Server 2012 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain ControllerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows Server 2022 v3.0.0 L1 Member ServerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows Server 2019 v3.0.1 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.20 Ensure 'Allow Web Authentication requests on sites with broken TLS certificates' Is DisabledCIS Google Chrome L1 v3.0.0Windows

ACCESS CONTROL, AWARENESS AND TRAINING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.22 Ensure 'Enable TLS Encrypted ClientHello' Is EnabledCIS Google Chrome L1 v3.0.0Windows

ACCESS CONTROL, AWARENESS AND TRAINING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.29 Ensure 'Insecure Hashes in TLS Handshakes Enabled' Is DisabledCIS Google Chrome L1 v3.0.0Windows

ACCESS CONTROL, AWARENESS AND TRAINING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.14 Ensure only strong MAC algorithms are usedCIS Debian 10 Workstation L1 v2.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.14 Ensure sshd MACs are configuredCIS AlmaLinux OS 8 Server L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.14 Ensure sshd MACs are configuredCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.14 Ensure sshd MACs are configuredCIS Oracle Linux 8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.15 Ensure sshd MACs are configuredCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.15 Ensure sshd MACs are configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Ensure Federal Information Processing Standard (FIPS) is enabledCIS MongoDB 7 v1.1.0 L2 MongoDBUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Ensure Federal Information Processing Standard (FIPS) is enabledCIS MongoDB 7 v1.1.0 L2 MongoDBWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.7 Ensure 'Controls the mode of DNS-over-HTTPS' is set to 'Enabled: DNS-over-HTTPS without insecure fallback'CIS Google Chrome L2 v3.0.0Windows

ACCESS CONTROL, AWARENESS AND TRAINING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure sshd MACs are configuredCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure sshd MACs are configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure sshd MACs are configuredCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure sshd MACs are configuredCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure sshd MACs are configuredCIS Red Hat Enterprise Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure sshd MACs are configuredCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.15 Ensure sshd MACs are configuredCIS Debian Linux 12 v1.1.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.15 Ensure sshd MACs are configuredCIS Ubuntu Linux 22.04 LTS v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.15 Ensure sshd MACs are configuredCIS Debian Linux 11 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.2.13 Ensure only strong ciphers are usedCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.2.15 Ensure only strong Key Exchange algorithms are usedCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.2.15 Ensure only strong Key Exchange algorithms are usedCIS Debian 8 Server L1 v2.0.2Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.5.1 Ensure modern authentication for Exchange Online is enabledCIS Microsoft 365 Foundations E3 L1 v3.1.0microsoft_azure

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.9 Ensure All Web Content is Accessed via HTTPSCIS Apache HTTP Server 2.4 L1 v2.1.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.12 Ensure Only Cipher Suites That Provide Forward Secrecy Are EnabledCIS Apache HTTP Server 2.4 L2 v2.1.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - Invalid CategoriesCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

9.3 Ensure 'FTP State' is set to 'FTPS Only' or 'Disabled'CIS Microsoft Azure Foundations v3.0.0 L1microsoft_azure

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-06-000010 - The VMM must use DoD-approved encryption to protect the confidentiality of remote access sessions.DISA STIG VMware vSphere 6.x ESXi OS v1r5Unix

ACCESS CONTROL