Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.2 (L1) Ensure 'Maximum password age' is set to '365 or fewer days, but not 0'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

IDENTIFICATION AND AUTHENTICATION

1.2.3 (L1) Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL

1.4 Harden the container hostCIS Docker 1.6 v1.0.0 L1 LinuxUnix

CONFIGURATION MANAGEMENT

2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

2.2.8 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators' (DC only)CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL

2.2.22 (L1) Ensure 'Deny log on as a service' to include 'Guests'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL

2.2.30 (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (DC only)CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL

2.2.33 (L1) Ensure 'Lock pages in memory' is set to 'No One'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL

2.3.2.1 (L1) Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

2.3.5.2 (L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only)CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.10.11 (L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, MEDIA PROTECTION

2.3.10.12 (L1) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

2.3.15.1 (L1) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

2.3.15.2 (L1) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

5.2 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (MS only)CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

5.42 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L2Windows

CONFIGURATION MANAGEMENT

5.42 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL NGWindows

CONFIGURATION MANAGEMENT

5.42 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L2Windows

CONFIGURATION MANAGEMENT

5.42 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NGWindows

CONFIGURATION MANAGEMENT

17.1.2 (L1) Ensure 'Audit Kerberos Authentication Service' is set to 'Success and Failure' (DC Only)CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.1.3 (L1) Ensure 'Audit Kerberos Service Ticket Operations' is set to 'Success and Failure' (DC Only)CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

17.2.5 (L1) Ensure 'Audit Security Group Management' is set to include 'Success'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.3.2 (L1) Ensure 'Configure SMB v1 client' is set to 'Enabled: Bowser, MRxSmb20, NSI'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.3.3 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.3.7 (L1) Ensure 'Limits print driver installation to Administrators' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

SYSTEM AND INFORMATION INTEGRITY

18.5.4.2 (L1) Ensure 'Turn off multicast name resolution' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.5.11.1 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')CIS Microsoft Windows 10 Enterprise v4.0.0 L2Windows

CONFIGURATION MANAGEMENT

18.8.7.1 (L1) Ensure 'Allow remote access to the Plug and Play interface' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

MEDIA PROTECTION

18.8.36.1 (L1) Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.25.3 (L1) Ensure 'Default Protections for Internet Explorer' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

SYSTEM AND INFORMATION INTEGRITY

18.9.25.4 (L1) Ensure 'Default Protections for Popular Software' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

SYSTEM AND INFORMATION INTEGRITY

18.9.27.1.1 (L1) Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.9.27.1.2 (L1) Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.9.27.2.1 (L1) Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.9.27.2.2 (L1) Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.9.27.3.1 (L1) Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.9.65.3.3.3 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled'CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.66.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.100.2 (L1) Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL

18.9.102.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.102.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.108.2.1 (L1) Ensure 'Configure Automatic Updates' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.9.108.2.2 (L1) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

19.6.6.1.1 (L2) Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled'CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

19.7.4.1 (L1) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

19.7.28.1 (L1) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, MEDIA PROTECTION

19.7.47.2.1 (L2) Ensure 'Prevent Codec Download' is set to 'Enabled'CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

81.37 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled'CIS Microsoft Intune for Windows 11 v4.0.0 L2Windows

CONFIGURATION MANAGEMENT