Item Search

NameAudit NamePluginCategory
1.9 Ensure 'Maximum receive size: Connector level' is set to '25'CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.2.33 Ensure 'Deny log on locally' to include 'Guests, Enterprise Admins group, and Domain Admins group' (STIG MS only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL

5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

CONFIGURATION MANAGEMENT

5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

CONFIGURATION MANAGEMENT

5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

CONFIGURATION MANAGEMENT

18.3.3 Ensure 'Configure SMB v1 server' is set to 'Disabled'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

CONFIGURATION MANAGEMENT, RISK ASSESSMENT

18.9.11.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.17 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.19 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.19 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BLWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 11 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 11 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Enterprise v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.6 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

Access this computer from the networkMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

Account lockout durationMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

Account lockout thresholdMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

Adjust memory quotas for a processMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

Allow log on locallyMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

Always install with elevated privilegesMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

Apply UAC restrictions to local accounts on network logonMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

Audit Authentication Policy ChangeMSCT Windows Server 2012 R2 MS v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Computer Account ManagementMSCT Windows Server 2012 R2 MS v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit IPSec DriverMSCT Windows Server 2012 R2 MS v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Other System EventsMSCT Windows Server 2012 R2 MS v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Special LogonMSCT Windows Server 2012 R2 MS v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Shutdown: Clear virtual memory pagefileMSCT Windows Server 2012 R2 MS v1.0.0Windows

CONFIGURATION MANAGEMENT

System DEPMSCT Windows Server 2012 R2 MS v1.0.0Windows

CONFIGURATION MANAGEMENT

User Account Control: Admin Approval Mode for the Built-in Administrator accountMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

User Account Control: Behavior of the elevation prompt for administrators in Admin Approval ModeMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

User Account Control: Only elevate UIAccess applications that are installed in secure locationsMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

User Account Control: Run all administrators in Admin Approval ModeMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

Windows Firewall: Prohibit notificationsMSCT Windows Server 2012 R2 MS v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

WN12-CC-000139 - Windows 2012 R2 must include command line data in process creation events.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

AUDIT AND ACCOUNTABILITY