Item Search

NameAudit NamePluginCategory
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.1.3 Ensure mounting of udf filesystems is disabled - lsmodCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.13 Ensure nodev option set on /var/tmp partitionCIS SUSE Linux Enterprise 15 Server L1 v1.1.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.20 Ensure nodev option set on removable media partitionsCIS SUSE Linux Enterprise 15 Server L1 v1.1.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.2.13 Ensure that the admission control plugin NamespaceLifecycle is setCIS RedHat OpenShift Container Platform v1.6.0 L1OpenShift

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.1 Ensure bootloader password is setCIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.1 Ensure core dumps are restricted - systemd-coredump StorageCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restrictedCIS SUSE Linux Enterprise 15 Server L1 v1.1.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.7.2 Ensure local login warning banner is configured properly - banner textCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.7.4 Ensure remote login warning banner is configured properly - mrsvCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.8.1.1 Ensure message of the day is configured properlyCIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.8.1.3 Ensure remote login warning banner is configured properlyCIS SUSE Linux Enterprise 15 Server L1 v1.1.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.8.3 Ensure last logged in user display is disabled - disable user listCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.8.3 Ensure last logged in user display is disabled - file-dbCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.8.3 Ensure last logged in user display is disabled - system-db:gdmCIS Red Hat 6 Server L1 v3.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only)CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4.2 Ensure requests for unknown host names are rejectedCIS NGINX Benchmark v2.1.0 L1 ProxyUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.15 Ensure 'AUTO_CLOSE' is set to 'OFF' on contained databasesCIS Microsoft SQL Server 2019 v1.4.0 L1 AWS RDSMS_SQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.1 Ensure IP forwarding is disabledCIS SUSE Linux Enterprise 15 Server L1 v1.1.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.3.3 Ensure secure ICMP redirects are not acceptedCIS SUSE Linux Enterprise 15 Server L1 v1.1.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.3.5 Ensure broadcast ICMP requests are ignoredCIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.3.9 Ensure IPv6 router advertisements are not acceptedCIS SUSE Linux Enterprise 15 Server L1 v1.1.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.5.1.2 Ensure password expiration is 365 days or lessCIS Rocky Linux 8 Workstation L1 v2.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.5.1.3 Ensure password expiration warning days is 7 or moreCIS Rocky Linux 8 Workstation L1 v2.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.5.2.1 Ensure default group for the root account is GID 0CIS Rocky Linux 8 Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.5.2.1 Ensure default group for the root account is GID 0CIS Rocky Linux 8 Workstation L1 v2.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.5.2.1 Ensure default group for the root account is GID 0CIS Oracle Linux 8 Workstation L1 v3.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.1 Ensure sudo is installedCIS Red Hat 6 Workstation L1 v3.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.4.11 Ensure cryptographic mechanisms are used to protect the integrity of audit toolsCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.8 Ensure SSH IgnoreRhosts is enabledCIS SUSE Linux Enterprise 15 Server L1 v1.1.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.18 Ensure SSH warning banner is configuredCIS SUSE Linux Enterprise 15 Server L1 v1.1.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.3.2.2 Ensure pam_faillock module is enabledCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.3.2.2 Ensure pam_faillock module is enabledCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.3.16 Ensure only strong Key Exchange algorithms are used - sshd_configCIS Red Hat 6 Workstation L1 v3.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.3.20 Ensure SSH PAM is enabled - sshd_configCIS Red Hat 6 Server L1 v3.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.3.23 Ensure SSH MaxSessions is limited - sshd_configCIS Red Hat 6 Workstation L1 v3.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.4.1.3 Ensure password expiration warning days is configuredCIS Red Hat Enterprise Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.4.1.3 Ensure password expiration warning days is configuredCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.5.1.2 Ensure minimum days between password changes is configured - /etc/shadowCIS Red Hat 6 Workstation L1 v3.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.1.10 Ensure no ungrouped files or directories existCIS SUSE Linux Enterprise 15 Server L1 v1.1.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.2 Set EEPROM Security Mode and Log Failed Access (SPARC)CIS Oracle Solaris 11.4 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.2.9 Ensure no users have .forward filesCIS SUSE Linux Enterprise 15 Server L1 v1.1.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.2.20 Ensure shadow group is empty - /etc/passwdCIS Red Hat 6 Server L1 v3.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.15 Secure the GRUB Menu (Intel)CIS Oracle Solaris 11.4 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

8.1 Create Warnings for Standard Login ServicesCIS Oracle Solaris 11.4 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

8.3.2 (L1) Ensure use of the VM console is limitedCIS VMware ESXi 7.0 v1.4.0 L1VMware

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

8.5 Check that the Banner Setting for telnet is NullCIS Oracle Solaris 11.4 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

8.6.3 (L1) Ensure virtual disk wiping is disabledCIS VMware ESXi 7.0 v1.4.0 L1VMware

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

18.5.4 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

18.9.19.3 Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION