Item Search

Name	Audit Name	Plugin	Category
1.1 Remove extraneous files and directories - /webapps/docs	CIS Apache Tomcat 9 L2 v1.2.0 Middleware	Unix	CONFIGURATION MANAGEMENT
2.2 Configure the ESXi host firewall to restrict access to services running on the host	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	ACCESS CONTROL
2.2.29 Ensure 'Deny log on locally' to include 'Guests, Enterprise Admins group, and Domain Admins group' (STIG MS only)	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL
2.2.33 Ensure 'Deny log on locally' to include 'Guests, Enterprise Admins group, and Domain Admins group' (STIG MS only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS	Windows	ACCESS CONTROL
2.6 Prevent unintended use of dvfilter network APIs	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	ACCESS CONTROL
2.7 Remove expired or revoked SSL certificates from the ESXi server	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware
3.1 Ensure detailed logging is enabled	CIS NGINX Benchmark v2.1.0 L1 Proxy	Unix	AUDIT AND ACCOUNTABILITY
3.2 Disable the Shutdown port	CIS Apache Tomcat 9 L2 v1.2.0 Middleware	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
3.3 Configure remote logging for ESXi hosts	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	AUDIT AND ACCOUNTABILITY
4.1 Create a non-root user account for local admin access	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware
4.7 Restrict access to Tomcat web application directory	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	ACCESS CONTROL, MEDIA PROTECTION
5.2 Disable ESXi Shell unless needed for diagnostics or troubleshooting	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	CONFIGURATION MANAGEMENT
5.8 Set a timeout for Shell Services	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	ACCESS CONTROL
6.1 Enable bidirectional CHAP authentication for iSCSI traffic.	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	IDENTIFICATION AND AUTHENTICATION
6.2 Ensure uniqueness of CHAP authentication secrets	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware
7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	AUDIT AND ACCOUNTABILITY
7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	AUDIT AND ACCOUNTABILITY
7.3 Ensure that the vSwitch Promiscuous Mode policy is set to reject	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	SYSTEM AND COMMUNICATIONS PROTECTION
7.4 Ensure directory in context.xml is a secure location - configuration	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	ACCESS CONTROL, MEDIA PROTECTION
8.2.3 Disconnect unauthorized devices - Parallel Devices	CIS VMware ESXi 5.5 v1.2.0 Level 2	VMware	CONFIGURATION MANAGEMENT
8.2.7 Prevent unauthorized connection of devices.	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	ACCESS CONTROL
8.3.3 Use secure protocols for virtual serial port access	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware
8.4.24 Disable VM Console Copy operations	CIS VMware ESXi 5.5 v1.2.0 Level 1	VMware	CONFIGURATION MANAGEMENT
9.1 Starting Tomcat with Security Manager	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	CONFIGURATION MANAGEMENT
9.2 Disabling auto deployment of applications	CIS Apache Tomcat 9 L2 v1.2.0 Middleware	Unix	CONFIGURATION MANAGEMENT
10.15 Do not resolve hosts on logging valves	CIS Apache Tomcat 9 L2 v1.2.0 Middleware	Unix	SYSTEM AND INFORMATION INTEGRITY
10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - context.xml	CIS Apache Tomcat 9 L1 v1.2.0 Middleware	Unix	AUDIT AND ACCOUNTABILITY
17.7.3 Ensure 'Audit Audit Policy Change' is set to include 'Success and Failure' (STIG only)	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS	Windows	AUDIT AND ACCOUNTABILITY
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Microsoft Windows 11 Enterprise v4.0.0 L2	Windows	CONFIGURATION MANAGEMENT
18.10.9.1.3 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.1.3 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.1.3 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Microsoft Windows 10 Stand-alone v3.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.1.11 (BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.9.1.11 (BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.9.1.11 (BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.9.1.11 (BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.9.1.11 (BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.9.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL	Windows	ACCESS CONTROL
18.10.9.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL	Windows	ACCESS CONTROL
18.10.9.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG	Windows	ACCESS CONTROL
18.10.9.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG	Windows	ACCESS CONTROL
18.10.9.3.3 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG	Windows	MEDIA PROTECTION
18.10.9.3.3 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG	Windows	MEDIA PROTECTION
18.10.9.3.3 (L1) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	MEDIA PROTECTION
18.10.9.3.11 (BL) Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.36.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG	Windows	CONFIGURATION MANAGEMENT
18.10.36.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + NG	Windows	CONFIGURATION MANAGEMENT
18.10.36.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT
18.10.36.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NG	Windows	CONFIGURATION MANAGEMENT
18.10.36.1 (L2) Ensure 'Turn off location' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v3.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search