Item Search

NameAudit NamePluginCategory
1.9 Ensure 'Maximum receive size: Connector level' is set to '25'CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.2.30 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

ACCESS CONTROL

2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (STIG DC & MS only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL

2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

CONFIGURATION MANAGEMENT

7.10 Ensure RC4 Cipher Suites is disabled - RC4 56/128CIS IIS 7 L1 v1.8.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

7.10 Ensure RC4 Cipher Suites is disabled - RC4 128/128CIS IIS 7 L1 v1.8.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

7.13 Ensure AES 256/256 Cipher Suite is enabled - EnabledCIS IIS 7 L1 v1.8.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.2 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Windows 7 Workstation Bitlocker v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.17 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.19 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.19 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BLWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.4 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.6 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

Interactive logon: Do not display last user nameMSCT Windows Server 2012 R2 MS v1.0.0Windows

CONFIGURATION MANAGEMENT

Load and unload device driversMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

Microsoft network client: Digitally sign communications (if server agrees)MSCT Windows Server 2012 R2 MS v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Microsoft network client: Send unencrypted password to third-party SMB servers - EnablePlainTextPasswordMSCT Windows Server 2012 R2 MS v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

Microsoft network server: Digitally sign communications (if client agrees)MSCT Windows Server 2012 R2 MS v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Minimum password ageMSCT Windows Server 2012 R2 MS v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Network access: Remotely accessible registry paths and subpathsMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

Network security: LDAP client signing requirementsMSCT Windows Server 2012 R2 MS v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Prevent enabling lock screen slide showMSCT Windows Server 2012 R2 MS v1.0.0Windows

CONFIGURATION MANAGEMENT

Recovery console: Allow automatic administrative logonMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

Shutdown: Clear virtual memory pagefileMSCT Windows Server 2012 R2 MS v1.0.0Windows

CONFIGURATION MANAGEMENT

System DEPMSCT Windows Server 2012 R2 MS v1.0.0Windows

CONFIGURATION MANAGEMENT

User Account Control: Admin Approval Mode for the Built-in Administrator accountMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

User Account Control: Behavior of the elevation prompt for administrators in Admin Approval ModeMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

User Account Control: Only elevate UIAccess applications that are installed in secure locationsMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

User Account Control: Run all administrators in Admin Approval ModeMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

Windows Firewall: Prohibit notificationsMSCT Windows Server 2012 R2 MS v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

WN12-00-000100 - The Windows 2012 / 2012 R2 system must use an anti-virus program.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

CONFIGURATION MANAGEMENT