Item Search

NameAudit NamePluginCategory
1.9 Ensure 'Maximum receive size: Connector level' is set to '25'CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

1.18 Set 'Maximum receive size - connector level' to '10240'CIS Microsoft Exchange Server 2013 Hub v1.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.2.3 Ensure 'Maximum receive size: Organization level' is set to '25'CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.2.33 Ensure 'Deny log on locally' to include 'Guests, Enterprise Admins group, and Domain Admins group' (STIG MS only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL

2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

CONFIGURATION MANAGEMENT

5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

CONFIGURATION MANAGEMENT

5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

CONFIGURATION MANAGEMENT

7.10 Ensure RC4 Cipher Suites is disabled - RC4 56/128CIS IIS 7 L1 v1.8.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

7.10 Ensure RC4 Cipher Suites is disabled - RC4 64/128CIS IIS 7 L1 v1.8.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

7.10 Ensure RC4 Cipher Suites is disabled - RC4 128/128CIS IIS 7 L1 v1.8.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

7.13 Ensure AES 256/256 Cipher Suite is enabled - EnabledCIS IIS 7 L1 v1.8.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.2 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.2 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows Server 2022 v4.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Windows 7 Workstation Bitlocker v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.17 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.59.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

IDENTIFICATION AND AUTHENTICATION

18.9.65.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

18.9.65.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.4 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 11 Stand-alone v4.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Enterprise v4.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

CNTR-R2-000120 - The Kubernetes API server must have the insecure port flag disabled.DISA Rancher Government Solutions RKE2 STIG v2r3Unix

ACCESS CONTROL

Turn on Windows Defender protection against Potentially Unwanted ApplicationsMSCT Windows 10 1803 v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

User Account Control: Admin Approval Mode for the Built-in Administrator accountMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

User Account Control: Behavior of the elevation prompt for administrators in Admin Approval ModeMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

User Account Control: Only elevate UIAccess applications that are installed in secure locationsMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

User Account Control: Run all administrators in Admin Approval ModeMSCT Windows Server 2012 R2 MS v1.0.0Windows

ACCESS CONTROL

Windows Firewall: Prohibit notificationsMSCT Windows Server 2012 R2 MS v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

WN12-00-000100 - The Windows 2012 / 2012 R2 system must use an anti-virus program.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000139 - Windows 2012 R2 must include command line data in process creation events.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-SO-000042 - IPSec Exemptions must be limited.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

CONFIGURATION MANAGEMENT