Item Search

Name	Audit Name	Plugin	Category
1.9 Ensure 'Maximum receive size: Connector level' is set to '25'	CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
1.18 Set 'Maximum receive size - connector level' to '10240'	CIS Microsoft Exchange Server 2013 Hub v1.1.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
2.2.3 Ensure 'Maximum receive size: Organization level' is set to '25'	CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
2.2.33 Ensure 'Deny log on locally' to include 'Guests, Enterprise Admins group, and Domain Admins group' (STIG MS only)	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS	Windows	ACCESS CONTROL
2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	CONFIGURATION MANAGEMENT
5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed'	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS	Windows	CONFIGURATION MANAGEMENT
5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed' (STIG only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS	Windows	CONFIGURATION MANAGEMENT
7.10 Ensure RC4 Cipher Suites is disabled - RC4 56/128	CIS IIS 7 L1 v1.8.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
7.10 Ensure RC4 Cipher Suites is disabled - RC4 64/128	CIS IIS 7 L1 v1.8.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
7.10 Ensure RC4 Cipher Suites is disabled - RC4 128/128	CIS IIS 7 L1 v1.8.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
7.13 Ensure AES 256/256 Cipher Suite is enabled - Enabled	CIS IIS 7 L1 v1.8.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.6.8.2 (L1) Ensure 'Require Encryption' is set to 'Enabled'	CIS Microsoft Windows Server 2022 v4.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.6.8.2 (L1) Ensure 'Require Encryption' is set to 'Enabled'	CIS Microsoft Windows Server 2022 v4.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	CIS Windows 7 Workstation Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.2.17 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.59.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	IDENTIFICATION AND AUTHENTICATION
18.9.65.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.9.65.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.9.2.4 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 11 Stand-alone v4.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS	Windows	SYSTEM AND INFORMATION INTEGRITY
20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC	Windows	SYSTEM AND INFORMATION INTEGRITY
20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS	Windows	SYSTEM AND INFORMATION INTEGRITY
20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC	Windows	SYSTEM AND INFORMATION INTEGRITY
20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS' (STIG only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS	Windows	SYSTEM AND INFORMATION INTEGRITY
20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS' (STIG only)	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC	Windows	SYSTEM AND INFORMATION INTEGRITY
CNTR-R2-000120 - The Kubernetes API server must have the insecure port flag disabled.	DISA Rancher Government Solutions RKE2 STIG v2r3	Unix	ACCESS CONTROL
Turn on Windows Defender protection against Potentially Unwanted Applications	MSCT Windows 10 1803 v1.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
User Account Control: Admin Approval Mode for the Built-in Administrator account	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
User Account Control: Only elevate UIAccess applications that are installed in secure locations	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
User Account Control: Run all administrators in Admin Approval Mode	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
Windows Firewall: Prohibit notifications	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
WN12-00-000100 - The Windows 2012 / 2012 R2 system must use an anti-virus program.	DISA Windows Server 2012 and 2012 R2 DC STIG v3r7	Windows	CONFIGURATION MANAGEMENT
WN12-CC-000139 - Windows 2012 R2 must include command line data in process creation events.	DISA Windows Server 2012 and 2012 R2 DC STIG v3r7	Windows	AUDIT AND ACCOUNTABILITY
WN12-SO-000042 - IPSec Exemptions must be limited.	DISA Windows Server 2012 and 2012 R2 DC STIG v3r7	Windows	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search