Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1 Remove extraneous files and directories - /webapps/docsCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

2.2 Configure the ESXi host firewall to restrict access to services running on the hostCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

ACCESS CONTROL

2.2 Ensure that MongoDB does not bypass authentication via the localhost exceptionCIS MongoDB 5 L1 OS Linux v1.2.0Unix

IDENTIFICATION AND AUTHENTICATION

2.3 Ensure authentication is enabled in the sharded cluster - CAFileCIS MongoDB 5 L2 OS Linux v1.2.0Unix

CONFIGURATION MANAGEMENT

2.3 Ensure authentication is enabled in the sharded cluster - PEMKeyFileCIS MongoDB 5 L2 OS Linux v1.2.0Unix

CONFIGURATION MANAGEMENT

2.6 Prevent unintended use of dvfilter network APIsCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

ACCESS CONTROL

2.7 Remove expired or revoked SSL certificates from the ESXi serverCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
2.7.3 iCloud DriveCIS Apple OSX 10.10 Yosemite L2 v1.2.0Unix
3.2 Disable the Shutdown portCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3 Configure remote logging for ESXi hostsCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

AUDIT AND ACCOUNTABILITY

3.3 Ensure that MongoDB is run using a non-privileged, dedicated service accountCIS MongoDB 5 L1 OS Linux v1.2.0Unix

ACCESS CONTROL

4.1 Create a non-root user account for local admin accessCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
4.7 Restrict access to Tomcat web application directoryCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

5.2 Disable ESXi Shell unless needed for diagnostics or troubleshootingCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

CONFIGURATION MANAGEMENT

5.8 Set a timeout for Shell ServicesCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

ACCESS CONTROL

6.1 Enable bidirectional CHAP authentication for iSCSI traffic.CIS VMware ESXi 5.5 v1.2.0 Level 1VMware

IDENTIFICATION AND AUTHENTICATION

6.2 Ensure uniqueness of CHAP authentication secretsCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web applicationCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in defaultCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.3 Ensure that the vSwitch Promiscuous Mode policy is set to rejectCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure directory in context.xml is a secure location - configurationCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.2.3 Disconnect unauthorized devices - Parallel DevicesCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.2.5 Disconnect unauthorized devices - USB DevicesCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

MEDIA PROTECTION

8.2.7 Prevent unauthorized connection of devices.CIS VMware ESXi 5.5 v1.2.0 Level 1VMware

ACCESS CONTROL

8.3.3 Use secure protocols for virtual serial port accessCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
8.4.16 Disable Trash Folder StateCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.20 Disable GetCredsCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.22 Disable Guest Host Interaction Launch MenuCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.23 Disable memSchedFakeSampleStatsCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.24 Disable VM Console Copy operationsCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

CONFIGURATION MANAGEMENT

8.5.1 Prevent virtual machines from taking over resources - Mem Share LevelCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

SYSTEM AND COMMUNICATIONS PROTECTION

8.5.1 Prevent virtual machines from taking over resources - Num Mem SharesCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

SYSTEM AND COMMUNICATIONS PROTECTION

9.1 Starting Tomcat with Security ManagerCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

9.2 Disabling auto deployment of applicationsCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

10.15 Do not resolve hosts on logging valvesCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

SYSTEM AND INFORMATION INTEGRITY

10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - context.xmlCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

18.10.9.3.15 (L1) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

MEDIA PROTECTION

18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 10 Enterprise v4.0.0 BLWindows

MEDIA PROTECTION

18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

MEDIA PROTECTION

18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

MEDIA PROTECTION

18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Stand-alone v4.0.0 BLWindows

MEDIA PROTECTION

18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BLWindows

MEDIA PROTECTION

18.10.10.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v4.0.0 BLWindows

MEDIA PROTECTION

18.10.10.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 11 Enterprise v4.0.0 BitLockerWindows

MEDIA PROTECTION

18.10.10.3.15 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

MEDIA PROTECTION

18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'CIS Microsoft Windows Server 2025 v1.0.0 L2 DCWindows

CONFIGURATION MANAGEMENT

18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'CIS Microsoft Windows Server 2019 v4.0.0 L2 DCWindows

CONFIGURATION MANAGEMENT

18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L2 MSWindows

CONFIGURATION MANAGEMENT

18.10.37.2 (L2) Ensure 'Turn off location' is set to 'Enabled'CIS Windows Server 2012 R2 DC L2 v3.0.0Windows

CONFIGURATION MANAGEMENT