Item Search

NameAudit NamePluginCategory
1.2 (L1) Host hardware must enable UEFI Secure BootCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

SYSTEM AND SERVICES ACQUISITION

1.3 Ensure Password Complexity is set to 3CIS Check Point Firewall L1 v1.1.0CheckPoint

IDENTIFICATION AND AUTHENTICATION

1.3.1 Ensure 'Minimum Password Complexity' is enabledCIS Palo Alto Firewall 10 v1.3.0 L1Palo_Alto

IDENTIFICATION AND AUTHENTICATION

1.3.1 Ensure 'Minimum Password Complexity' is enabledCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

IDENTIFICATION AND AUTHENTICATION

1.5 (L1) Host integrated hardware management controller must be secureCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

CONFIGURATION MANAGEMENT, MAINTENANCE

2.3.5.3 Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only)CIS Microsoft Windows Server 2025 v2.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.6 (L1) Host must have reliable time synchronization sourcesCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

AUDIT AND ACCOUNTABILITY

3.1 Set a nondeterministic Shutdown command valueCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL

3.7 (L1) Host must automatically terminate idle DCUI sessionsCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

ACCESS CONTROL

3.12 (L1) Host must lock an account after a specified number of failed login attemptsCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

ACCESS CONTROL

4.3 (L1) Host must log sufficient information for eventsCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

AUDIT AND ACCOUNTABILITY

4.9 (L1) Host must transmit audit records to a remote log collectorCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

AUDIT AND ACCOUNTABILITY

5.2 (L1) Host must block network traffic by defaultCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

5.7 (L1) Host should reject MAC address changes on standard virtual switches and port groupsCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.5.5 (L1) Host SSH daemon, if enabled, must set a timeout count on idle sessionsCIS VMware ESXi 8.0 v1.2.0 L1 UnixUnix

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.6 (L1) Host SSH daemon, if enabled, must set a timeout interval on idle sessionsCIS VMware ESXi 8.0 v1.2.0 L1 UnixUnix

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.12 (L1) Host SSH daemon, if enabled, must not permit user environment settingsCIS VMware ESXi 8.0 v1.2.0 L1 UnixUnix

CONFIGURATION MANAGEMENT, MAINTENANCE

7.11 (L1) Virtual machines must remove unnecessary AHCI devicesCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

CONFIGURATION MANAGEMENT

7.18 (L1) Virtual machines must deactivate console copy operationsCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

CONFIGURATION MANAGEMENT

7.20 (L1) Virtual machines must limit access through the "dvfilter" network APICIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

7.21 (L1) Virtual machines must deactivate virtual disk shrinking operationsCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

7.22 (L1) Virtual machines must deactivate virtual disk wiping operationsCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

7.26 (L1) Virtual machines must limit the number of retained diagnostic logsCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

AUDIT AND ACCOUNTABILITY

7.28 (L1) Virtual machines must limit informational messages from the virtual machine to the VMX fileCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

AUDIT AND ACCOUNTABILITY

8.4.7 Disable Guest Host Interaction Protocol HandlerCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.5 (L1) VMware Tools must limit the automatic addition of featuresCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

CONFIGURATION MANAGEMENT

10.1 Ensure Web content directory is on a separate partition from the Tomcat system files - verify Web content directoryCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT, MAINTENANCE

10.12 Do not allow symbolic linkingCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

10.13 Do not run applications as privilegedCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL

18.9.30.2 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Windows 7 Workstation Level 1 v3.2.0Windows

CONFIGURATION MANAGEMENT

18.9.65.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.65.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.10.10.1.7 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 11 Enterprise v5.0.1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.3.4 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BLWindows

MEDIA PROTECTION

18.10.10.3.4 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BLWindows

MEDIA PROTECTION

18.10.10.3.4 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 11 Stand-alone v5.0.0 L2 BLWindows

MEDIA PROTECTION

18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Enterprise v4.0.0 BLWindows

MEDIA PROTECTION

18.10.10.3.5 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BLWindows

MEDIA PROTECTION

18.10.10.3.5 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 11 Enterprise v5.0.1 L2 BLWindows

MEDIA PROTECTION

18.10.10.3.5 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 11 Stand-alone v5.0.0 BLWindows

MEDIA PROTECTION

18.10.10.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v4.0.0 BLWindows

MEDIA PROTECTION

18.10.10.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

MEDIA PROTECTION

18.10.10.3.12 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BLWindows

MEDIA PROTECTION

18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'CIS Microsoft Windows Server 2016 v4.0.0 L2 MSWindows

CONFIGURATION MANAGEMENT

18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'CIS Microsoft Windows Server 2019 v4.0.0 L2 DCWindows

CONFIGURATION MANAGEMENT

18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Windows Server 2012 MS L2 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Microsoft Windows Server 2016 v4.0.0 L2 DCWindows

CONFIGURATION MANAGEMENT

18.10.57.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Microsoft Windows Server 2025 v2.0.0 L2 DCWindows

CONFIGURATION MANAGEMENT

18.10.57.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Microsoft Windows Server 2022 v5.0.0 L2 MSWindows

CONFIGURATION MANAGEMENT