Item Search

NameAudit NamePluginCategory
1.1 Verify all application software is currentCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

SYSTEM AND INFORMATION INTEGRITY

1.1.3 Ensure 'Enable Log on High DP Load' is enabledCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

AUDIT AND ACCOUNTABILITY

1.2 Enable Auto UpdateCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

SYSTEM AND INFORMATION INTEGRITY

1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL

1.2.3 Ensure HTTP and Telnet options are disabled for the management interfaceCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

CONFIGURATION MANAGEMENT

1.2.5 Ensure valid certificate is set for browser-based administrator interfaceCIS Palo Alto Firewall 10 v1.2.0 L2Palo_Alto

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 daysCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL

1.6.3 Ensure that the Certificate Securing Remote Access VPNs is ValidCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

CONFIGURATION MANAGEMENT

2.5 Ensure proper SNMP configuration - 'community name public does not exist'CIS VMware ESXi 5.5 v1.2.0 Level 1VMware

IDENTIFICATION AND AUTHENTICATION

2.6.6 Enable Location ServicesCIS Apple OSX 10.10 Yosemite L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

2.7 Ensure remote access capabilities for the User-ID service account are forbidden.CIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

3.1 Ensure a fully-synchronized High Availability peer is configuredCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

3.2 Configure persistent logging for all ESXi hostCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

AUDIT AND ACCOUNTABILITY

3.4 Enable remote logging for Desktops on trusted networksCIS Apple OSX 10.10 Yosemite L2 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

4.2 Establish a password policy for password complexityCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

IDENTIFICATION AND AUTHENTICATION

4.3 Use Active Directory for local user authentication - Enabled = 'true'CIS VMware ESXi 5.5 v1.2.0 Level 1VMware

IDENTIFICATION AND AUTHENTICATION

4.3 Use Active Directory for local user authentication - Review DomainCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

IDENTIFICATION AND AUTHENTICATION

4.5 Ensure Encryption of Data at Rest - enableEncryptionCIS MongoDB 5 L2 OS Linux v1.2.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

5.1 Ensure that system activity is auditedCIS MongoDB 5 L1 OS Linux v1.2.0Unix

AUDIT AND ACCOUNTABILITY

5.1 Use secure RealmsCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

ACCESS CONTROL

5.2 Ensure that audit filters are configured properlyCIS MongoDB 5 L2 OS Linux v1.2.0Unix

AUDIT AND ACCOUNTABILITY

5.3 Disable SSHCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

CONFIGURATION MANAGEMENT

5.3 Ensure that logging captures as much information as possibleCIS MongoDB 5 L2 OS Linux v1.2.0Unix

AUDIT AND ACCOUNTABILITY

5.5 Ensure alerts are enabled for malicious files detected by WildFireCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

5.5 Ensure login keychain is locked when the computer sleepsCIS Apple OSX 10.10 Yosemite L2 v1.2.0Unix

IDENTIFICATION AND AUTHENTICATION

5.6 Enable OCSP and CRL certificate checking - OCSPStyleCIS Apple OSX 10.10 Yosemite L2 v1.2.0Unix

IDENTIFICATION AND AUTHENTICATION

5.9 Set DCUI.Access to allow trusted users to override lockdown modeCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

ACCESS CONTROL

5.15 Disable Fast User SwitchingCIS Apple OSX 10.10 Yosemite L2 v1.2.0Unix

ACCESS CONTROL

6.2 Ensure a secure antivirus profile is applied to all relevant security policiesCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threatsCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in useCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

6.4 Zero out VMDK files prior to deletionCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

6.21 Ensure that 'Wildfire Inline ML' on antivirus profiles are set to enable for all file typesCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

6.24 Ensure that 'Inline Cloud Analysis' on Anti-Spyware profiles are enabled if 'Advanced Threat Prevention' is availableCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

6.25 Ensure that 'DNS Policies' is configured on Anti-Spyware profiles if 'DNS Security' license is availableCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

7.1 Application specific loggingCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.1 Ensure appropriate key file permissions are set - keyFileCIS MongoDB 5 L1 OS Linux v1.2.0Unix

IDENTIFICATION AND AUTHENTICATION

7.2 Ensure 'Service setting of ANY' in a security policy allowing traffic does not existCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL, MEDIA PROTECTION

7.3 Ensure className is set correctly in context.xmlCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.4 Ensure that port groups are not configured to the value of the native VLANCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
8.1.1 Limit informational messages from the VM to the VMX fileCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

AUDIT AND ACCOUNTABILITY

8.3.4 Use templates to deploy VMs whenever possibleCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
8.4.4 Control VMsafe Agent ConfigurationCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

SYSTEM AND INFORMATION INTEGRITY

8.4.5 Disable AutologonCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

ACCESS CONTROL

8.4.7 Disable Guest Host Interaction Protocol HandlerCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.11 Disable Unity Push UpdateCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.17 Disable Guest Host Interaction Tray IconCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.26 Disable VM Console GUI OptionsCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

CONFIGURATION MANAGEMENT

8.6.1 Avoid using nonpersistent disksCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

AUDIT AND ACCOUNTABILITY

9.3 Disable deploy on startup of applicationsCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT