Item Search

Name	Audit Name	Plugin	Category
18.9.11.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v3.0.0 BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.9.2.1 (L1) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	IDENTIFICATION AND AUTHENTICATION
18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.5 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Stand-alone v3.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'	CIS Microsoft Windows 11 Stand-alone v3.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
Accounts: Guest account status	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
Audit Security State Change	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	AUDIT AND ACCOUNTABILITY
Create permanent shared objects	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
Create Symbolic Links	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
Default Protections for Popular Software - 7zFM	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	CONFIGURATION MANAGEMENT
Default Protections for Popular Software - RealConverter	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	CONFIGURATION MANAGEMENT
Default Protections for Popular Software - VLC	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	CONFIGURATION MANAGEMENT
Default Protections for Popular Software - WinRARGUI	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	CONFIGURATION MANAGEMENT
Default Protections for Recommended Software - Acrobat	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	CONFIGURATION MANAGEMENT
Default Protections for Recommended Software - AcrobatReader	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	CONFIGURATION MANAGEMENT
Default Protections for Recommended Software - InfoPath	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	CONFIGURATION MANAGEMENT
Default Protections for Recommended Software - Outlook	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	CONFIGURATION MANAGEMENT
Default Protections for Recommended Software - PowerPoint	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	CONFIGURATION MANAGEMENT
Default Protections for Recommended Software - Visio	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	CONFIGURATION MANAGEMENT
Deny log on as a batch job	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
Deny log on locally	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
Devices: Allowed to format and eject removable media	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	MEDIA PROTECTION
Devices: Prevent users from installing printer drivers	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
Domain member: Maximum machine account password age	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Force specific screen saver	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL, CONFIGURATION MANAGEMENT
Generate security audits	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
Interactive logon: Do not require CTRL+ALT+DEL	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	CONFIGURATION MANAGEMENT
Interactive logon: Machine account lockout threshold	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
Interactive logon: Number of previous logons to cache (in case domain controller is not available)	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Interactive logon: Prompt user to change password before expiration	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Maximum password age	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Network access: Allow anonymous SID/Name translation	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
Network access: Sharing and security model for local accounts	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	CONFIGURATION MANAGEMENT
Network security: Do not store LAN Manager hash value on next password change	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Profile system performance	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
Shutdown: Allow system to be shut down without having to log on	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	ACCESS CONTROL
System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	CONFIGURATION MANAGEMENT
System SEHOP	MSCT Windows Server 2012 R2 MS v1.0.0	Windows	CONFIGURATION MANAGEMENT
WN12-00-000100 - The Windows 2012 / 2012 R2 system must use an anti-virus program.	DISA Windows Server 2012 and 2012 R2 DC STIG v3r7	Windows	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search