Item Search

NameAudit NamePluginCategory
1.5.1 Ensure 'V3' is selected for SNMP pollingCIS Palo Alto Firewall 11 v1.2.0 L1Palo_Alto

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.7.1 Enabling Post-Quantum (PQ) on IKEv2 VPNsCIS Palo Alto Firewall 11 v1.2.0 L2Palo_Alto

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.5 Ensure proper SNMP configuration - 'community name private does not exist'CIS VMware ESXi 5.5 v1.2.0 Level 1VMware

IDENTIFICATION AND AUTHENTICATION

2.7 Remove expired or revoked SSL certificates from the ESXi serverCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
2.8 (L1) Host must require TPM-based configuration encryptionCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zonesCIS Palo Alto Firewall 11 v1.2.0 L1Palo_Alto

ACCESS CONTROL

3.1 Configure a centralized location to collect ESXi host core dumpsCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
3.2 Configure persistent logging for all ESXi hostCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

AUDIT AND ACCOUNTABILITY

3.3 (L1) Host must deactivate the ESXi Managed Object Browser (MOB)CIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

ACCESS CONTROL, MEDIA PROTECTION

3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriatelyCIS Palo Alto Firewall 11 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

3.8 (L1) Host must automatically terminate idle shellsCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

ACCESS CONTROL

3.10 (L1) Host must not suppress warnings that the shell is enabledCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

SYSTEM AND INFORMATION INTEGRITY

3.13 (L1) Host must unlock accounts after a specified timeout periodCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

ACCESS CONTROL

3.15 (L1) Host must be configured with an appropriate maximum password ageCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

IDENTIFICATION AND AUTHENTICATION

3.25 (L1) Host must display a login banner for SSH connectionsCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

CONFIGURATION MANAGEMENT, MAINTENANCE

3.26 (L1) Host must enable the highest version of TLS supportedCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1 Create a non-root user account for local admin accessCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
4.1 Ensure 'Antivirus Update Schedule' is set to download and install updates hourlyCIS Palo Alto Firewall 11 v1.2.0 L1Palo_Alto

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

4.4 (L1) Host must set the logging informational level to infoCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

AUDIT AND ACCOUNTABILITY

5.1 (L1) Host firewall must only allow traffic from authorized networksCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3 (L1) Host must restrict use of the dvFilter network APICIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

5.5 Enable lockdown mode to restrict remote accessCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
5.6 (L1) Host should reject forged transmits on standard virtual switches and port groupsCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.8 (L1) Host should reject promiscuous mode requests on standard virtual switches and port groupsCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.9 (L1) Host must restrict access to a default or native VLAN on standard virtual switchesCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.10 (L1) Host must restrict the use of Virtual Guest Tagging (VGT) on standard virtual switchesCIS VMware ESXi 8.0 v1.2.0 L1 VMwareVMware

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.1 Ensure that antivirus profiles are set to reset-both on all decoders except 'imap' and 'pop3'CIS Palo Alto Firewall 11 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threatsCIS Palo Alto Firewall 11 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

6.5.2 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated cryptographic modulesCIS VMware ESXi 8.0 v1.2.0 L1 UnixUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.5.3 (L1) Host SSH daemon, if enabled, must not allow use of gateway portsCIS VMware ESXi 8.0 v1.2.0 L1 UnixUnix

CONFIGURATION MANAGEMENT

6.5.8 (L1) Host SSH daemon, if enabled, must ignore .rhosts filesCIS VMware ESXi 8.0 v1.2.0 L1 UnixUnix

CONFIGURATION MANAGEMENT, MAINTENANCE

6.17 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actionsCIS Palo Alto Firewall 11 v1.2.0 L1Palo_Alto

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.18 Ensure all zones have Zone Protection Profiles that drop specially crafted packetsCIS Palo Alto Firewall 11 v1.2.0 L1Palo_Alto

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 11 v1.2.0 L2Palo_Alto

ACCESS CONTROL, MEDIA PROTECTION

7.1 Ensure that the vSwitch Forged Transmits policy is set to rejectCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

SYSTEM AND COMMUNICATIONS PROTECTION

7.5 Ensure that port groups are not configured to VLAN values reserved by upstream physical switchesCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
7.6 Ensure that port groups are not configured to VLAN 4095 except for Virtual Guest Tagging (VGT)CIS VMware ESXi 5.5 v1.2.0 Level 1VMware

CONFIGURATION MANAGEMENT

8.3.3 Use secure protocols for virtual serial port accessCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
8.4.2 Control VMsafe Agent AddressCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

SYSTEM AND INFORMATION INTEGRITY

8.4.8 Disable Unity TaskbarCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.10 Disable Unity Window ContentsCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.12 Disable Drag and Drop Version GetCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.15 Disable Request Disk TopologyCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.17 Disable Guest Host Interaction Tray IconCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.20 Disable GetCredsCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.27 Disable VM Console Paste operationsCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

CONFIGURATION MANAGEMENT

8.5.1 Prevent virtual machines from taking over resources - CPU Share LevelCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

SYSTEM AND COMMUNICATIONS PROTECTION

8.5.1 Prevent virtual machines from taking over resources - Num Mem SharesCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

SYSTEM AND COMMUNICATIONS PROTECTION

8.7.1 Disable VIX messages from the VMCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.7.3 Do not send host information to guestsCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

SYSTEM AND COMMUNICATIONS PROTECTION