Item Search

NameAudit NamePluginCategory
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL

1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configuredCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL

2.1.1 Disable Bluetooth, if no paired devices existCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix
2.2.3 Restrict NTP server to loopback interfaceCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Ensure authentication is enabled in the sharded cluster - authenticationMechanismsCIS MongoDB 5 L2 OS Linux v1.2.0Unix

CONFIGURATION MANAGEMENT

2.3 Ensure authentication is enabled in the sharded cluster - clusterFileCIS MongoDB 5 L2 OS Linux v1.2.0Unix

CONFIGURATION MANAGEMENT

2.3.2 Secure screen saver corners - bottom right cornerCIS Apple OSX 10.10 Yosemite L2 v1.2.0Unix

ACCESS CONTROL

2.3.2 Secure screen saver corners - top right cornerCIS Apple OSX 10.10 Yosemite L2 v1.2.0Unix

ACCESS CONTROL

2.3.4 Set a screen corner to Start Screen SaverCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

ACCESS CONTROL

2.4.2 Disable Internet SharingCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

2.4.8 Disable File Sharing - AppleFileServerCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

2.5.1 Disable 'Wake for network access'CIS Apple OSX 10.10 Yosemite L2 v1.2.0Unix

ACCESS CONTROL

2.5.2 Disable sleeping the computer when connected to powerCIS Apple OSX 10.10 Yosemite L2 v1.2.0Unix

ACCESS CONTROL

2.6 Ensure that the User-ID service account does not have interactive logon rightsCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL

2.8.1 Time Machine Auto-BackupCIS Apple OSX 10.10 Yosemite L2 v1.2.0Unix

CONTINGENCY PLANNING

2.9 Pair the remote control infrared receiver if enabled - 'UIDFilter != none'CIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

ACCESS CONTROL

2.10 Enable Secure Keyboard Entry in terminal.appCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

3.3 Configure Security Auditing Flags - 'audit all failed events across all audit classes'CIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit successful/failed file attribute modification events'CIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit successful/failed login/logout events'CIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriatelyCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

3.5 Retain install.log for 365 or more daysCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

4.1 Ensure legacy TLS protocols are disabledCIS MongoDB 5 L2 OS Linux v1.2.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.2 Enable 'Show Wi-Fi status in menu bar'CIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

4.2 Ensure Weak Protocols are DisabledCIS MongoDB 5 L1 OS Linux v1.2.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.5 Ensure Encryption of Data at Rest - encryptionKeyFileCIS MongoDB 5 L2 OS Linux v1.2.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.5 Ensure ftp server is not runningCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

5.2.1 Configure account lockout thresholdCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

ACCESS CONTROL

5.2.5 Complex passwords must contain a Special CharacterCIS Apple OSX 10.10 Yosemite L1 v1.2.0Unix

IDENTIFICATION AND AUTHENTICATION

5.3 Ensure forwarding of decrypted content to WildFire is enabledCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

5.4 Ensure that new entries are appended to the end of the log fileCIS MongoDB 5 L2 OS Linux v1.2.0Unix

AUDIT AND ACCOUNTABILITY

5.17 Create specialized keychains for different purposesCIS Apple OSX 10.10 Yosemite L2 v1.2.0Unix
6.2 Ensure that operating system resource limits are set for MongoDBCIS MongoDB 5 L2 OS Linux v1.2.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

6.5 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the InternetCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

6.6 Ensure a Vulnerability Protection Profile is set to block attacks against critical and high vulnerabilities, and set to default on medium, low, and informational vulnerabilitiesCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

RISK ASSESSMENT

6.7 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing trafficCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

RISK ASSESSMENT

6.16 Ensure that a Zone Protection Profile with tuned Flood Protection settings enabled for all flood types is attached to all untrusted zonesCIS Palo Alto Firewall 10 v1.2.0 L2Palo_Alto

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

6.18 Ensure all zones have Zone Protection Profiles that drop specially crafted packetsCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.22 Ensure that 'Inline Cloud Analysis' on Vulnerability Protection profiles are enabled if 'Advanced Threat Prevention' is availableCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

RISK ASSESSMENT

6.23 Ensure that 'Cloud Inline Categorization' on URL Filtering profiles are enabled if 'Advanced Threat Prevention' is availableCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL, MEDIA PROTECTION

7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 10 v1.2.0 L2Palo_Alto

ACCESS CONTROL, MEDIA PROTECTION

7.1 Ensure appropriate key file permissions are set - CAFileCIS MongoDB 5 L1 OS Linux v1.2.0Unix

IDENTIFICATION AND AUTHENTICATION

7.2 Ensure appropriate database file permissions are setCIS MongoDB 5 L1 OS Linux v1.2.0Unix

ACCESS CONTROL

7.3 Ensure 'Security Policy' denying any/all traffic to/from IP addresses on Trusted Threat Intelligence Sources ExistsCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL, MEDIA PROTECTION

7.4 Ensure that logging is enabled on built-in default security policiesCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

SYSTEM AND INFORMATION INTEGRITY

8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSCIS Palo Alto Firewall 10 v1.2.0 L1Palo_Alto

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.2.1 Disconnect unauthorized devices - Floppy DevicesCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

MEDIA PROTECTION

8.4.14 Disable Shell ActionCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.18 Disable UnityCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT