Item Search

NameAudit NamePluginCategory
2.2.2 Ensure 'Maximum send size: Organization level' is set to '25'CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.2.3 Ensure 'Maximum receive size: Organization level' is set to '25'CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.2.5 Ensure 'Maximum receive size: Connector level' is set to '25'CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

CONFIGURATION MANAGEMENT

7.10 Ensure RC4 Cipher Suites is disabled - RC4 64/128CIS IIS 7 L1 v1.8.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.1.7 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.17 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.19 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.19 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

ACCESS CONTROL, CONTINGENCY PLANNING

18.9.11.3.7 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.39.2 (L2) Ensure 'Turn off location' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L2Windows

CONFIGURATION MANAGEMENT

18.9.59.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

IDENTIFICATION AND AUTHENTICATION

18.9.65.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 BLWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BLWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.1 (L1) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 11 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 11 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.5 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 11 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Enterprise v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.6 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

20.68 Ensure 'Unified Extensible Firmware Interface (UEFI) firmware must be configured and run in UEFI mode, not Legacy BIOS' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

WN12-00-000100 - The Windows 2012 / 2012 R2 system must use an anti-virus program.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

CONFIGURATION MANAGEMENT