Item Search

NameAudit NamePluginCategory
2.2.4 Ensure 'Maximum send size: Connector level' is set to '25'CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

7.11 Ensure AES 256/256 Cipher Suite is EnabledCIS IIS 10 v1.2.1 Level 1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.9 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.3 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.4 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.10 Ensure 'Configure minimum PIN length for startup' is set to 'Enabled: 7 or more characters'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

18.9.11.2.11 (BL) Ensure 'Configure minimum PIN length for startup' is set to 'Enabled: 7 or more characters'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

CONFIGURATION MANAGEMENT

18.9.11.2.15 Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.18 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.18 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.21 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.2.21 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.18 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL, MEDIA PROTECTION

18.9.11.3.18 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

ACCESS CONTROL, MEDIA PROTECTION

18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'CIS Microsoft Windows 11 Enterprise v3.0.0 BLWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'CIS Microsoft Windows 10 Enterprise v3.0.0 BLWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BLWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NGWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.13 (L1) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.8 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.8 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.8 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.8 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'CIS Microsoft Windows 11 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.8 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'CIS Microsoft Windows 10 Enterprise v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.8 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.8 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.8 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.9 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.9 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'CIS Microsoft Windows 11 Enterprise v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.9 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.9 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.9 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'CIS Microsoft Windows 10 Enterprise v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.9 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.9 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'CIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.9 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.9 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.9 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.3.13 (BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.3.13 (BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.3.13 (BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.3.13 (BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLockerWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.3.13 (BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BLWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.3.13 (L1) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

20.21 Ensure 'DoD Root Certificate Authority (CA) certificates' are installed in the 'Trusted Root Store'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

SYSTEM AND COMMUNICATIONS PROTECTION

CNTR-R2-000140 The Kubernetes API server must have the insecure bind address not set.DISA Rancher Government Solutions RKE2 STIG v2r2Unix

ACCESS CONTROL