Item Search

NameAudit NamePluginCategory
2.2.8 Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators' (DC only)CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL

2.2.9 Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users' (MS only) - Administrators, Remote Desktop UsersCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL

2.2.27 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL

2.2.30 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL

2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

ACCESS CONTROL

2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL

2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

ACCESS CONTROL

2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (STIG DC & MS only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

CONFIGURATION MANAGEMENT

6.1 Ensure Database and Application User Input is SanitizedCIS SQL Server 2008 R2 DB Engine L1 v1.7.0MS_SQLDB

SYSTEM AND INFORMATION INTEGRITY

7.10 Ensure RC4 Cipher Suites is disabled - RC4 40/128CIS IIS 7 L1 v1.8.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

7.13 Ensure AES 256/256 Cipher Suite is enabledCIS IIS 8.0 v1.5.1 Level 1Windows
7.13 Ensure AES 256/256 Cipher Suite is enabled - EnabledCIS IIS 8.0 v1.5.1 Level 1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.6.8.7 (L1) Ensure 'Require Encryption' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.1.7 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.7 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'CIS Windows 7 Workstation Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.7 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.39.2 (L2) Ensure 'Turn off location' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L2 BitlockerWindows

CONFIGURATION MANAGEMENT

18.9.59.3.2.1 Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'CIS Windows 7 Workstation Level 2 v3.2.0Windows

CONFIGURATION MANAGEMENT

18.9.59.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

IDENTIFICATION AND AUTHENTICATION

18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

18.9.65.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 BLWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

IDENTIFICATION AND AUTHENTICATION

18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.16 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'CIS Microsoft Windows 11 Stand-alone v3.0.0 BLWindows

IDENTIFICATION AND AUTHENTICATION

18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLockerWindows

IDENTIFICATION AND AUTHENTICATION

18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 11 Enterprise v4.0.0 BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.56.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

CONFIGURATION MANAGEMENT

18.10.56.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

CONFIGURATION MANAGEMENT

18.10.56.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

18.10.56.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'CIS Windows Server 2012 R2 MS L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

19.1.3.3 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'CIS Windows Server 2012 MS L1 v3.0.0Windows

ACCESS CONTROL

19.1.3.3 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'CIS Windows Server 2012 R2 DC L1 v3.0.0Windows

ACCESS CONTROL

19.1.3.3 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

19.1.3.3 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'CIS Windows Server 2012 R2 MS L1 v3.0.0Windows

ACCESS CONTROL

19.1.3.4 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL

19.1.3.4 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1Windows

ACCESS CONTROL

20.21 Ensure 'DoD Root Certificate Authority (CA) certificates' are installed in the 'Trusted Root Store'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

SYSTEM AND COMMUNICATIONS PROTECTION

JBOS-AS-000080 - The JBoss server must generate log records for access and authentication events to the management interface.DISA JBoss EAP 6.3 STIG v2r5Unix

AUDIT AND ACCOUNTABILITY