1.1 Remove extraneous files and directories - /webapps/docs | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only) | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.9 Pair the remote control infrared receiver if enabled - 'UIDFilter != none' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
3.2 Disable the Shutdown port | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.3 Configure Security Auditing Flags - 'audit all failed events across all audit classes' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.3 Configure Security Auditing Flags - 'audit successful/failed file attribute modification events' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.3 Configure Security Auditing Flags - 'audit successful/failed login/logout events' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.5 Retain install.log for 365 or more days | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.2 Enable 'Show Wi-Fi status in menu bar' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
4.5 Ensure ftp server is not running | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.2.1 Configure account lockout threshold | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
5.2.5 Complex passwords must contain a Special Character | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
5.2.6 Complex passwords must contain uppercase and lowercase letters | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | |
5.2.8 Password History | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
5.7 Do not enable the 'root' account | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
5.36 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
5.37 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
6.1.2 Disable 'Show password hints' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
6.1.4 Disable 'Allow guests to connect to shared folders' - SMB Sharing | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
7.4 Ensure directory in context.xml is a secure location - configuration | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
9.1 Starting Tomcat with Security Manager | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
9.2 Disabling auto deployment of applications | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
10.15 Do not resolve hosts on logging valves | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - context.xml | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
18.10.9.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | ACCESS CONTROL |
18.10.9.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL | Windows | ACCESS CONTROL |
18.10.10.2.11 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL |
18.10.10.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | ACCESS CONTROL |
18.10.10.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | ACCESS CONTROL |
18.10.36.1 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
CIS Control 12 (12.4(b)) Deny Communications Over Unauthorized Ports | CAS Implementation Group 1 Audit File | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
CIS Control 13 (13.1) Maintain an Inventory of Sensitive Information | CAS Implementation Group 1 Audit File | Unix | CONFIGURATION MANAGEMENT |
CIS_Fedora_28_Family_Linux_Server_L1_v1.0.0.audit from CIS Fedora 19 Family Linux Benchmark v1.0.0 | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | |
CIS_Microsoft_Exchange_Server_2016_Level_1_Hub_v1.0.0.audit from CIS Microsoft Exchange Server 2016 v1.0.0 Benchmark | CIS Microsoft Exchange Server 2016 Hub v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
CIS_Microsoft_Office_Access_2013_v1.0.1_Level_1.audit from CIS Microsoft Office Access 2013 Benchmark v1.0.1 | CIS Microsoft Office Access 2013 v1.0.1 | Windows | |
CIS_Microsoft_Office_Access_2016_v1.0.1_Level_1.audit from CIS Microsoft Office Access 2016 Benchmark v1.0.1 | CIS Microsoft Office Access 2016 v1.0.1 | Windows | |
CIS_Microsoft_Office_Outlook_2013_v1.1.0_Level_1.audit from CIS Microsoft Office Outlook 2013 Benchmark v1.1.0 | CIS Microsoft Office Outlook 2013 v1.1.0 Level 1 | Windows | |
CIS_Microsoft_Office_Outlook_2016_v1.0.1_Level_1.audit from CIS Microsoft Office Outlook 2016 Benchmark v1.0.1 | CIS Microsoft Office Outlook 2016 v1.1.0 Level 1 | Windows | |
CIS_Microsoft_Office_PowerPoint_2013_v1.0.1_Level_1.audit from CIS Microsoft Office PowerPoint 2013 Benchmark v1.0.1 | CIS Microsoft Office PowerPoint 2013 v1.0.1 | Windows | |
CIS_Mozilla_Firefox_ESR_GPO_v1.0.0_L1.audit from CIS Mozilla Firefox ESR GPO Benchmark v1.0.0 | CIS Mozilla Firefox ESR GPO v1.0.0 L1 | Windows | |
CIS_MySQL_5.6_Community_Benchmark_v2.0.0_OS_MS_L1.audit from CIS Oracle MySQL 5.6 Community Edition Benchmark | CIS MySQL 5.6 Community Windows OS L2 v2.0.0 | Windows | |
CIS_MySQL_5.6_Community_Benchmark_v2.0.0_OS_UNIX_L1.audit from CIS Oracle MySQL 5.6 Community Edition Benchmark | CIS MySQL 5.6 Community Linux OS L1 v2.0.0 | Unix | |
CIS_MySQL_5.6_Enterprise_Benchmark_v2.0.0_OS_MS_L1.audit from CIS Oracle MySQL 5.6 Enterprise Edition Benchmark | CIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0 | Windows | |
CIS_MySQL_5.6_Enterprise_Benchmark_v2.0.0_OS_MS_L1.audit from CIS Oracle MySQL 5.6 Enterprise Edition Benchmark | CIS MySQL 5.6 Enterprise Windows OS L2 v2.0.0 | Windows | |
JUEX-NM-000520 - The Juniper EX switch must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | MAINTENANCE |