Item Search

NameAudit NamePluginCategory
1.2 Disable Unused ConnectorsCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

2.1 Configure NTP time synchronizationCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

AUDIT AND ACCOUNTABILITY

2.1 Ensure Authentication is configuredCIS MongoDB 5 L1 OS Linux v1.2.0Unix

IDENTIFICATION AND AUTHENTICATION

2.2 Alter the Advertised server.number StringCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

2.3 Alter the Advertised server.built DateCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

2.3 Disable Managed Object Browser (MOB)CIS VMware ESXi 5.5 v1.2.0 Level 1VMware
3.1 Configure a centralized location to collect ESXi host core dumpsCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
4.1 Restrict access to $CATALINA_HOMECIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.6 Restrict access to Tomcat binaries directoryCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.8 Restrict access to Tomcat catalina.propertiesCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.9 Restrict access to Tomcat catalina.policyCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.15 Restrict access to jaspic-providers.xmlCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

5.1 Disable DCUI to prevent local administrative controlCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

5.4 Limit CIM AccessCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
5.5 Enable lockdown mode to restrict remote accessCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
7.1 Ensure that the vSwitch Forged Transmits policy is set to rejectCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure that the vSwitch MAC Address Change policy is set to rejectCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in defaultCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.6 Ensure directory in logging.properties is a secure location - check application log directory is secureCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL

7.6 Ensure that port groups are not configured to VLAN 4095 except for Virtual Guest Tagging (VGT)CIS VMware ESXi 5.5 v1.2.0 Level 1VMware

CONFIGURATION MANAGEMENT

8.1.2 Limit sharing of console connectionsCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

ACCESS CONTROL

8.2.4 Disconnect unauthorized devices - Serial DevicesCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.3.1 Disable unnecessary or superfluous functions inside VMsCIS VMware ESXi 5.5 v1.2.0 Level 1VMware
8.4.1 Control access to VMs through the dvfilter network APIsCIS VMware ESXi 5.5 v1.2.0 Level 1VMware

ACCESS CONTROL

8.4.6 Disable BIOS BBSCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.8 Disable Unity TaskbarCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.12 Disable Drag and Drop Version GetCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.15 Disable Request Disk TopologyCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.19 Disable Unity InterlockCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

CONFIGURATION MANAGEMENT

8.4.29 Disable all but VGA mode on virtual machines.CIS VMware ESXi 5.5 v1.2.0 Level 2VMware

SYSTEM AND COMMUNICATIONS PROTECTION

8.5.1 Prevent virtual machines from taking over resources - CPU Share LevelCIS VMware ESXi 5.5 v1.2.0 Level 2VMware

SYSTEM AND COMMUNICATIONS PROTECTION

10.1 Ensure Web content directory is on a separate partition from the Tomcat system files - verify Web content directoryCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT, MAINTENANCE

10.2 Restrict access to the web administration applicationCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL

10.10 Configure maxHttpHeaderSizeCIS Apache Tomcat 9 L2 v1.2.0 MiddlewareUnix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

10.14 Do not allow cross context requestsCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

10.17 Setting Security Lifecycle Listener - check for config componentCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL

18.10.9.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

ACCESS CONTROL

18.10.9.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BLWindows

ACCESS CONTROL

18.10.9.3.15 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

MEDIA PROTECTION

18.10.10.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v4.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 BitLockerWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.2.11 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

ACCESS CONTROL

18.10.10.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 BLWindows

ACCESS CONTROL

18.10.10.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

ACCESS CONTROL

18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

MEDIA PROTECTION

18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 11 Enterprise v4.0.0 BitLockerWindows

MEDIA PROTECTION

18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

MEDIA PROTECTION

18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BLWindows

MEDIA PROTECTION

18.10.36.1 (L2) Ensure 'Turn off location' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2Windows

CONFIGURATION MANAGEMENT