1.1.21 Ensure sticky bit is set on all world-writable directories | CIS Red Hat EL8 Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
1.3.2 Ensure sudo commands use pty | CIS Oracle Linux 7 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
1.6.1.2 Ensure the SELinux state is enforcing - 'Current mode' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.1.2 Ensure the SELinux state is enforcing - 'SELINUX' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.1.3 Ensure SELinux policy is configured | CIS Oracle Linux 6 Workstation L2 v1.1.0 | Unix | ACCESS CONTROL |
1.6.1.3 Ensure SELinux policy is configured - 'Policy from config file' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.1.3 Ensure SELinux policy is configured - 'SELINUXTYPE' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.2.2 Ensure all AppArmor Profiles are enforcing - 'complian mode' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
1.8.10 Set default umask for users '/etc/d.login' | CIS HP-UX 11i v1.5 | Unix | ACCESS CONTROL |
1.8.10 Set default umask for users '/etc/profile' | CIS HP-UX 11i v1.5 | Unix | ACCESS CONTROL |
2.2 Ensure IAM Policy for EC2 IAM Roles for App tier is configured | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
2.2.14 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to 'DELAY,3' or 'DROP,3' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | ACCESS CONTROL |
2.2.26 Ensure 'Deny log on as a batch job' to include 'Guests, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
2.4.2 Restrict BIND Access with SELinux 'named_disable_trans' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | ACCESS CONTROL |
2.7 Prevent unintended use of dvfilter network APIs | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | ACCESS CONTROL |
2.13.2 - PCM - enhanced RBAC (AIX 6.1 only) - 'lskst -t auth info' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | ACCESS CONTROL |
2.13.2 - PCM - enhanced RBAC (AIX 6.1 only) - 'lskst -t cmd info' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | ACCESS CONTROL |
2.13.2 - PCM - enhanced RBAC (AIX 6.1 only) - 'lskst -t domobj info' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | ACCESS CONTROL |
3.4.3.8 Ensure nftables rules are permanent | CIS Red Hat EL8 Server L1 v1.0.0 | Unix | ACCESS CONTROL |
4.5 Activate AppArmor - GRUB_CMDLINE_LINUX - apparmor=1 | CIS Debian Linux 7 L2 v1.0.0 | Unix | ACCESS CONTROL |
4.5 Activate AppArmor - GRUB_CMDLINE_LINUX - security=apparmor | CIS Debian Linux 7 L2 v1.0.0 | Unix | ACCESS CONTROL |
5.3 Reduce the sudo timeout period | CIS Apple macOS 10.13 L1 v1.0.0 | Unix | ACCESS CONTROL |
5.3 Reduce the sudo timeout period | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
5.3 Reduce the sudo timeout period | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
5.5 Use a separate timestamp for each user/tty combo | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | ACCESS CONTROL |
7.7 Set Default umask for FTP Users - Check if 'defumask' is set to 077. | CIS Solaris 10 v5.2 | Unix | ACCESS CONTROL |
8.1 Block system accounts, Ensure account 'adm' is locked. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.1 Block system accounts, Ensure account 'lp' is locked. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.1 Block system accounts, Ensure account 'nobody' is locked. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.1 Block system accounts, Ensure account 'nuucp' is locked. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.1 Block System Accounts, should pass if the default shell for 'nobody4' is set to /dev/null. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.1 Block System Accounts, should pass if the default shell for 'nuucp' is set to /dev/null. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.1 Block System Accounts, should pass if the default shell for 'smtp' is set to /dev/null. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
8.4.1 Control access to VMs through the dvfilter network APIs | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
20.2 (L1) Ensure 'Event Logs are protected' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL |
20.46 Ensure 'Permissions for program file directories must conform to minimum requirements' | CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
20.51 Ensure 'Permissions for the Windows installation directory conform to minimum requirements' | CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.umask=077' | CIS HP-UX 11i v1.5 | Unix | ACCESS CONTROL |
Configure Role-Based Access Control - 'security.authorization = enabled' | TNS MongoDB 2.6 Best Practices Linux OS Audit v1.0 | Unix | ACCESS CONTROL |
Connection settings - 'pg_hba.conf no host entries for 'all' users' | TNS PostgreSQL 9.1 Best Practices Windows OS | Windows | ACCESS CONTROL |
Connection settings - 'pg_hba.conf review entries using 'trust' method' | TNS PostgreSQL 9.1 Best Practices Windows OS | Windows | ACCESS CONTROL |
Connections - Host Based Authentication - no unconditional connect | TNS PostgreSQL 9.6 Best Practices Windows OS | Windows | ACCESS CONTROL |
Ensure Standalone LDAP Registry SSL is Enabled | TNS IBM WebSphere Application Server 9 Linux Best Practices | Unix | ACCESS CONTROL |
IBM i : Allow User Domain Objects (QALWUSRDMN) - '*ALL' | IBM System i Security Reference for V7R3 | AS/400 | ACCESS CONTROL |
IBM i : Use Adopted Authority (QUSEADPAUT) - AUTH_LIST_NAME | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
SalesForce.com : User Permissions - 'Review Active System Administrators' | TNS Salesforce Best Practices Audit v1.1.0 | Salesforce.com | ACCESS CONTROL |
User IDs which disclose the privileges associated with it, should not be created. 'lock' | TNS IBM HTTP Server Best Practice | Unix | ACCESS CONTROL |
VM : verify-network-filter | VMWare vSphere 6.0 Hardening Guide | VMware | ACCESS CONTROL |
VM: verify-network-filter | TNS VMWare vSphere Best Practices | VMware | ACCESS CONTROL |
WG470 - Wscript.exe and Cscript.exe are accessible by users other than the SA and Web Manager. - 'wscript.exe' | DISA STIG IIS 6.0 Installation v6r1 | Windows | ACCESS CONTROL |