Item Search

NameAudit NamePluginCategory
1.1.10 Ensure nodev option set on /dev/shm partitionCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.2.1 Ensure dm-verity is enabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.6 Ensure AppArmor is installedCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

2.2.3 Ensure 'GLOBAL_NAMES' Is Set to 'TRUE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

2.2.9 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

IDENTIFICATION AND AUTHENTICATION

3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL

3.1.1 Ensure packet redirect sending is disabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL

3.4 Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

IDENTIFICATION AND AUTHENTICATION

5.1.1.1 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Network" PackagesCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.1.1.6 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "SQL Injection Helper" PackagesCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.1.2 Ensure permissions on SSH private host key files are configuredCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

5.1.2.1 Ensure 'EXECUTE' is not granted to 'PUBLIC' on "Non-default" PackagesCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.1.10 Ensure SSH root login is disabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL

5.1.11 Ensure SSH PermitEmptyPasswords is disabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.2.14 Ensure 'GRANT ANY OBJECT PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.3.1 Ensure 'SELECT_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.5 Ensure access to the su command is restrictedCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

18.5.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')CIS Microsoft Windows 8.1 v2.4.1 L2Windows

CONFIGURATION MANAGEMENT, RISK ASSESSMENT

18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.11.3.3 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higherCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 11 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.5 (L1) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higherCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v3.0.0 BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.2.17 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

ACCESS CONTROL

18.10.9.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

MEDIA PROTECTION

18.10.9.3.4 (L1) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

MEDIA PROTECTION

18.10.9.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BLWindows

MEDIA PROTECTION

18.10.9.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

MEDIA PROTECTION

18.10.9.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BLWindows

MEDIA PROTECTION

18.10.9.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

MEDIA PROTECTION

18.10.9.3.9 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLockerWindows

MEDIA PROTECTION

18.10.9.3.9 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 11 Stand-alone v3.0.0 BLWindows

MEDIA PROTECTION

18.10.9.3.9 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BLWindows

MEDIA PROTECTION

Salesforce.com : Network-Based Security - 'Login IP Addresses'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

AUDIT AND ACCOUNTABILITY

Salesforce.com : Object Permissions - 'DefaultAccountAccess should not be Public Read/Write or Public Read/Write/Transfer'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

ACCESS CONTROL

Salesforce.com : Securing Data Access - 'DashboardMobile iPad access'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

ACCESS CONTROL

Salesforce.com : Setting Password Policies - 'minimum password length >= 8'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

IDENTIFICATION AND AUTHENTICATION

Salesforce.com : Setting Password Policies - 'Must mix numbers, uppercase and lowercase letters, and special characters'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com

IDENTIFICATION AND AUTHENTICATION

Salesforce.com : Setting Session Security - 'Review Site.com Contributor User'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : Setting Session Security - 'Review Site.com Publisher User'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com
Salesforce.com : Setting Session Security - 'Review Wireless User'TNS Salesforce Best Practices Audit v1.2.0Salesforce.com