1.1.2.6.1 Ensure separate partition exists for /var/log | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
1.1.13 Ensure separate partition exists for /home | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
1.5.1.5 Ensure the SELinux mode is enforcing | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL |
1.6.1.4 Ensure SETroubleshoot is not installed | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
2.4 Ensure 'forms authentication' is set to use cookies - Application | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
2.4 Ensure 'forms authentication' is set to use cookies - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
2.8 Ensure 'credentials' are not stored in configuration files - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | IDENTIFICATION AND AUTHENTICATION |
3.2 Ensure 'debug' is turned off - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
3.2.2 Ensure tipc kernel module is not available | CIS Amazon Linux 2 v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
3.3 Ensure custom error messages are not off - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
3.6 Ensure 'httpcookie' mode is configured for session state - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
3.11 Ensure 'encryption providers' are locked down | CIS IIS 8.0 v1.5.1 Level 2 | Windows | ACCESS CONTROL |
4.1.4 Ensure events that modify date and time information are collected - /etc/localtime | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.4 Ensure events that modify date and time information are collected - adjtimex | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.4 Ensure events that modify date and time information are collected - clock_settime (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.6 Ensure events that modify the system's network environment are collected - /etc/issue.net | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.6 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.6 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network-scripts | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.6 Ensure events that modify the system's network environment are collected - sethostname (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.9 Ensure session initiation information is collected - /var/run/utmp | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
4.1.9 Ensure session initiation information is collected - auditctl /var/log/btmp | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EPERM (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EPERM (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.1.13 Ensure successful file system mounts are collected - auditctl (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers.d | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.1.16 Ensure system administrator actions (sudolog) are collected - auditctl | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.2.8 Ensure sshd DisableForwarding is enabled | CIS Amazon Linux 2 v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
4.2.9 Ensure sshd GSSAPIAuthentication is disabled | CIS Amazon Linux 2 v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
4.4.1.6 Ensure root access is disabled or blocked. | CIS IBM AIX 7 v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.2.1.4 Ensure auditd service is enabled | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.2.1 Ensure audit log storage size is configured | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.2.3 Ensure system is disabled when audit logs are full | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.10 Ensure successful file system mounts are collected | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.11 Ensure session initiation information is collected | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
7.1 Ensure HSTS Header is set - Server | CIS IIS 10 v1.2.1 Level 2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
7.4 Ensure TLS 1.0 is disabled | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
7.14 Ensure TLS Cipher Suite ordering is configured | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
8.4.20 Ensure memSchedFakeSampleStats is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
18.9.35.1 (L1) Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
18.9.35.1 Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
ARST-L2-000160 - The Arista MLS layer 2 switch must have all trunk links enabled statically. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | CONFIGURATION MANAGEMENT |
DTOO113 - Excel - Open/Save actions for Excel 2 macrosheets and add-in files must be blocked. | DISA STIG Office 2010 Excel v1r11 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN003080-2 - Files in cron script directories must have mode 0700 or less permissive - '/etc/cron.monthly/*' | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
WBLC-05-000177 - Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes - JAVA_OPTIONS | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
WBLC-05-000177 - Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes - PRE_CLASSPATH | Oracle WebLogic Server 12c Windows v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |