Item Search

NameAudit NamePluginCategory
1.5 Ensure That Service Account Has No Admin PrivilegesCIS Google Cloud Platform v3.0.0 L1GCP

ACCESS CONTROL

1.6 Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project LevelCIS Google Cloud Platform v3.0.0 L1GCP

ACCESS CONTROL, MEDIA PROTECTION

1.10 Ensure KMS Encryption Keys Are Rotated Within a Period of 90 DaysCIS Google Cloud Platform v3.0.0 L1GCP

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.12 Ensure API Keys Only Exist for Active ServicesCIS Google Cloud Platform v3.0.0 L2GCP

PLANNING, SYSTEM AND SERVICES ACQUISITION

1.14 Ensure API Keys Are Restricted to Only APIs That Application Needs AccessCIS Google Cloud Platform v3.0.0 L2GCP

PLANNING, SYSTEM AND SERVICES ACQUISITION

1.15 Ensure API Keys Are Rotated Every 90 DaysCIS Google Cloud Platform v3.0.0 L2GCP

PLANNING, SYSTEM AND SERVICES ACQUISITION

1.17 Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret ManagerCIS Google Cloud Platform v3.0.0 L1GCP

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.7 Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule ChangesCIS Google Cloud Platform v3.0.0 L2GCP

AUDIT AND ACCOUNTABILITY

2.8 Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route ChangesCIS Google Cloud Platform v3.0.0 L2GCP

AUDIT AND ACCOUNTABILITY

3.1 Ensure That the Default Network Does Not Exist in a ProjectCIS Google Cloud Platform v3.0.0 L2GCP

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.1.3.1 Ensure That Microsoft Defender for Servers Is Set to 'On'CIS Microsoft Azure Foundations v3.0.0 L2microsoft_azure

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

3.7 Ensure That RDP Access Is Restricted From the InternetCIS Google Cloud Platform v3.0.0 L2GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Ensure Oslogin Is Enabled for a ProjectCIS Google Cloud Platform v3.0.0 L1GCP

ACCESS CONTROL

4.5 Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM InstanceCIS Google Cloud Platform v3.0.0 L1GCP

CONFIGURATION MANAGEMENT

4.6 Ensure That IP Forwarding Is Not Enabled on InstancesCIS Google Cloud Platform v3.0.0 L1GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.8 Ensure Compute Instances Are Launched With Shielded VM EnabledCIS Google Cloud Platform v3.0.0 L2GCP

CONFIGURATION MANAGEMENT

4.12 Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All ProjectsCIS Google Cloud Platform v3.0.0 L2GCP

SYSTEM AND SERVICES ACQUISITION

6.2.5 Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'CIS Google Cloud Platform v3.0.0 L1GCP

AUDIT AND ACCOUNTABILITY

6.2.8 Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized LoggingCIS Google Cloud Platform v3.0.0 L1GCP

AUDIT AND ACCOUNTABILITY

6.3.2 Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'CIS Google Cloud Platform v3.0.0 L1GCP

ACCESS CONTROL, MEDIA PROTECTION

6.3.3 Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting ValueCIS Google Cloud Platform v3.0.0 L1GCP

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.3.6 Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on'CIS Google Cloud Platform v3.0.0 L1GCP

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

7.1 Ensure That BigQuery Datasets Are Not Anonymously or Publicly AccessibleCIS Google Cloud Platform v3.0.0 L1GCP

ACCESS CONTROL, MEDIA PROTECTION

7.2 Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK)CIS Google Cloud Platform v3.0.0 L2GCP

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure all data in BigQuery has been classifiedCIS Google Cloud Platform v3.0.0 L2GCP

AUDIT AND ACCOUNTABILITY, RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.9.52.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

ACCESS CONTROL

18.9.58.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

ACCESS CONTROL

18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

CONFIGURATION MANAGEMENT

18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NGWindows

CONFIGURATION MANAGEMENT

18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'CIS Microsoft Windows Server 2016 v3.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

CONFIGURATION MANAGEMENT

18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

CONFIGURATION MANAGEMENT

18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NGWindows

CONFIGURATION MANAGEMENT

18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

CONFIGURATION MANAGEMENT

18.10.50.1 Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.10.50.1 Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT

18.10.51.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

18.10.51.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'CIS Windows Server 2012 R2 MS L1 v3.0.0Windows

ACCESS CONTROL

67.3 (L2) Ensure 'Disable One Drive File Sync' is set to 'Sync Disabled'CIS Microsoft Intune for Windows 10 v3.0.1 L2Windows

CONFIGURATION MANAGEMENT

AIOS-12-004200 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).MobileIron - DISA Apple iOS 12 v2r1MDM

CONFIGURATION MANAGEMENT

AIOS-12-011300 - Apple iOS must implement the management setting: Disable Allow Shared Albums.AirWatch - DISA Apple iOS 12 v2r1MDM

CONFIGURATION MANAGEMENT

Do not suggest third-party content in Windows spotlightMSCT Windows 11 v24H2 v1.0.0Windows

CONFIGURATION MANAGEMENT

Do not suggest third-party content in Windows spotlightMSCT Windows 10 v21H2 v1.0.0Windows

CONFIGURATION MANAGEMENT

Do not suggest third-party content in Windows spotlightMSCT Windows 11 v1.0.0Windows

CONFIGURATION MANAGEMENT

GOOG-09-003900 - The Google Android Pie must be configured to not allow backup of all applications and configuration data to remote systems.MobileIron - DISA Google Android 9.x v2r1MDM

ACCESS CONTROL

GOOG-10-003900 - Google Android 10 must be configured to not allow backup of all applications and configuration data to remote systems.MobileIron - DISA Google Android 10.x v2r1MDM

ACCESS CONTROL

GOOG-11-003900 - Google Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.MobileIron - DISA Google Android 11 COPE v2r1MDM

ACCESS CONTROL

MOTS-11-003900 - Motorola Solutions Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.AirWatch - DISA Motorola Solutions Android 11 COBO v1r3MDM

ACCESS CONTROL

MS.AAD.3.2v1 - If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

ZEBR-11-003900 - Zebra Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.MobileIron - DISA Zebra Android 11 COBO v1r3MDM

ACCESS CONTROL