Item Search

NameAudit NamePluginCategory
1.5 Ensure That Service Account Has No Admin PrivilegesCIS Google Cloud Platform v3.0.0 L1GCP

ACCESS CONTROL

1.10 Ensure KMS Encryption Keys Are Rotated Within a Period of 90 DaysCIS Google Cloud Platform v3.0.0 L1GCP

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.12 Ensure API Keys Only Exist for Active ServicesCIS Google Cloud Platform v3.0.0 L2GCP

PLANNING, SYSTEM AND SERVICES ACQUISITION

1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and AppsCIS Google Cloud Platform v3.0.0 L2GCP

PLANNING, SYSTEM AND SERVICES ACQUISITION

1.15 Ensure API Keys Are Rotated Every 90 DaysCIS Google Cloud Platform v3.0.0 L2GCP

PLANNING, SYSTEM AND SERVICES ACQUISITION

2.3 Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket LockCIS Google Cloud Platform v3.0.0 L2GCP

ACCESS CONTROL, MEDIA PROTECTION

2.6 Ensure That the Log Metric Filter and Alerts Exist for Custom Role ChangesCIS Google Cloud Platform v3.0.0 L1GCP

AUDIT AND ACCOUNTABILITY

2.8 Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route ChangesCIS Google Cloud Platform v3.0.0 L2GCP

AUDIT AND ACCOUNTABILITY

2.11 Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration ChangesCIS Google Cloud Platform v3.0.0 L2GCP

AUDIT AND ACCOUNTABILITY

2.15 Ensure 'Access Approval' is 'Enabled'CIS Google Cloud Platform v3.0.0 L2GCP

ACCESS CONTROL, MEDIA PROTECTION

2.16 Ensure Logging is enabled for HTTP(S) Load BalancerCIS Google Cloud Platform v3.0.0 L2GCP

AUDIT AND ACCOUNTABILITY

3.1.3.1 Ensure That Microsoft Defender for Servers Is Set to 'On'CIS Microsoft Azure Foundations v3.0.0 L2microsoft_azure

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

3.4 Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSECCIS Google Cloud Platform v3.0.0 L1GCP

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.7 Ensure That RDP Access Is Restricted From the InternetCIS Google Cloud Platform v3.0.0 L2GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.9 Ensure No HTTPS or SSL Proxy Load Balancers Permit SSL Policies With Weak Cipher SuitesCIS Google Cloud Platform v3.0.0 L1GCP

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.10 Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed'CIS Google Cloud Platform v3.0.0 L2GCP

ACCESS CONTROL

4.1 Ensure That Instances Are Not Configured To Use the Default Service AccountCIS Google Cloud Platform v3.0.0 L1GCP

IDENTIFICATION AND AUTHENTICATION

4.2.8 Ensure that the --hostname-override argument is not setCIS Kubernetes v1.20 Benchmark v1.0.1 L1 WorkerUnix

CONFIGURATION MANAGEMENT

4.7 Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK)CIS Google Cloud Platform v3.0.0 L2GCP

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.8 Ensure Compute Instances Are Launched With Shielded VM EnabledCIS Google Cloud Platform v3.0.0 L2GCP

CONFIGURATION MANAGEMENT

4.10 Ensure That App Engine Applications Enforce HTTPS ConnectionsCIS Google Cloud Platform v3.0.0 L2GCP

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

4.11 Ensure That Compute Instances Have Confidential Computing EnabledCIS Google Cloud Platform v3.0.0 L2GCP

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.12 Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All ProjectsCIS Google Cloud Platform v3.0.0 L2GCP

SYSTEM AND SERVICES ACQUISITION

5.1 Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly AccessibleCIS Google Cloud Platform v3.0.0 L1GCP

ACCESS CONTROL, MEDIA PROTECTION

6.2.5 Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'CIS Google Cloud Platform v3.0.0 L1GCP

AUDIT AND ACCOUNTABILITY

6.2.8 Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized LoggingCIS Google Cloud Platform v3.0.0 L1GCP

AUDIT AND ACCOUNTABILITY

6.3.2 Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'CIS Google Cloud Platform v3.0.0 L1GCP

ACCESS CONTROL, MEDIA PROTECTION

6.3.6 Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on'CIS Google Cloud Platform v3.0.0 L1GCP

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

7.2 Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK)CIS Google Cloud Platform v3.0.0 L2GCP

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure all data in BigQuery has been classifiedCIS Google Cloud Platform v3.0.0 L2GCP

AUDIT AND ACCOUNTABILITY, RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

AIOS-12-004200 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).MobileIron - DISA Apple iOS 12 v2r1MDM

CONFIGURATION MANAGEMENT

AIOS-12-011300 - Apple iOS must implement the management setting: Disable Allow Shared Albums.AirWatch - DISA Apple iOS 12 v2r1MDM

CONFIGURATION MANAGEMENT

AIOS-13-004200 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud document and data synchronization).MobileIron - DISA Apple iOS/iPadOS 13 v2r1MDM

CONFIGURATION MANAGEMENT

AIOS-14-009500 - Apple iOS/iPadOS must implement the management setting: Disable Allow Shared Albums.AirWatch - DISA Apple iOS/iPadOS 14 v1r3MDM

CONFIGURATION MANAGEMENT

GOOG-09-003900 - The Google Android Pie must be configured to not allow backup of all applications and configuration data to remote systems.MobileIron - DISA Google Android 9.x v2r1MDM

ACCESS CONTROL

GOOG-09-003900 - The Google Android Pie must be configured to not allow backup of all applications and configuration data to remote systems.AirWatch - DISA Google Android 9.x v2r1MDM

ACCESS CONTROL

GOOG-10-003900 - Google Android 10 must be configured to not allow backup of all applications and configuration data to remote systems.MobileIron - DISA Google Android 10.x v2r1MDM

ACCESS CONTROL

GOOG-11-003900 - Google Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.MobileIron - DISA Google Android 11 COPE v2r1MDM

ACCESS CONTROL

GOOG-11-003900 - Google Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.AirWatch - DISA Google Android 11 COBO v2r1MDM

ACCESS CONTROL

GOOG-11-003900 - Google Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.AirWatch - DISA Google Android 11 COPE v2r1MDM

ACCESS CONTROL

GOOG-13-708600 - Google Android 13 must be configured to not allow backup of all work profile applications to remote systems.MobileIron - DISA Google Android 13 BYOD v1r2MDM

SYSTEM AND COMMUNICATIONS PROTECTION

HONW-09-003900 - The Honeywell Mobility Edge Android Pie device must be configured to not allow backup of all applications and configuration data to remote systems.AirWatch - DISA Honeywell Android 9.x COBO v1r2MDM

ACCESS CONTROL

iOS Device Management - HandoffTenable Best Practices for Microsoft Intune iOS v1.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT

MOTO-09-003900 - The Motorola Android Pie must be configured to not allow backup of all applications and configuration data to remote systems.AirWatch - DISA Motorola Android Pie.x COBO v1r2MDM

ACCESS CONTROL

MOTO-09-003900 - The Motorola Android Pie must be configured to not allow backup of all applications and configuration data to remote systems.AirWatch - DISA Motorola Android Pie.x COPE v1r2MDM

ACCESS CONTROL

MOTO-09-003900 - The Motorola Android Pie must be configured to not allow backup of all applications and configuration data to remote systems.MobileIron - DISA Motorola Android Pie.x COBO v1r2MDM

ACCESS CONTROL

MOTO-09-003900 - The Motorola Android Pie must be configured to not allow backup of all applications and configuration data to remote systems.MobileIron - DISA Motorola Android Pie.x COPE v1r2MDM

ACCESS CONTROL

MOTS-11-003900 - Motorola Solutions Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.AirWatch - DISA Motorola Solutions Android 11 COBO v1r3MDM

ACCESS CONTROL

MS.AAD.3.2v1 - If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users.CISA SCuBA Microsoft 365 Entra ID v1.5.0microsoft_azure

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

ZEBR-11-003900 - Zebra Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.MobileIron - DISA Zebra Android 11 COBO v1r3MDM

ACCESS CONTROL