Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.1 Ensure 'Domain Name' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.2.3 Ensure 'Failover' is enabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.2.3 Ensure HTTP and Telnet options are disabled for the management interfaceCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - TelnetCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.2.5 Ensure valid certificate is set for browser-based administrator interface - CertificatesCIS Palo Alto Firewall 9 v1.1.0 L2Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.3.2 Post-authentication BannerCIS Cisco NX-OS L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.4.4.1 Ensure 'aaa command authorization' is configured correctlyCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.4.5.1 Ensure 'aaa accounting command' is configured correctlyCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctlyCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.4.5.3 Ensure 'aaa accounting for EXEC mode' is configured correctlyCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.7.1 Pre-authentication BannerCIS Cisco IOS XR 7.x v1.0.0 L1Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.2 Ensure that WMI probing is disabledCIS Palo Alto Firewall 9 v1.1.0 L2Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.3 Ensure that User-ID is only enabled for internal trusted interfacesCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.1.1.3 Configure EIGRP log-adjacency-changesCIS Cisco NX-OS L1 v1.1.0Cisco

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.2.3 Configure BGP AuthenticationCIS Cisco NX-OS L2 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.3.2 Authenticate OSPF peers with MD5 authentication keysCIS Cisco NX-OS L2 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.11 Ensure that Microsoft Cloud Security Benchmark policies are not set to 'Disabled'CIS Microsoft Azure Foundations v3.0.0 L1microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External NetworksCIS Cisco IOS XE 17.x v2.1.1 L1Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.2.2 Disable ICMP Redirects on all Layer 3 InterfacesCIS Cisco NX-OS L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.3 Disable Proxy ARP on all Layer 3 InterfacesCIS Cisco NX-OS L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.4 Disable IP Directed Broadcasts on all Layer 3 InterfacesCIS Cisco NX-OS L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 Configure DHCP TrustCIS Cisco NX-OS L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.3 Set 'key-string'CIS Cisco IOS XE 17.x v2.1.1 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.3.1.4 Set 'address-family ipv4 autonomous-system'CIS Cisco IOS XE 17.x v2.1.1 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.3.2.1 Set 'authentication message-digest' for OSPF areaCIS Cisco IOS XE 17.x v2.1.1 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.3.2.2 Set 'ip ospf message-digest-key md5'CIS Cisco IOS XE 17.x v2.1.1 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.5.2 Configure FCoE ZoningCIS Cisco NX-OS L2 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

6.14 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled - Data Filtering ProfileCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

6.14 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled - Data ObjectCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

6.18 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actionsCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

8.3 Ensure that the Certificate used for Decryption is TrustedCIS Palo Alto Firewall 9 v1.1.0 L2Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

8.3 Ensure that the Certificate used for Decryption is TrustedCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

18.5.7 (L1) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L2Windows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

18.5.7 (L1) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLockerWindows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

18.5.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DCWindows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

18.5.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Domain ControllerWindows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

18.5.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'CIS Microsoft Windows Server 2025 v1.0.0 L2 DCWindows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

18.5.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'CIS Microsoft Windows 11 Enterprise v4.0.0 L2Windows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLockerWindows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 DCWindows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Catalina - Disable Wi-Fi InterfaceNIST macOS Catalina v1.5.0 - 800-53r5 HighUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

Catalina - Disable Wi-Fi InterfaceNIST macOS Catalina v1.5.0 - 800-53r4 LowUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

Catalina - Disable Wi-Fi InterfaceNIST macOS Catalina v1.5.0 - All ProfilesUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

Catalina - Disable Wi-Fi InterfaceNIST macOS Catalina v1.5.0 - CNSSI 1253Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

Catalina - Disable Wi-Fi InterfaceNIST macOS Catalina v1.5.0 - 800-53r5 ModerateUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

Catalina - Disable Wi-Fi InterfaceNIST macOS Catalina v1.5.0 - 800-53r5 LowUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION