Item Search

NameAudit NamePluginCategory
1.1.6 Ensure nosuid option set on /var partitionCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.7 Ensure noexec option set on /var partitionCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

CONFIGURATION MANAGEMENT

1.5.1.1 Ensure message of the day is configured properlyCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

CONFIGURATION MANAGEMENT

1.8 Ensure 'Attachment Filtering Agent' is configuredCIS Microsoft Exchange Server 2019 L1 Edge v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

2.2.4 Ensure 'OS_ROLES' Is Set to 'FALSE'CIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

2.2.12 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG'CIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

2.2.17 Ensure 'PDB_OS_CREDENTIAL' is NOT nullCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

ACCESS CONTROL

2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'CIS Microsoft Windows Server 2016 v3.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'CIS Microsoft Windows Server 2016 v3.0.0 L1 MSWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

IDENTIFICATION AND AUTHENTICATION

2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'CIS Windows Server 2012 R2 DC L1 v3.0.0Windows

IDENTIFICATION AND AUTHENTICATION

2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.8.2 Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DCWindows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.3 Ensure secure ICMP redirects are not acceptedCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.1.3 Ensure logging is configuredCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

4.1.2.1 Ensure journald is configured to compress large log filesCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.21 Ensure SSH MaxStartups is configuredCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

CONFIGURATION MANAGEMENT

5.2.6 Ensure 'SELECT ANY TABLE' Is Revoked from Unauthorized 'GRANTEE'CIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.2.7 Ensure 'AUDIT SYSTEM' Is Revoked from Unauthorized 'GRANTEE'CIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.2.14 Ensure 'GRANT ANY OBJECT PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE'CIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.3.1 Ensure 'SELECT_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.3.2 Ensure system accounts are securedCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

6.1.3 Ensure the 'SYSTEM GRANT' Audit Option Is EnabledCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.4 Ensure the 'PROFILE' Audit Option Is EnabledCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.6 Ensure permissions on /etc/shadow- are configuredCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.1.7 Ensure the 'PUBLIC SYNONYM' Audit Option Is EnabledCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.8 Ensure the 'SYNONYM' Audit Option Is EnabledCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.14 Ensure the 'ALL' Audit Option on 'SYS.AUD$' Is EnabledCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.2.3 Ensure the 'DROP USER' Audit Option Is EnabledCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.2.4 Ensure the 'CREATE ROLE' Action Audit Is EnabledCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.2.7 Ensure all users' home directories existCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

CONFIGURATION MANAGEMENT

6.2.7 Ensure the 'GRANT' Action Audit Is EnabledCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.2.13 Ensure users' .netrc Files are not group or world accessibleCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.2.19 Ensure the 'AUDSYS.AUD$UNIFIED' Access Audit Is EnabledCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.2.23 Ensure the 'ALTER SYSTEM' Action Audit is EnabledCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.2.26 Ensure the 'DROP TRIGGER' Action Audit Is EnabledCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BLWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows Server 2025 v1.0.0 L1 DCWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain ControllerWindows
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DCWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MSWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.2 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity' set for all NETLOGON and SYSVOL shares' (STIG only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.2 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity' set for all NETLOGON and SYSVOL shares' (STIG only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

IDENTIFICATION AND AUTHENTICATION