Item Search

Name	Audit Name	Plugin	Category
2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'	CIS Windows Server 2012 R2 MS L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'	CIS Microsoft Windows Server 2016 v4.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows Server 2016 v4.0.0 L1 DC	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L1 MS	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.9.2 Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.9.2 Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.9.3 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.9.3 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.9.3 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'	CIS Windows Server 2012 MS L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.9.3 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.1.14 (BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	CONFIGURATION MANAGEMENT
18.9.11.1.15 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.11.3.3 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker	Windows	ACCESS CONTROL, CONTINGENCY PLANNING
18.9.11.3.14 (BL) Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker	Windows	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
18.9.20.1.3 (L1) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	CONFIGURATION MANAGEMENT
18.9.39.2 Ensure 'Turn off location' is set to 'Enabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	ACCESS CONTROL
18.10.9.2.7 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.9.3.2 (L1) Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	MEDIA PROTECTION
18.10.9.3.6 (L1) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	MEDIA PROTECTION
18.10.10.1.2 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.1.2 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.1.6 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.1.6 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.2.7 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.10.3.2 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	MEDIA PROTECTION
18.10.10.3.6 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'	CIS Microsoft Windows 10 Stand-alone v4.0.0 BL	Windows	MEDIA PROTECTION
49.12 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Intune for Windows 10 v4.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
49.12 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Intune for Windows 11 v4.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
49.15 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'	CIS Microsoft Intune for Windows 11 v4.0.0 L1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS Token Endpoint URL'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Consumer Key'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Default Scope'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = Salesforce Consumer Secret'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = Salesforce Execution User ID'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com
Salesforce.com : AuthConfig - 'Auth Providers = Salesforce is not configured'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	CONFIGURATION MANAGEMENT
Salesforce.com : AuthConfig - 'Auth Providers in use'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com
Salesforce.com : Email Services - 'IsTextAttachmentsAsBinary = False'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	CONFIGURATION MANAGEMENT
Salesforce.com : Monitoring Login History - 'Inactive System Administrators'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	ACCESS CONTROL
Salesforce.com : Network-Based Security - 'Login IP Addresses'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	AUDIT AND ACCOUNTABILITY
Salesforce.com : Network-Based Security - 'Trusted IP Ranges exist'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	SYSTEM AND COMMUNICATIONS PROTECTION
Salesforce.com : Object Permissions - 'DefaultOpportunityAccess should not be Public Read/Write or Public Read/Write/Transfer'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	ACCESS CONTROL
Salesforce.com : Setting Password Policies - 'lockout period >= 30 minutes'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	ACCESS CONTROL
Salesforce.com : Setting Password Policies - 'Must mix numbers, uppercase and lowercase letters, and special characters'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	IDENTIFICATION AND AUTHENTICATION
Salesforce.com : Setting Session Security - 'Enable CSRF protection on GET requests on non-setup pages = true'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com	SYSTEM AND COMMUNICATIONS PROTECTION
SalesForce.com : Setting Session Security - 'Review Active Users'	TNS Salesforce Best Practices Audit v1.2.0	Salesforce.com

Detections

Analytics

Item Search