CSCv7|7

Title

Email and Web Browser Protections

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Email and Web Browser Protections

Audit Items

Name	Plugin	Audit Name
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.11 Ensure 'Whether online OCSP/CRL checks are performed' is set to 'Disabled'	Windows	CIS Google Chrome L1 v2.0.0
1.12 Ensure 'Allow WebDriver to Override Incompatible Policies' is set to 'Disabled'	Windows	CIS Google Chrome L1 v2.0.0
1.14 Ensure 'Origins or hostname patterns for which restrictions on insecure origins should not apply' is set to 'Disabled'	Windows	CIS Google Chrome L1 v2.0.0
1.15 Ensure 'Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities' is set to 'Disabled'	Windows	CIS Google Chrome L1 v2.0.0
1.16 Ensure 'Disable Certificate Transparency enforcement for a list of URLs' is set to 'Disabled'	Windows	CIS Google Chrome L1 v2.0.0
1.17 Ensure 'Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes' is set to 'Disabled'	Windows	CIS Google Chrome L1 v2.0.0
1.27 Ensure 'Origins or hostname patterns for which restrictions on insecure origins should not apply' is set to 'Disabled'	Windows	CIS Google Chrome L1 v2.1.0
2.1.7 Ensure that an anti-phishing policy has been created	microsoft_azure	CIS Microsoft 365 Foundations E5 L1 v3.1.0
2.1.7 Ensure that an anti-phishing policy has been created	microsoft_azure	CIS Microsoft 365 Foundations E5 L1 v3.0.0
2.2 Ensure 'Default notification setting' is set to 'Enabled' with 'Do not allow any site to show desktop notifications'	Windows	CIS Google Chrome L2 v2.0.0
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'	MDM	MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'	MDM	MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'	MDM	AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'	MDM	AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only'	MDM	MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only'	MDM	AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
2.2.4 Ensure 'Default notification setting' is set to 'Enabled: Do not allow any site to show desktop notifications'	Windows	CIS Google Chrome L2 v2.1.0
2.3 Ensure 'Control use of the Web Bluetooth API' is set to 'Enabled' with 'Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API'	Windows	CIS Google Chrome L2 v2.0.0
2.18 Ensure 'Whether online OCSP/CRL checks are required for local trust anchors' is set to 'Enabled'	Windows	CIS Google Chrome L2 v2.0.0
18.9.45.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1
18.9.45.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1
18.9.45.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL + NG
18.9.45.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1
18.9.45.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL + NG
18.9.45.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + NG
18.9.45.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL
18.9.45.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL
18.9.45.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL
18.9.45.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL + NG
18.9.45.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + NG
18.9.45.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + NG
18.9.45.11 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1
18.9.45.11 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + NG
18.9.45.11 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1
18.9.45.11 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + NG
18.9.45.11 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL
18.9.45.11 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL + NG
18.9.45.11 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1
18.9.45.11 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL
18.9.45.11 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL + NG
18.9.45.11 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL
18.9.45.11 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL + NG
18.9.45.11 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + NG
18.9.48.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL
18.9.48.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL + NG
18.9.48.4 Ensure 'Allow Sideloading of extension' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + NG
18.9.48.12 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + NG
18.9.48.12 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL
18.9.48.12 Ensure 'Prevent certificate error overrides' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL + NG

Detections

Analytics

CSCv7|7

Title

Reference Item Details

Audit Items