| Vulnerability ID |
Severity |
Message |
|
V-254247
|
Medium
|
Systems at unsupported servicing levels will not receive security updates for...
|
|
V-205849
|
High
|
Systems at unsupported servicing levels will not receive security updates for...
|
|
V-253263
|
High
|
Windows 11 is maintained by Microsoft at servicing levels for specific period...
|
|
V-220706
|
High
|
Windows 10 is maintained by Microsoft at servicing levels for specific period...
|
|
V-254355
|
Medium
|
Enumeration of administrator accounts when elevating can provide part of the ...
|
|
V-205714
|
Medium
|
Enumeration of administrator accounts when elevating can provide part of the ...
|
|
V-253391
|
Medium
|
Enumeration of administrator accounts when elevating can provide part of the ...
|
|
V-220832
|
Medium
|
Enumeration of administrator accounts when elevating can provide part of the ...
|
|
V-205751
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-254289
|
Medium
|
The longer a password is in use, the greater the opportunity for someone to g...
|
|
V-205659
|
Medium
|
The longer a password is in use, the greater the opportunity for someone to g...
|
|
V-253301
|
Medium
|
The longer a password is in use, the greater the opportunity for someone to g...
|
|
V-220743
|
Medium
|
The longer a password is in use, the greater the opportunity for someone to g...
|
|
V-254447
|
Medium
|
The built-in administrator account is a well-known account subject to attack....
|
|
V-205909
|
Medium
|
The built-in administrator account is a well-known account subject to attack....
|
|
V-253435
|
Medium
|
The built-in administrator account is a well-known account subject to attack....
|
|
V-220911
|
Medium
|
The built-in administrator account is a well-known account subject to attack....
|
|
V-254291
|
Medium
|
Information systems not protected with strong password schemes (including pas...
|
|
V-205662
|
Medium
|
Information systems not protected with strong password schemes (including pas...
|
|
V-253303
|
Medium
|
Information systems not protected with strong password schemes (including pas...
|
|
V-220745
|
Medium
|
Information systems not protected with strong password schemes (including pas...
|
|
V-254290
|
Medium
|
Permitting passwords to be changed in immediate succession within the same da...
|
|
V-205656
|
Medium
|
Permitting passwords to be changed in immediate succession within the same da...
|
|
V-253302
|
Medium
|
Permitting passwords to be changed in immediate succession within the same da...
|
|
V-220744
|
Medium
|
Permitting passwords to be changed in immediate succession within the same da...
|
|
V-253385
|
Low
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-220826
|
Low
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-254351
|
Low
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-205691
|
Low
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-254448
|
Medium
|
The built-in guest account is a well-known user account on all Windows system...
|
|
V-205910
|
Medium
|
The built-in guest account is a well-known user account on all Windows system...
|
|
V-220912
|
Medium
|
The built-in guest account is a well-known user account on all Windows system...
|
|
V-253436
|
Medium
|
The built-in guest account is a well-known user account on all Windows system...
|
|
V-254424
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-254438
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-205670
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-205675
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-220971
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-253494
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-254440
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-205748
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-220973
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-253496
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-254426
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-205745
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-205908
|
High
|
An account without a password can allow unauthorized access to a system as on...
|
|
V-254446
|
High
|
An account without a password can allow unauthorized access to a system as on...
|
|
V-220910
|
Medium
|
An account without a password can allow unauthorized access to a system as on...
|
|
V-253434
|
Medium
|
An account without a password can allow unauthorized access to a system as on...
|
|
V-254429
|
Medium
|
A compromised local administrator account can provide means for an attacker t...
|
|
V-205715
|
Medium
|
A compromised local administrator account can provide means for an attacker t...
|
|
V-253357
|
Medium
|
A compromised local administrator account can provide means for an attacker t...
|
|
V-220799
|
Medium
|
A compromised local administrator account can provide means for an attacker t...
|
|
V-253432
|
Medium
|
The built-in administrator account is a well-known account subject to attack....
|
|
V-220908
|
Medium
|
The built-in administrator account is a well-known account subject to attack....
|
|
V-254445
|
Medium
|
A system faces an increased vulnerability threat if the built-in guest accoun...
|
|
V-205709
|
Medium
|
A system faces an increased vulnerability threat if the built-in guest accoun...
|
|
V-253433
|
Medium
|
A system faces an increased vulnerability threat if the built-in guest accoun...
|
|
V-220909
|
Medium
|
A system faces an increased vulnerability threat if the built-in guest accoun...
|
|
V-254250
|
High
|
The ability to set access permissions and auditing is critical to maintaining...
|
|
V-205663
|
High
|
The ability to set access permissions and auditing is critical to maintaining...
|
|
V-253265
|
High
|
The ability to set access permissions and auditing is critical to maintaining...
|
|
V-220708
|
High
|
The ability to set access permissions and auditing is critical to maintaining...
|
|
V-254372
|
Medium
|
Indexing of encrypted files may expose sensitive data. This setting prevents ...
|
|
V-205694
|
Medium
|
Indexing of encrypted files may expose sensitive data. This setting prevents ...
|
|
V-253409
|
Medium
|
Indexing of encrypted files may expose sensitive data. This setting prevents ...
|
|
V-220855
|
Medium
|
Indexing of encrypted files may expose sensitive data. This setting prevents ...
|
|
V-254494
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-253483
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-220960
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-254317
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-205840
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-253324
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-220766
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-254285
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-205795
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-253297
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-220739
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-254342
|
Medium
|
An exportable version of credentials is provided to remote hosts when using c...
|
|
V-205863
|
Medium
|
An exportable version of credentials is provided to remote hosts when using c...
|
|
V-253368
|
Medium
|
An exportable version of credentials is provided to remote hosts when using c...
|
|
V-220810
|
Medium
|
An exportable version of credentials is provided to remote hosts when using c...
|
|
V-254376
|
Medium
|
Windows can be configured to automatically sign the user back in after a Wind...
|
|
V-205925
|
Medium
|
Windows can be configured to automatically sign the user back in after a Wind...
|
|
V-253413
|
Medium
|
Windows can be configured to automatically sign the user back in after a Wind...
|
|
V-220859
|
Medium
|
Windows can be configured to automatically sign the user back in after a Wind...
|
|
V-260469
|
High
|
A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, ca...
|
|
V-254292
|
Medium
|
The use of complex passwords increases their strength against attack. The bui...
|
|
V-205652
|
Medium
|
The use of complex passwords increases their strength against attack. The bui...
|
|
V-253304
|
Medium
|
The use of complex passwords increases their strength against guessing and br...
|
|
V-260650
|
High
|
Use of weak or untested encryption algorithms undermines the purposes of util...
|
|
V-220746
|
Medium
|
The use of complex passwords increases their strength against guessing and br...
|
|
V-254287
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-205630
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-253299
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-220741
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-254257
|
Medium
|
The lack of password protection enables anyone to gain access to the informat...
|
|
V-205700
|
Medium
|
The lack of password protection enables anyone to gain access to the informat...
|
|
V-254293
|
High
|
Storing passwords using reversible encryption is essentially the same as stor...
|
|
V-205653
|
High
|
Storing passwords using reversible encryption is essentially the same as stor...
|
|
V-253305
|
High
|
Storing passwords using reversible encryption is essentially the same as stor...
|
|
V-220747
|
High
|
Storing passwords using reversible encryption is essentially the same as stor...
|
|
V-254453
|
Medium
|
Computer account passwords are changed automatically on a regular basis. Disa...
|
|
V-205815
|
Medium
|
Computer account passwords are changed automatically on a regular basis. Disa...
|
|
V-253441
|
Low
|
Computer account passwords are changed automatically on a regular basis. Disa...
|
|
V-220917
|
Low
|
Computer account passwords are changed automatically on a regular basis. Disa...
|
|
V-254286
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-205629
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-253298
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-220740
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-254483
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-205716
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254482
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-205811
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-253468
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-220944
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254485
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-205812
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-253471
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-220947
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254488
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-205813
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-253474
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-220950
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254486
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-205718
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-253472
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-220948
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254489
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-205720
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-253475
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-220951
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254484
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-205717
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-253469
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-220945
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254487
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-205719
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-253473
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-220949
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254349
|
Medium
|
A system that does not require authentication when resuming from sleep may pr...
|
|
V-205867
|
Medium
|
A system that does not require authentication when resuming from sleep may pr...
|
|
V-253380
|
Medium
|
Authentication must always be required when accessing a system. This setting ...
|
|
V-220821
|
Medium
|
Authentication must always be required when accessing a system. This setting ...
|
|
V-254350
|
Medium
|
A system that does not require authentication when resuming from sleep may pr...
|
|
V-205868
|
Medium
|
A system that does not require authentication when resuming from sleep may pr...
|
|
V-253381
|
Medium
|
Authentication must always be required when accessing a system. This setting ...
|
|
V-220822
|
Medium
|
Authentication must always be required when accessing a system. This setting ...
|
|
V-254479
|
Medium
|
If the private key is discovered, an attacker can use the key to authenticate...
|
|
V-205651
|
Medium
|
If the private key is discovered, an attacker can use the key to authenticate...
|
|
V-254341
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-205638
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-220809
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-253367
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-254299
|
Medium
|
Protecting audit information also includes identifying and protecting the too...
|
|
V-205731
|
Medium
|
Protecting audit information also includes identifying and protecting the too...
|
|
V-254358
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-205796
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-253337
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-220779
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-254359
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-205797
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-253338
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-220780
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-254360
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-205798
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-253339
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-220781
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-254449
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-205644
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-253437
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-220913
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-254297
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-205641
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-253341
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-220783
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-254298
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-205642
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-253342
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-220784
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-254352
|
High
|
Allowing AutoPlay to execute may introduce malicious code to a system. AutoPl...
|
|
V-205804
|
High
|
Allowing AutoPlay to execute may introduce malicious code to a system. AutoPl...
|
|
V-253386
|
High
|
Allowing autoplay to execute may introduce malicious code to a system. Autopl...
|
|
V-220827
|
High
|
Allowing autoplay to execute may introduce malicious code to a system. Autopl...
|
|
V-254354
|
High
|
Allowing AutoPlay to execute may introduce malicious code to a system. AutoPl...
|
|
V-205806
|
High
|
Allowing AutoPlay to execute may introduce malicious code to a system. AutoPl...
|
|
V-253388
|
High
|
Allowing autoplay to execute may introduce malicious code to a system. Autopl...
|
|
V-220829
|
High
|
Allowing autoplay to execute may introduce malicious code to a system. Autopl...
|
|
V-254353
|
High
|
Allowing AutoRun commands to execute may introduce malicious code to a system...
|
|
V-205805
|
High
|
Allowing AutoRun commands to execute may introduce malicious code to a system...
|
|
V-253387
|
High
|
Allowing autorun commands to execute may introduce malicious code to a system...
|
|
V-220828
|
Medium
|
Allowing autorun commands to execute may introduce malicious code to a system...
|
|
V-205624
|
Medium
|
If temporary user accounts remain active when no longer needed or for an exce...
|
|
V-254334
|
Medium
|
When the WDigest Authentication protocol is enabled, plain-text passwords are...
|
|
V-205687
|
Medium
|
When the WDigest Authentication protocol is enabled, plain-text passwords are...
|
|
V-253358
|
Medium
|
When the WDigest Authentication protocol is enabled, plain text passwords are...
|
|
V-220800
|
Medium
|
When the WDigest Authentication protocol is enabled, plain text passwords are...
|
|
V-254500
|
High
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-205757
|
High
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-253490
|
High
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-220967
|
High
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-205876
|
Medium
|
Enabling this setting on all domain controllers in a domain prevents domain m...
|
|
V-254416
|
Medium
|
Unsigned network traffic is susceptible to man-in-the-middle attacks, where a...
|
|
V-205820
|
Medium
|
Unsigned network traffic is susceptible to man-in-the-middle attacks, where a...
|
|
V-254391
|
High
|
Improper access permissions for directory data-related files could allow unau...
|
|
V-254392
|
High
|
Improper access permissions for directory data files could allow unauthorized...
|
|
V-205740
|
High
|
Improper access permissions for directory data files could allow unauthorized...
|
|
V-254427
|
Medium
|
The krbtgt account acts as a service account for the Kerberos Key Distributio...
|
|
V-205877
|
Medium
|
The krbtgt account acts as a service account for the Kerberos Key Distributio...
|
|
V-254441
|
High
|
Credential Guard uses virtualization-based security to protect data that coul...
|
|
V-205907
|
High
|
Credential Guard uses virtualization-based security to protect data that coul...
|
|
V-253370
|
High
|
Credential Guard uses virtualization-based security to protect information th...
|
|
V-220812
|
High
|
Credential Guard uses virtualization based security to protect information th...
|
|
V-253447
|
Low
|
The default Windows configuration caches the last logon credentials for users...
|
|
V-220923
|
Low
|
The default Windows configuration caches the last logon credentials for users...
|
|
V-254432
|
Medium
|
The default Windows configuration caches the last logon credentials for users...
|
|
V-205906
|
Medium
|
The default Windows configuration caches the last logon credentials for users...
|
|
V-254450
|
Medium
|
Requests sent on the secure channel are authenticated, and sensitive informat...
|
|
V-205821
|
Medium
|
Requests sent on the secure channel are authenticated, and sensitive informat...
|
|
V-254451
|
Medium
|
Requests sent on the secure channel are authenticated, and sensitive informat...
|
|
V-205822
|
Medium
|
Requests sent on the secure channel are authenticated, and sensitive informat...
|
|
V-254452
|
Medium
|
Requests sent on the secure channel are authenticated, and sensitive informat...
|
|
V-205823
|
Medium
|
Requests sent on the secure channel are authenticated, and sensitive informat...
|
|
V-254345
|
Medium
|
Registry entries for group policy settings can potentially be changed from th...
|
|
V-205866
|
Medium
|
Registry entries for group policy settings can potentially be changed from th...
|
|
V-253373
|
Medium
|
Enabling this setting and then selecting the "Process even if the Group ...
|
|
V-220814
|
Medium
|
Enabling this setting and then selecting the "Process even if the Group ...
|
|
V-254340
|
Medium
|
Additional security requirements are applied to UNC paths specified in harden...
|
|
V-205862
|
Medium
|
Additional security requirements are applied to UNC paths specified in harden...
|
|
V-253362
|
Medium
|
Additional security requirements are applied to Universal Naming Convention (...
|
|
V-250319
|
Medium
|
Additional security requirements are applied to Universal Naming Convention (...
|
|
V-254430
|
Medium
|
The username is one part of logon credentials that could be used to gain acce...
|
|
V-205696
|
Medium
|
The username is one part of logon credentials that could be used to gain acce...
|
|
V-253379
|
Medium
|
The username is one part of logon credentials that could be used to gain acce...
|
|
V-220820
|
Medium
|
The username is one part of logon credentials that could be used to gain acce...
|
|
V-254454
|
Medium
|
Computer account passwords are changed automatically on a regular basis. This...
|
|
V-205911
|
Medium
|
Computer account passwords are changed automatically on a regular basis. This...
|
|
V-253442
|
Low
|
Computer account passwords are changed automatically on a regular basis. This...
|
|
V-220918
|
Low
|
Computer account passwords are changed automatically on a regular basis. This...
|
|
V-254476
|
Medium
|
This setting controls the signing requirements for LDAP clients. This must be...
|
|
V-205920
|
Medium
|
This setting controls the signing requirements for LDAP clients. This must be...
|
|
V-253463
|
Medium
|
This setting controls the signing requirements for LDAP clients. This setting...
|
|
V-220939
|
Medium
|
This setting controls the signing requirements for LDAP clients. This setting...
|
|
V-253284
|
High
|
Attackers are constantly looking for vulnerabilities in systems and applicati...
|
|
V-220727
|
High
|
Attackers are constantly looking for vulnerabilities in systems and applicati...
|
|
V-254364
|
Medium
|
The shell protocol will limit the set of folders that applications can open w...
|
|
V-205872
|
Medium
|
The shell protocol will limit the set of folders that applications can open w...
|
|
V-253398
|
Medium
|
The shell protocol will limit the set of folders applications can open when r...
|
|
V-220839
|
Medium
|
The shell protocol will limit the set of folders applications can open when r...
|
|
V-254248
|
Medium
|
Malicious software can establish a base on individual desktops and servers. E...
|
|
V-205850
|
High
|
Malicious software can establish a base on individual desktops and servers. E...
|
|
V-253264
|
High
|
Malicious software can establish a base on individual desktops and servers. E...
|
|
V-220707
|
High
|
Malicious software can establish a base on individual desktops and servers. E...
|
|
V-254346
|
Medium
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-205688
|
Medium
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-253374
|
Medium
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-220815
|
Medium
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-254344
|
Medium
|
Compromised boot drivers can introduce malware prior to protection mechanisms...
|
|
V-205865
|
Medium
|
Compromised boot drivers can introduce malware prior to protection mechanisms...
|
|
V-253372
|
Medium
|
The default behavior is for Early Launch Antimalware - Boot-Start Driver Init...
|
|
V-220813
|
Medium
|
By being launched first by the kernel, ELAM ( Early Launch Antimalware) is en...
|
|
V-253275
|
High
|
IIS is not installed by default. Installation of Internet Information System ...
|
|
V-220718
|
High
|
Installation of Internet Information System (IIS) may allow unauthorized inte...
|
|
V-254456
|
Medium
|
Unattended systems are susceptible to unauthorized use and must be locked whe...
|
|
V-205633
|
Medium
|
Unattended systems are susceptible to unauthorized use and should be locked w...
|
|
V-253444
|
Medium
|
Unattended systems are susceptible to unauthorized use and must be locked whe...
|
|
V-220920
|
Medium
|
Unattended systems are susceptible to unauthorized use and should be locked w...
|
|
V-254347
|
Medium
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-205689
|
Medium
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-253376
|
Medium
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-220817
|
Medium
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-253382
|
High
|
Remote assistance allows another user to view or take control of the local se...
|
|
V-220823
|
High
|
Remote assistance allows another user to view or take control of the local se...
|
|
V-253395
|
Medium
|
Microsoft Defender SmartScreen helps protect systems from programs downloaded...
|
|
V-220836
|
Medium
|
Windows Defender SmartScreen helps protect systems from programs downloaded f...
|
|
V-254361
|
Medium
|
Microsoft Defender antivirus SmartScreen helps protect systems from programs ...
|
|
V-205692
|
Medium
|
Windows Defender SmartScreen helps protect systems from programs downloaded f...
|
|
V-254333
|
Medium
|
Slide shows that are displayed on the lock screen could display sensitive inf...
|
|
V-205686
|
Medium
|
Slide shows that are displayed on the lock screen could display sensitive inf...
|
|
V-254265
|
Medium
|
A firewall provides a line of defense against attack, allowing or blocking in...
|
|
V-253281
|
Medium
|
A firewall provides a line of defense against attack, allowing or blocking in...
|
|
V-220724
|
Medium
|
A firewall provides a line of defense against attack, allowing or blocking in...
|
|
V-214936
|
Medium
|
A firewall provides a line of defense against attack, allowing or blocking in...
|
|
V-254371
|
Medium
|
Basic authentication uses plain-text passwords that could be used to compromi...
|
|
V-205693
|
Medium
|
Basic authentication uses plain-text passwords that could be used to compromi...
|
|
V-253408
|
Medium
|
Basic authentication uses plain text passwords that could be used to compromi...
|
|
V-220854
|
Medium
|
Basic authentication uses plain text passwords that could be used to compromi...
|
|
V-223079
|
Medium
|
This policy setting allows you to manage whether Internet Explorer checks for...
|
|
V-223077
|
Medium
|
This policy setting determines whether Internet Explorer 11 uses 64-bit proce...
|
|
V-254348
|
Medium
|
Enabling interaction with the network selection UI allows users to change con...
|
|
V-205690
|
Medium
|
Enabling interaction with the network selection UI allows users to change con...
|
|
V-253378
|
Medium
|
Enabling interaction with the network selection UI allows users to change con...
|
|
V-220819
|
Medium
|
Enabling interaction with the network selection UI allows users to change con...
|
|
V-254370
|
Medium
|
Attachments from RSS feeds may not be secure. This setting will prevent attac...
|
|
V-205873
|
Medium
|
Attachments from RSS feeds may not be secure. This setting will prevent attac...
|
|
V-253407
|
Medium
|
Attachments from RSS feeds may not be secure. This setting will prevent attac...
|
|
V-220853
|
Medium
|
Attachments from RSS feeds may not be secure. This setting will prevent attac...
|
|
V-254457
|
Medium
|
Failure to display the logon banner prior to a logon attempt will negate lega...
|
|
V-253445
|
Medium
|
Failure to display the logon banner prior to a logon attempt will negate lega...
|
|
V-205631
|
Medium
|
Failure to display the logon banner prior to a logon attempt will negate lega...
|
|
V-220921
|
Medium
|
Failure to display the logon banner prior to a logon attempt will negate lega...
|
|
V-220844
|
Medium
|
The Windows Defender SmartScreen filter in Microsoft Edge provides warning me...
|
|
V-220841
|
Medium
|
The Windows Defender SmartScreen filter in Microsoft Edge provides warning me...
|
|
V-220840
|
Medium
|
The Windows Defender SmartScreen filter in Microsoft Edge provides warning me...
|
|
V-254466
|
High
|
Anonymous enumeration of SAM accounts allows anonymous logon users (null sess...
|
|
V-205914
|
High
|
Anonymous enumeration of SAM accounts allows anonymous logon users (null sess...
|
|
V-253453
|
High
|
Anonymous enumeration of SAM accounts allows anonymous log on users (null ses...
|
|
V-220929
|
High
|
Anonymous enumeration of SAM accounts allows anonymous log on users (null ses...
|
|
V-254467
|
High
|
Allowing anonymous logon users (null session connections) to list all account...
|
|
V-205724
|
High
|
Allowing anonymous logon users (null session connections) to list all account...
|
|
V-253454
|
High
|
Allowing anonymous logon users (null session connections) to list all account...
|
|
V-220930
|
High
|
Allowing anonymous logon users (null session connections) to list all account...
|
|
V-254339
|
Medium
|
Insecure guest logons allow unauthenticated access to shared folders. Shared ...
|
|
V-205861
|
Medium
|
Insecure guest logons allow unauthenticated access to shared folders. Shared ...
|
|
V-253360
|
Medium
|
Insecure guest logons allow unauthenticated access to shared folders. Shared ...
|
|
V-220802
|
Medium
|
Insecure guest logons allow unauthenticated access to shared folders. Shared ...
|
|
V-254473
|
Medium
|
Certain encryption types are no longer considered secure. The DES and RC4 enc...
|
|
V-205708
|
Medium
|
Certain encryption types are no longer considered secure. The DES and RC4 enc...
|
|
V-253460
|
Medium
|
Certain encryption types are no longer considered secure. This setting config...
|
|
V-220936
|
Medium
|
Certain encryption types are no longer considered secure. This setting config...
|
|
V-254460
|
Medium
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-205825
|
Medium
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-254475
|
High
|
The Kerberos v5 authentication protocol is the default for authentication of ...
|
|
V-205919
|
High
|
The Kerberos v5 authentication protocol is the default for authentication of ...
|
|
V-253462
|
High
|
The Kerberos v5 authentication protocol is the default for authentication of ...
|
|
V-220938
|
High
|
The Kerberos v5 authentication protocol is the default for authentication of ...
|
|
V-254461
|
Medium
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-205826
|
Medium
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-254463
|
Medium
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-205827
|
Medium
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-254464
|
Medium
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-205828
|
Medium
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-254468
|
Medium
|
Access by anonymous users must be restricted. If this setting is enabled, ano...
|
|
V-205915
|
Medium
|
Access by anonymous users must be restricted. If this setting is enabled, ano...
|
|
V-253455
|
Medium
|
Access by anonymous users must be restricted. If this setting is enabled, the...
|
|
V-220937
|
High
|
The LAN Manager hash uses a weak encryption algorithm and there are several t...
|
|
V-254277
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-205684
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-253288
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-220731
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-254276
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-205683
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-253287
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-220730
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-254471
|
Medium
|
NTLM sessions that are allowed to fall back to Null (unauthenticated) session...
|
|
V-205917
|
Medium
|
NTLM sessions that are allowed to fall back to Null (unauthenticated) session...
|
|
V-253458
|
Medium
|
NTLM sessions that are allowed to fall back to Null (unauthenticated) session...
|
|
V-220934
|
Medium
|
NTLM sessions that are allowed to fall back to Null (unauthenticated) session...
|
|
V-254469
|
High
|
Allowing anonymous access to named pipes or shares provides the potential for...
|
|
V-205725
|
High
|
Allowing anonymous access to named pipes or shares provides the potential for...
|
|
V-253456
|
High
|
Allowing anonymous access to named pipes or shares provides the potential for...
|
|
V-220932
|
High
|
Allowing anonymous access to named pipes or shares provides the potential for...
|
|
V-254433
|
Medium
|
The Windows SAM stores users' passwords. Restricting Remote Procedure Call (R...
|
|
V-205747
|
Medium
|
The Windows SAM stores users' passwords. Restricting Remote Procedure Call (R...
|
|
V-253457
|
Medium
|
The Windows SAM stores users' passwords. Restricting remote rpc connections t...
|
|
V-220933
|
Medium
|
The Windows SAM stores users' passwords. Restricting remote rpc connections t...
|
|
V-254470
|
Medium
|
Services using Local System that use Negotiate when reverting to NTLM authent...
|
|
V-205916
|
Medium
|
Services using Local System that use Negotiate when reverting to NTLM authent...
|
|
V-254477
|
Medium
|
Microsoft has implemented a variety of security support providers for use wit...
|
|
V-205921
|
Medium
|
Microsoft has implemented a variety of security support providers for use wit...
|
|
V-254478
|
Medium
|
Microsoft has implemented a variety of security support providers for use wit...
|
|
V-205922
|
Medium
|
Microsoft has implemented a variety of security support providers for use wit...
|
|
V-254462
|
Medium
|
Some non-Microsoft SMB servers only support unencrypted (plain-text) password...
|
|
V-205655
|
Medium
|
Some non-Microsoft SMB servers only support unencrypted (plain-text) password...
|
|
V-253450
|
Medium
|
Some non-Microsoft SMB servers only support unencrypted (plain text) password...
|
|
V-220926
|
Medium
|
Some non-Microsoft SMB servers only support unencrypted (plain text) password...
|
|
V-254275
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-205682
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-254335
|
Low
|
Configuring the system to disable IPv6 source routing protects against spoofing.
|
|
V-205858
|
Low
|
Configuring the system to disable IPv6 source routing protects against spoofing.
|
|
V-253353
|
Medium
|
Configuring the system to disable IPv6 source routing protects against spoofing.
|
|
V-220795
|
Medium
|
Configuring the system to disable IPv6 source routing protects against spoofing.
|
|
V-254272
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-205680
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-253277
|
Medium
|
"Simple TCP/IP Services" is not installed by default. Some protocols and serv...
|
|
V-220720
|
Medium
|
Some protocols and services do not support required security features, such a...
|
|
V-254336
|
Low
|
Configuring the system to disable IP source routing protects against spoofing.
|
|
V-205859
|
Low
|
Configuring the system to disable IP source routing protects against spoofing.
|
|
V-254288
|
Medium
|
A system is more vulnerable to unauthorized access when system users recycle ...
|
|
V-205660
|
Medium
|
A system is more vulnerable to unauthorized access when system users recycle ...
|
|
V-253300
|
Medium
|
A system is more vulnerable to unauthorized access when system users recycle ...
|
|
V-220742
|
Medium
|
A system is more vulnerable to unauthorized access when system users recycle ...
|
|
V-254258
|
Medium
|
Passwords that do not expire or are reused increase the exposure of a passwor...
|
|
V-205658
|
Medium
|
Passwords that do not expire or are reused increase the exposure of a passwor...
|
|
V-253273
|
Medium
|
Passwords that do not expire increase exposure with a greater probability of ...
|
|
V-220716
|
Medium
|
Passwords that do not expire increase exposure with a greater probability of ...
|
|
V-254474
|
High
|
The LAN Manager hash uses a weak encryption algorithm and there are several t...
|
|
V-205654
|
High
|
The LAN Manager hash uses a weak encryption algorithm and there are several t...
|
|
V-253461
|
High
|
The LAN Manager hash uses a weak encryption algorithm and there are several t...
|
|
V-254377
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-205639
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-253414
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-220860
|
Medium
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-254278
|
Medium
|
Windows PowerShell 5.x added advanced logging features that can provide addit...
|
|
V-205685
|
Medium
|
Windows PowerShell 5.x added advanced logging features that can provide addit...
|
|
V-253285
|
Medium
|
Windows PowerShell 5.0 added advanced logging features which can provide addi...
|
|
V-220728
|
Medium
|
Windows PowerShell 5.0 added advanced logging features which can provide addi...
|
|
V-205869
|
Medium
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-253393
|
Medium
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-220834
|
Medium
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-254367
|
Medium
|
This setting controls the ability of users to supply passwords automatically ...
|
|
V-205809
|
Medium
|
This setting controls the ability of users to supply passwords automatically ...
|
|
V-253404
|
Medium
|
This setting controls the ability of users to supply passwords automatically ...
|
|
V-220850
|
Medium
|
This setting controls the ability of users to supply passwords automatically ...
|
|
V-254369
|
Medium
|
Remote connections must be encrypted to prevent interception of data or sensi...
|
|
V-205637
|
Medium
|
Remote connections must be encrypted to prevent interception of data or sensi...
|
|
V-253406
|
Medium
|
Remote connections must be encrypted to prevent interception of data or sensi...
|
|
V-220852
|
Medium
|
Remote connections must be encrypted to prevent interception of data or sensi...
|
|
V-260470
|
High
|
To mitigate the risk of unauthorized access to sensitive information by ent...
|
|
V-260471
|
Medium
|
If auditing is enabled late in the startup process, the actions of some sta...
|
|
V-260472
|
Low
|
Restricting access to the kernel message buffer limits access only to root....
|
|
V-260473
|
Medium
|
Kernel core dumps may contain the full contents of system memory at the tim...
|
|
V-260474
|
Medium
|
Some adversaries launch attacks with the intent of executing code in nonexe...
|
|
V-260475
|
Medium
|
Some adversaries launch attacks with the intent of executing code in nonexe...
|
|
V-260476
|
Low
|
Changes to any software components can have significant effects on the over...
|
|
V-260477
|
Medium
|
Previous versions of software components that are not removed from the info...
|
|
V-260478
|
Medium
|
Use of a complex password helps to increase the time and resources required...
|
|
V-260479
|
Low
|
Inaccurate time stamps make it more difficult to correlate events and can l...
|
|
V-260480
|
Low
|
Inaccurate time stamps make it more difficult to correlate events and can l...
|
|
V-260481
|
Low
|
Inaccurate time stamps make it more difficult to correlate events and can l...
|
|
V-260482
|
High
|
It is detrimental for operating systems to provide, or install by default, ...
|
|
V-260483
|
High
|
It is detrimental for operating systems to provide, or install by default, ...
|
|
V-260484
|
Medium
|
Operating systems handling data requiring "data at rest" protections must e...
|
|
V-260485
|
Medium
|
Protecting audit information also includes identifying and protecting the t...
|
|
V-260486
|
Medium
|
If Ubuntu 22.04 LTS were to allow any user to make changes to software libr...
|
|
V-260487
|
Medium
|
If the operating system were to allow any user to make changes to software ...
|
|
V-260488
|
Medium
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260489
|
Medium
|
Any operating system providing too much information in error messages risks...
|
|
V-260490
|
Medium
|
Any operating system providing too much information in error messages risks...
|
|
V-260491
|
Medium
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260492
|
Medium
|
Protecting audit information also includes identifying and protecting the t...
|
|
V-260493
|
Medium
|
Protecting audit information also includes identifying and protecting the t...
|
|
V-260494
|
Medium
|
Protecting audit information also includes identifying and protecting the t...
|
|
V-260495
|
Medium
|
If Ubuntu 22.04 LTS were to allow any user to make changes to software libr...
|
|
V-260496
|
Medium
|
If Ubuntu 22.04 LTS were to allow any user to make changes to software libr...
|
|
V-260497
|
Medium
|
If the operating system were to allow any user to make changes to software ...
|
|
V-260498
|
Medium
|
If the operating system were to allow any user to make changes to software ...
|
|
V-260499
|
Medium
|
If the operating system were to allow any user to make changes to software ...
|
|
V-260500
|
Medium
|
If the operating system were to allow any user to make changes to software ...
|
|
V-260501
|
Medium
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260502
|
Medium
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260503
|
Medium
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260504
|
Medium
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260505
|
Medium
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260506
|
Medium
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260507
|
Medium
|
Protecting audit information also includes identifying and protecting the t...
|
|
V-260508
|
Medium
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260509
|
Medium
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260510
|
Medium
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260511
|
Medium
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260512
|
Medium
|
Any operating system providing too much information in error messages risks...
|
|
V-260513
|
Medium
|
Preventing unauthorized information transfers mitigates the risk of informa...
|
|
V-260514
|
Medium
|
Remote access services, such as those providing remote access to network de...
|
|
V-260515
|
Medium
|
Remote access services, such as those providing remote access to network de...
|
|
V-260516
|
Medium
|
Firewalls protect computers from network attacks by blocking or limiting ac...
|
|
V-260517
|
Medium
|
Denial of service (DoS) is a condition when a resource is not available for...
|
|
V-260518
|
Medium
|
To prevent unauthorized connection of devices, unauthorized transfer of inf...
|
|
V-260519
|
Low
|
Inaccurate time stamps make it more difficult to correlate events and can l...
|
|
V-260520
|
Low
|
Inaccurate time stamps make it more difficult to correlate events and can l...
|
|
V-260521
|
Low
|
If time stamps are not consistently applied and there is no common time ref...
|
|
V-260522
|
Medium
|
DoS is a condition when a resource is not available for legitimate users. W...
|
|
V-260523
|
High
|
Without protection of the transmitted information, confidentiality and inte...
|
|
V-260524
|
High
|
Without protection of the transmitted information, confidentiality and inte...
|
|
V-260533
|
Medium
|
Without cryptographic integrity protections provided by FIPS-validated cryp...
|
|
V-260534
|
Medium
|
Nonlocal maintenance and diagnostic activities are those activities conduct...
|
|
V-260537
|
Medium
|
A session lock is a temporary action taken when a user stops work and moves...
|
|
V-260538
|
Medium
|
A session lock is a temporary action taken when a user stops work and moves...
|
|
V-260539
|
High
|
A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, ...
|
|
V-260540
|
Medium
|
Without authenticating devices, unidentified or unknown devices may be intr...
|
|
V-260541
|
Medium
|
Without protection of communications with wireless peripherals, confidentia...
|
|
V-260542
|
Medium
|
To ensure individual accountability and prevent unauthorized access, organi...
|
|
V-260543
|
Medium
|
To ensure accountability and prevent unauthenticated access, organizational...
|
|
V-260545
|
Medium
|
Enforcing a minimum password lifetime helps to prevent repeated password ch...
|
|
V-260546
|
Medium
|
Any password, no matter how complex, can eventually be cracked. Therefore, ...
|
|
V-260547
|
Medium
|
Inactive identifiers pose a risk to systems and applications because attack...
|
|
V-260548
|
Medium
|
Temporary accounts are privileged or nonprivileged accounts established dur...
|
|
V-260549
|
Low
|
By limiting the number of failed logon attempts, the risk of unauthorized s...
|
|
V-260550
|
Low
|
Limiting the number of logon attempts over a certain time interval reduces ...
|
|
V-260552
|
Low
|
Ubuntu 22.04 LTS management includes the ability to control the number of u...
|
|
V-260553
|
Medium
|
A session lock is a temporary action taken when a user stops work and moves...
|
|
V-260554
|
Medium
|
Terminating an idle interactive command shell user session within a short t...
|
|
V-260535
|
Medium
|
Display of a standardized and approved use notification before granting acc...
|
|
V-260536
|
Medium
|
Display of a standardized and approved use notification before granting acc...
|
|
V-260555
|
Medium
|
Setting the most restrictive default permissions ensures newly created acco...
|
|
V-260556
|
Medium
|
Control of program execution is a mechanism used to prevent execution of un...
|
|
V-260557
|
Medium
|
Control of program execution is a mechanism used to prevent execution of un...
|
|
V-260558
|
Medium
|
Without reauthentication, users may access resources or perform tasks for w...
|
|
V-260559
|
High
|
An isolation boundary provides access control and protects the integrity of...
|
|
V-260560
|
Medium
|
Use of a complex password helps to increase the time and resources required...
|
|
V-260561
|
Medium
|
Use of a complex password helps to increase the time and resources required...
|
|
V-260562
|
Medium
|
Use of a complex password helps to increase the time and resources required...
|
|
V-260563
|
Medium
|
Use of a complex password helps to increase the time and resources required...
|
|
V-260564
|
Medium
|
If Ubuntu 22.04 LTS allows the user to select passwords based on dictionary...
|
|
V-260565
|
Medium
|
The shorter the password, the lower the number of possible combinations tha...
|
|
V-260566
|
Medium
|
If the operating system allows the user to consecutively reuse extensive po...
|
|
V-260567
|
Medium
|
Use of a complex password helps to increase the time and resources required...
|
|
V-260569
|
Medium
|
Password complexity, or strength, is a measure of the effectiveness of a pa...
|
|
V-260570
|
High
|
If an account has an empty password, anyone could log on and run commands w...
|
|
V-260571
|
High
|
If an account has an empty password, anyone could log on and run commands w...
|
|
V-260572
|
Medium
|
Passwords need to be protected at all times, and encryption is the standard...
|
|
V-260573
|
Medium
|
Using an authentication device, such as a CAC or token separate from the in...
|
|
V-260574
|
Medium
|
The use of PIV credentials facilitates standardization and reduces the risk...
|
|
V-260575
|
Medium
|
Without the use of multifactor authentication, the ease of access to privil...
|
|
V-260576
|
Medium
|
The use of PIV credentials facilitates standardization and reduces the risk...
|
|
V-260577
|
Medium
|
Without path validation, an informed trust decision by the relying party ca...
|
|
V-260578
|
Medium
|
Without configuring a local cache of revocation data, there is the potentia...
|
|
V-260579
|
High
|
Without mapping the certificate used to authenticate to the user account, t...
|
|
V-260580
|
Medium
|
Untrusted certificate authorities (CA) can issue certificates, but they may...
|
|
V-260581
|
Low
|
If cached authentication information is out-of-date, the validity of the au...
|
|
V-260582
|
Medium
|
Without verification of the security functions, security functions may not ...
|
|
V-260583
|
Medium
|
Without verification of the security functions, security functions may not ...
|
|
V-260584
|
Medium
|
Unauthorized changes to the baseline configuration could make the system vu...
|
|
V-260585
|
Medium
|
Without verification of the security functions, security functions may not ...
|
|
V-260586
|
Medium
|
Protecting the integrity of the tools used for auditing purposes is a criti...
|
|
V-260587
|
Low
|
Information stored in one location is vulnerable to accidental or incidenta...
|
|
V-260588
|
Medium
|
Failure to a known state can address safety or security in accordance with ...
|
|
V-260589
|
Medium
|
Remote access services, such as those providing remote access to network de...
|
|
V-260590
|
Medium
|
Without establishing the when, where, type, source, and outcome of events t...
|
|
V-260591
|
Medium
|
Without establishing the when, where, type, source, and outcome of events t...
|
|
V-260592
|
Low
|
Information stored in one location is vulnerable to accidental or incidenta...
|
|
V-260593
|
Low
|
It is critical for the appropriate personnel to be aware if a system is at ...
|
|
V-260594
|
Medium
|
It is critical that when the operating system is at risk of failing to proc...
|
|
V-260595
|
Low
|
To ensure operating systems have a sufficient storage capacity in which to ...
|
|
V-260596
|
Low
|
If security personnel are not notified immediately when storage volume reac...
|
|
V-260597
|
Medium
|
Unauthorized disclosure of audit records can reveal system and configuratio...
|
|
V-260598
|
Medium
|
Unauthorized disclosure of audit records can reveal system and configuratio...
|
|
V-260599
|
Medium
|
Unauthorized disclosure of audit records can reveal system and configuratio...
|
|
V-260600
|
Medium
|
If audit information were to become compromised, then forensic analysis and...
|
|
V-260601
|
Medium
|
Without the capability to restrict which roles and individuals can select w...
|
|
V-260602
|
Medium
|
Without the capability to restrict which roles and individuals can select w...
|
|
V-260603
|
Medium
|
Without the capability to restrict which roles and individuals can select w...
|
|
V-260604
|
Medium
|
Without generating audit records specific to the security and mission needs...
|
|
V-260605
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260606
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260607
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260608
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260609
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260610
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260611
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260612
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260613
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260614
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260615
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260616
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260617
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260618
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260619
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260620
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260621
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260622
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260623
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260624
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260625
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260626
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260627
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260628
|
Medium
|
Once an attacker establishes access to a system, the attacker often attempt...
|
|
V-260629
|
Medium
|
Once an attacker establishes access to a system, the attacker often attempt...
|
|
V-260630
|
Medium
|
Once an attacker establishes access to a system, the attacker often attempt...
|
|
V-260631
|
Medium
|
Once an attacker establishes access to a system, the attacker often attempt...
|
|
V-260632
|
Medium
|
Once an attacker establishes access to a system, the attacker often attempt...
|
|
V-260633
|
Medium
|
Without generating audit records specific to the security and mission needs...
|
|
V-260634
|
Medium
|
Without generating audit records specific to the security and mission needs...
|
|
V-260635
|
Medium
|
Without generating audit records specific to the security and mission needs...
|
|
V-260636
|
Medium
|
Without generating audit records specific to the security and mission needs...
|
|
V-260637
|
Medium
|
Without generating audit records that are specific to the security and miss...
|
|
V-260638
|
Medium
|
Without generating audit records specific to the security and mission needs...
|
|
V-260639
|
Medium
|
Without generating audit records specific to the security and mission needs...
|
|
V-260640
|
Medium
|
Once an attacker establishes access to a system, the attacker often attempt...
|
|
V-260641
|
Medium
|
Without generating audit records specific to the security and mission needs...
|
|
V-260642
|
Medium
|
Without generating audit records specific to the security and mission needs...
|
|
V-260643
|
Medium
|
Without generating audit records specific to the security and mission needs...
|
|
V-260644
|
Medium
|
Without generating audit records specific to the security and mission needs...
|
|
V-260645
|
Medium
|
Without generating audit records specific to the security and mission needs...
|
|
V-260646
|
Medium
|
Without generating audit records specific to the security and mission needs...
|
|
V-260647
|
Medium
|
Without generating audit records specific to the security and mission needs...
|
|
V-260648
|
Medium
|
In certain situations, software applications/programs need to execute with ...
|
|
V-260649
|
Medium
|
If events associated with nonlocal administrative access or diagnostic sess...
|
|
V-260650
|
High
|
Use of weak or untested encryption algorithms undermines the purposes of ut...
|
|
V-224819
|
High
|
Using a privileged account to perform routine functions makes the computer ...
|
|
V-254365
|
Medium
|
Saving passwords in the Remote Desktop Client could allow an unauthorized use...
|
|
V-205808
|
Medium
|
Saving passwords in the Remote Desktop Client could allow an unauthorized use...
|
|
V-253402
|
Medium
|
Saving passwords in the Remote Desktop Client could allow an unauthorized use...
|
|
V-220848
|
Medium
|
Saving passwords in the Remote Desktop Client could allow an unauthorized use...
|
|
V-254366
|
Medium
|
Preventing users from sharing the local drives on their client computers with...
|
|
V-205722
|
Medium
|
Preventing users from sharing the local drives on their client computers with...
|
|
V-224820
|
Medium
|
The longer a password is in use, the greater the opportunity for someone to...
|
|
V-224821
|
High
|
Using applications that access the Internet or have potential Internet sour...
|
|
V-224822
|
Medium
|
Backup Operators are able to read and write to any file in the system, rega...
|
|
V-224823
|
Medium
|
Application/service account passwords must be of sufficient length to preve...
|
|
V-224824
|
Medium
|
Setting application account passwords to expire may cause applications to s...
|
|
V-224825
|
Medium
|
Shared accounts (accounts where two or more people log on with the same use...
|
|
V-224826
|
Medium
|
Using an allowlist provides a configuration management method to allow the ...
|
|
V-224827
|
Medium
|
Credential Guard uses virtualization-based security to protect data that co...
|
|
V-224828
|
High
|
Systems at unsupported servicing levels will not receive security updates f...
|
|
V-224829
|
High
|
Malicious software can establish a base on individual desktops and servers....
|
|
V-224830
|
Medium
|
A properly configured Host-based Intrusion Detection System (HIDS) or Host-...
|
|
V-224831
|
High
|
The ability to set access permissions and auditing is critical to maintaini...
|
|
V-224832
|
Medium
|
Changing the system's file and directory permissions allows the possibility...
|
|
V-224833
|
Medium
|
Changing the system's file and directory permissions allows the possibility...
|
|
V-224834
|
Medium
|
Changing the system's file and directory permissions allows the possibility...
|
|
V-224835
|
Medium
|
The registry is integral to the function, security, and stability of the Wi...
|
|
V-224836
|
Low
|
Windows shares are a means by which files, folders, printers, and other res...
|
|
V-224837
|
Medium
|
Outdated or unused accounts provide penetration points that may go undetect...
|
|
V-224838
|
Medium
|
The lack of password protection enables anyone to gain access to the inform...
|
|
V-224839
|
Medium
|
Passwords that do not expire or are reused increase the exposure of a passw...
|
|
V-224840
|
Medium
|
Monitoring system files for changes against a baseline on a regular basis m...
|
|
V-224841
|
Medium
|
Shares on a system provide network access. To prevent exposing sensitive in...
|
|
V-254368
|
Medium
|
Allowing unsecure RPC communication exposes the system to man-in-the-middle a...
|
|
V-205636
|
Medium
|
Allowing unsecure RPC communication exposes the system to man-in-the-middle a...
|
|
V-254431
|
Medium
|
Unauthenticated RPC clients may allow anonymous access to sensitive informati...
|
|
V-205814
|
Medium
|
Unauthenticated RPC clients may allow anonymous access to sensitive informati...
|
|
V-253383
|
Medium
|
Configuring RPC to restrict unauthenticated RPC clients from connecting to th...
|
|
V-220824
|
Medium
|
Configuring RPC to restrict unauthenticated RPC clients from connecting to th...
|
|
V-254379
|
Medium
|
Unencrypted remote access to a system can allow sensitive information to be c...
|
|
V-205816
|
Medium
|
Unencrypted remote access to a system can allow sensitive information to be c...
|
|
V-253417
|
Medium
|
Unencrypted remote access to a system can allow sensitive information to be c...
|
|
V-220863
|
Medium
|
Unencrypted remote access to a system can allow sensitive information to be c...
|
|
V-224842
|
Medium
|
Use of software certificates and their accompanying installation files for ...
|
|
V-224843
|
High
|
This requirement addresses protection of user-generated data as well as ope...
|
|
V-224844
|
Medium
|
Information can be either unintentionally or maliciously disclosed or modif...
|
|
V-224845
|
Medium
|
Unnecessary roles and features increase the attack surface of a system. Lim...
|
|
V-224846
|
Medium
|
A firewall provides a line of defense against attack, allowing or blocking ...
|
|
V-224847
|
Medium
|
Without the use of automated mechanisms to scan for security flaws on a con...
|
|
V-224848
|
Medium
|
If temporary user accounts remain active when no longer needed or for an ex...
|
|
V-224849
|
Medium
|
Emergency administrator accounts are privileged accounts established in res...
|
|
V-224850
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-224851
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-224852
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-224853
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-224854
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-224855
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-224856
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 ...
|
|
V-224857
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 ...
|
|
V-224858
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 ...
|
|
V-224859
|
Medium
|
Windows PowerShell 5.0 added advanced logging features that can provide add...
|
|
V-224860
|
Medium
|
The FTP service allows remote users to access shared files and directories....
|
|
V-224861
|
Medium
|
The FTP service allows remote users to access shared files and directories ...
|
|
V-224862
|
Low
|
The Windows Time Service controls time synchronization settings. Time synch...
|
|
V-224863
|
Medium
|
Accounts or groups given rights on a system may show up as unresolved SIDs ...
|
|
V-224864
|
Low
|
Secure Boot is a standard that ensures systems boot only to a trusted opera...
|
|
V-224865
|
Low
|
UEFI provides additional security features in comparison to legacy BIOS fir...
|
|
V-224866
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password at...
|
|
V-254378
|
High
|
Basic authentication uses plain-text passwords that could be used to compro...
|
|
V-205711
|
High
|
Basic authentication uses plain-text passwords that could be used to compro...
|
|
V-253416
|
High
|
Basic authentication uses plain text passwords that could be used to compromi...
|
|
V-220862
|
High
|
Basic authentication uses plain text passwords that could be used to compromi...
|
|
V-254380
|
Medium
|
Digest authentication is not as strong as other options and may be subject to...
|
|
V-205712
|
Medium
|
Digest authentication is not as strong as other options and may be subject to...
|
|
V-253421
|
Medium
|
Digest authentication is not as strong as other options and may be subject to...
|
|
V-220868
|
Medium
|
Digest authentication is not as strong as other options and may be subject to...
|
|
V-254381
|
High
|
Basic authentication uses plain-text passwords that could be used to compromi...
|
|
V-205713
|
High
|
Basic authentication uses plain-text passwords that could be used to compromi...
|
|
V-253418
|
High
|
Basic authentication uses plain text passwords that could be used to compromi...
|
|
V-220865
|
High
|
Basic authentication uses plain text passwords that could be used to compromi...
|
|
V-253426
|
Medium
|
Kernel DMA Protection to protect PCs against drive-by Direct Memory Access (D...
|
|
V-220902
|
Medium
|
Kernel DMA Protection to protect PCs against drive-by Direct Memory Access (D...
|
|
V-224867
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password at...
|
|
V-224868
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password at...
|
|
V-224869
|
Medium
|
A system is more vulnerable to unauthorized access when system users recycl...
|
|
V-224870
|
Medium
|
The longer a password is in use, the greater the opportunity for someone to...
|
|
V-224871
|
Medium
|
Permitting passwords to be changed in immediate succession within the same ...
|
|
V-224872
|
Medium
|
Information systems not protected with strong password schemes (including p...
|
|
V-224873
|
Medium
|
The use of complex passwords increases their strength against attack. The b...
|
|
V-224874
|
High
|
Storing passwords using reversible encryption is essentially the same as st...
|
|
V-224875
|
Medium
|
Protection of log data includes assuring the log data is not accidentally l...
|
|
V-224876
|
Medium
|
Protection of log data includes ensuring the log data is not accidentally l...
|
|
V-224877
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224878
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224879
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254263
|
Medium
|
Information can be either unintentionally or maliciously disclosed or modifie...
|
|
V-205829
|
Medium
|
Information can be either unintentionally or maliciously disclosed or modifie...
|
|
V-254343
|
Medium
|
Virtualization Based Security (VBS) provides the platform for the additional ...
|
|
V-205864
|
Medium
|
Virtualization-based security (VBS) provides the platform for the additional ...
|
|
V-253369
|
Medium
|
Virtualization-based Security (VBS) provides the platform for the additional ...
|
|
V-220811
|
Medium
|
Virtualization Based Security (VBS) provides the platform for the additional ...
|
|
V-254374
|
High
|
Standard user accounts must not be granted elevated privileges. Enabling Wind...
|
|
V-205802
|
High
|
Standard user accounts must not be granted elevated privileges. Enabling Wind...
|
|
V-253411
|
High
|
Standard user accounts must not be granted elevated privileges. Enabling Wind...
|
|
V-220857
|
High
|
Standard user accounts must not be granted elevated privileges. Enabling Wind...
|
|
V-224880
|
Medium
|
Protecting audit information also includes identifying and protecting the t...
|
|
V-224881
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224882
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224883
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224884
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224885
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224886
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224887
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224888
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224890
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224891
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224892
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224893
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224894
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224895
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224896
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224897
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224898
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224899
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224900
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224901
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224902
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224903
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224904
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224905
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224906
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224907
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224908
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224909
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224910
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224911
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224912
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224913
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224914
|
Medium
|
Slide shows that are displayed on the lock screen could display sensitive i...
|
|
V-224915
|
Medium
|
When the WDigest Authentication protocol is enabled, plain-text passwords a...
|
|
V-224916
|
Low
|
Configuring the system to disable IPv6 source routing protects against spoo...
|
|
V-224917
|
Low
|
Configuring the system to disable IP source routing protects against spoofing.
|
|
V-224918
|
Low
|
Allowing ICMP redirect of routes can lead to traffic not being routed prope...
|
|
V-224919
|
Low
|
Configuring the system to ignore name release requests, except from WINS se...
|
|
V-224920
|
Medium
|
Insecure guest logons allow unauthenticated access to shared folders. Share...
|
|
V-224921
|
Medium
|
Additional security requirements are applied to Universal Naming Convention...
|
|
V-224922
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224923
|
Medium
|
Virtualization-based security (VBS) provides the platform for the additiona...
|
|
V-224924
|
Medium
|
Compromised boot drivers can introduce malware prior to protection mechanis...
|
|
V-224925
|
Medium
|
Registry entries for group policy settings can potentially be changed from ...
|
|
V-224926
|
Medium
|
Some features may communicate with the vendor, sending system information o...
|
|
V-224927
|
Medium
|
Some features may communicate with the vendor, sending system information o...
|
|
V-224928
|
Medium
|
Enabling interaction with the network selection UI allows users to change c...
|
|
V-224929
|
Medium
|
A system that does not require authentication when resuming from sleep may ...
|
|
V-224930
|
Medium
|
A system that does not require authentication when resuming from sleep may ...
|
|
V-224931
|
Low
|
Some features may communicate with the vendor, sending system information o...
|
|
V-224932
|
High
|
Allowing AutoPlay to execute may introduce malicious code to a system. Auto...
|
|
V-224933
|
High
|
Allowing AutoRun commands to execute may introduce malicious code to a syst...
|
|
V-224934
|
High
|
Allowing AutoPlay to execute may introduce malicious code to a system. Auto...
|
|
V-224935
|
Medium
|
Enumeration of administrator accounts when elevating can provide part of th...
|
|
V-224936
|
Medium
|
Some features may communicate with the vendor, sending system information o...
|
|
V-224937
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent...
|
|
V-224938
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent...
|
|
V-224939
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent...
|
|
V-224940
|
Medium
|
Windows SmartScreen helps protect systems from programs downloaded from the...
|
|
V-224941
|
Medium
|
Data Execution Prevention provides additional protection by performing chec...
|
|
V-224942
|
Low
|
Legacy plug-in applications may continue to function when a File Explorer s...
|
|
V-224943
|
Medium
|
The shell protocol will limit the set of folders that applications can open...
|
|
V-224944
|
Medium
|
Saving passwords in the Remote Desktop Client could allow an unauthorized u...
|
|
V-224945
|
Medium
|
Preventing users from sharing the local drives on their client computers wi...
|
|
V-224946
|
Medium
|
This setting controls the ability of users to supply passwords automaticall...
|
|
V-224947
|
Medium
|
Allowing unsecure RPC communication exposes the system to man-in-the-middle...
|
|
V-224948
|
Medium
|
Remote connections must be encrypted to prevent interception of data or sen...
|
|
V-224949
|
Medium
|
Attachments from RSS feeds may not be secure. This setting will prevent att...
|
|
V-236000
|
Medium
|
A known vulnerability in Windows could allow the execution of malicious cod...
|
|
V-224951
|
Medium
|
Basic authentication uses plain-text passwords that could be used to compro...
|
|
V-224952
|
Medium
|
Indexing of encrypted files may expose sensitive data. This setting prevent...
|
|
V-224953
|
Medium
|
Installation options for applications are typically controlled by administr...
|
|
V-224954
|
High
|
Standard user accounts must not be granted elevated privileges. Enabling Wi...
|
|
V-224955
|
Medium
|
Web-based programs may attempt to install malicious software on a system. E...
|
|
V-224956
|
Medium
|
Windows can be configured to automatically sign the user back in after a Wi...
|
|
V-224957
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224958
|
High
|
Basic authentication uses plain-text passwords that could be used to compro...
|
|
V-224959
|
Medium
|
Unencrypted remote access to a system can allow sensitive information to be...
|
|
V-224960
|
Medium
|
Digest authentication is not as strong as other options and may be subject ...
|
|
V-224961
|
High
|
Basic authentication uses plain-text passwords that could be used to compro...
|
|
V-224962
|
Medium
|
Unencrypted remote access to a system can allow sensitive information to be...
|
|
V-224963
|
Medium
|
Storage of administrative credentials could allow unauthorized access. Disa...
|
|
V-257502
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224964
|
High
|
An account that does not have Administrator duties must not have Administra...
|
|
V-224965
|
Medium
|
This policy setting determines whether the Kerberos Key Distribution Center...
|
|
V-224966
|
Medium
|
This setting determines the maximum amount of time (in minutes) that a gran...
|
|
V-224967
|
Medium
|
In Kerberos, there are two types of tickets: Ticket Granting Tickets (TGTs)...
|
|
V-224968
|
Medium
|
This setting determines the period of time (in days) during which a user's ...
|
|
V-224969
|
Medium
|
This setting determines the maximum time difference (in minutes) that Kerbe...
|
|
V-224970
|
High
|
Improper access permissions for directory data-related files could allow un...
|
|
V-224971
|
High
|
Improper access permissions for directory data files could allow unauthoriz...
|
|
V-224972
|
High
|
When directory service database objects do not have appropriate access cont...
|
|
V-224973
|
High
|
When Active Directory objects do not have appropriate access control permis...
|
|
V-224974
|
High
|
When directory service database objects do not have appropriate access cont...
|
|
V-224975
|
Medium
|
When directory service data files, especially for directories used for iden...
|
|
V-224976
|
Medium
|
Executing application servers on the same host machine with a directory ser...
|
|
V-224977
|
Medium
|
Directory data that is not appropriately encrypted is subject to compromise...
|
|
V-224978
|
High
|
To the extent that anonymous access to directory data (outside the root DSE...
|
|
V-224979
|
Low
|
The failure to terminate inactive network connections increases the risk of...
|
|
V-224980
|
Medium
|
When inappropriate audit settings are configured for directory service data...
|
|
V-224981
|
Medium
|
When inappropriate audit settings are configured for directory service data...
|
|
V-224982
|
Medium
|
When inappropriate audit settings are configured for directory service data...
|
|
V-224983
|
Medium
|
When inappropriate audit settings are configured for directory service data...
|
|
V-224984
|
Medium
|
When inappropriate audit settings are configured for directory service data...
|
|
V-224985
|
Medium
|
When inappropriate audit settings are configured for directory service data...
|
|
V-224986
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224987
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224988
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224989
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224991
|
Medium
|
Domain controllers are part of the chain of trust for PKI authentications. ...
|
|
V-224992
|
High
|
A PKI implementation depends on the practices established by the Certificat...
|
|
V-224993
|
High
|
A PKI implementation depends on the practices established by the Certificat...
|
|
V-224994
|
Medium
|
Smart cards such as the CAC support a two-factor authentication technique. ...
|
|
V-254373
|
Medium
|
Installation options for applications are typically controlled by administrat...
|
|
V-205801
|
Medium
|
Installation options for applications are typically controlled by administrat...
|
|
V-253410
|
Medium
|
Installation options for applications are typically controlled by administrat...
|
|
V-220856
|
Medium
|
Installation options for applications are typically controlled by administrat...
|
|
V-254375
|
Medium
|
Web-based programs may attempt to install malicious software on a system. Ens...
|
|
V-205874
|
Medium
|
Web-based programs may attempt to install malicious software on a system. Ens...
|
|
V-253412
|
Medium
|
Web-based programs may attempt to install malicious software on a system. Ens...
|
|
V-220858
|
Medium
|
Web-based programs may attempt to install malicious software on a system. Ens...
|
|
V-253283
|
High
|
Attackers are constantly looking for vulnerabilities in systems and applicati...
|
|
V-220726
|
High
|
Attackers are constantly looking for vulnerabilities in systems and applicati...
|
|
V-254362
|
Medium
|
Data Execution Prevention provides additional protection by performing checks...
|
|
V-205830
|
Medium
|
Data Execution Prevention provides additional protection by performing checks...
|
|
V-253396
|
Medium
|
Data Execution Prevention (DEP) provides additional protection by performing ...
|
|
V-220837
|
Medium
|
Data Execution Prevention (DEP) provides additional protection by performing ...
|
|
V-254442
|
Medium
|
To ensure secure DoD websites and DoD-signed code are properly validated, the...
|
|
V-205648
|
Medium
|
To ensure secure DoD websites and DoD-signed code are properly validated, the...
|
|
V-253427
|
Medium
|
To ensure secure DoD websites and DoD-signed code are properly validated, the...
|
|
V-220903
|
Medium
|
To ensure secure DoD websites and DoD-signed code are properly validated, the...
|
|
V-254269
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-205678
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-254270
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-205697
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-254271
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-205679
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-254273
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-205698
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-253278
|
Medium
|
The "Telnet Client" is not installed by default. Some protocols and services ...
|
|
V-220721
|
Medium
|
Some protocols and services do not support required security features, such a...
|
|
V-254274
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-205681
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-253279
|
Medium
|
The "TFTP Client" is not installed by default. Some protocols and services do...
|
|
V-220722
|
Medium
|
Some protocols and services do not support required security features, such a...
|
|
V-254284
|
Medium
|
Secure Boot is a standard that ensures systems boot only to a trusted operati...
|
|
V-205857
|
Low
|
Secure Boot is a standard that ensures systems boot only to a trusted operati...
|
|
V-253257
|
Medium
|
Secure Boot is a standard that ensures systems boot only to a trusted operati...
|
|
V-220700
|
Low
|
Secure Boot is a standard that ensures systems boot only to a trusted operati...
|
|
V-254357
|
Low
|
Windows Update can obtain updates from additional sources instead of Microsof...
|
|
V-205870
|
Low
|
Windows Update can obtain updates from additional sources instead of Microsof...
|
|
V-253394
|
Low
|
Windows 11 allows Windows Update to obtain updates from additional sources in...
|
|
V-220835
|
Low
|
Windows 10 allows Windows Update to obtain updates from additional sources in...
|
|
V-224995
|
Medium
|
Unsigned network traffic is susceptible to man-in-the-middle attacks, where...
|
|
V-224996
|
Medium
|
Enabling this setting on all domain controllers in a domain prevents domain...
|
|
V-224997
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-224998
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-224999
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225000
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225001
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225002
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225003
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-271430
|
High
|
Weak mappings give rise to security vulnerabilities and demand hardening me...
|
|
V-225004
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225005
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225006
|
Medium
|
The krbtgt account acts as a service account for the Kerberos Key Distribut...
|
|
V-225007
|
High
|
An account that does not have Administrator duties must not have Administra...
|
|
V-225008
|
Medium
|
A compromised local administrator account can provide means for an attacker...
|
|
V-225009
|
Medium
|
The username is one part of logon credentials that could be used to gain ac...
|
|
V-225010
|
Medium
|
Unauthenticated RPC clients may allow anonymous access to sensitive informa...
|
|
V-225011
|
Medium
|
The default Windows configuration caches the last logon credentials for use...
|
|
V-225012
|
High
|
Credential Guard uses virtualization-based security to protect data that co...
|
|
V-225013
|
Medium
|
The Windows Security Account Manager (SAM) stores users' passwords. Restric...
|
|
V-225014
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225015
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225016
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225017
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225018
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225019
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225020
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225021
|
Medium
|
To ensure secure DoD websites and DoD-signed code are properly validated, t...
|
|
V-225022
|
Medium
|
To ensure users do not experience denial of service when performing certifi...
|
|
V-225023
|
Medium
|
To ensure users do not experience denial of service when performing certifi...
|
|
V-225024
|
Medium
|
A system faces an increased vulnerability threat if the built-in guest acco...
|
|
V-225025
|
High
|
An account without a password can allow unauthorized access to a system as ...
|
|
V-225026
|
Medium
|
The built-in administrator account is a well-known account subject to attac...
|
|
V-225027
|
Medium
|
The built-in guest account is a well-known user account on all Windows syst...
|
|
V-225028
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-225029
|
Medium
|
Requests sent on the secure channel are authenticated, and sensitive inform...
|
|
V-225030
|
Medium
|
Requests sent on the secure channel are authenticated, and sensitive inform...
|
|
V-225031
|
Medium
|
Requests sent on the secure channel are authenticated, and sensitive inform...
|
|
V-225032
|
Medium
|
Computer account passwords are changed automatically on a regular basis. Di...
|
|
V-225033
|
Medium
|
Computer account passwords are changed automatically on a regular basis. Th...
|
|
V-225034
|
Medium
|
A computer connecting to a domain controller will establish a secure channe...
|
|
V-225035
|
Medium
|
Unattended systems are susceptible to unauthorized use and should be locked...
|
|
V-225036
|
Medium
|
Failure to display the logon banner prior to a logon attempt will negate le...
|
|
V-225037
|
Low
|
Failure to display the logon banner prior to a logon attempt will negate le...
|
|
V-225038
|
Medium
|
Unattended systems are susceptible to unauthorized use and must be locked. ...
|
|
V-225039
|
Medium
|
The server message block (SMB) protocol provides the basis for many network...
|
|
V-225040
|
Medium
|
The server message block (SMB) protocol provides the basis for many network...
|
|
V-225041
|
Medium
|
Some non-Microsoft SMB servers only support unencrypted (plain-text) passwo...
|
|
V-225042
|
Medium
|
The server message block (SMB) protocol provides the basis for many network...
|
|
V-225043
|
Medium
|
The server message block (SMB) protocol provides the basis for many network...
|
|
V-225044
|
High
|
Allowing anonymous SID/Name translation can provide sensitive information f...
|
|
V-225045
|
High
|
Anonymous enumeration of SAM accounts allows anonymous logon users (null se...
|
|
V-225046
|
High
|
Allowing anonymous logon users (null session connections) to list all accou...
|
|
V-225047
|
Medium
|
Access by anonymous users must be restricted. If this setting is enabled, a...
|
|
V-225048
|
High
|
Allowing anonymous access to named pipes or shares provides the potential f...
|
|
V-225093
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254383
|
Medium
|
Storage of administrative credentials could allow unauthorized access. Disall...
|
|
V-205810
|
Medium
|
Storage of administrative credentials could allow unauthorized access. Disall...
|
|
V-253420
|
Medium
|
Storage of administrative credentials could allow unauthorized access. Disall...
|
|
V-220867
|
Medium
|
Storage of administrative credentials could allow unauthorized access. Disall...
|
|
V-254382
|
Medium
|
Unencrypted remote access to a system can allow sensitive information to be c...
|
|
V-205817
|
Medium
|
Unencrypted remote access to a system can allow sensitive information to be c...
|
|
V-253419
|
Medium
|
Unencrypted remote access to a system can allow sensitive information to be c...
|
|
V-254238
|
Medium
|
Using a privileged account to perform routine functions makes the computer vu...
|
|
V-205844
|
High
|
Using a privileged account to perform routine functions makes the computer vu...
|
|
V-254239
|
Medium
|
The longer a password is in use, the greater the opportunity for someone to g...
|
|
V-205657
|
Medium
|
The longer a password is in use, the greater the opportunity for someone to g...
|
|
V-253476
|
Medium
|
The longer a password is in use, the greater the opportunity for someone to g...
|
|
V-220952
|
Medium
|
The longer a password is in use, the greater the opportunity for someone to g...
|
|
V-254240
|
High
|
Using applications that access the internet or have potential internet source...
|
|
V-205845
|
High
|
Using applications that access the Internet or have potential Internet source...
|
|
V-253294
|
High
|
Using applications that access the internet or have potential internet source...
|
|
V-220737
|
High
|
Using applications that access the Internet or have potential Internet source...
|
|
V-254241
|
Medium
|
Backup Operators are able to read and write to any file in the system, regard...
|
|
V-205846
|
Medium
|
Backup Operators are able to read and write to any file in the system, regard...
|
|
V-253270
|
Medium
|
Backup Operators are able to read and write to any file in the system, regard...
|
|
V-220713
|
Medium
|
Backup Operators are able to read and write to any file in the system, regard...
|
|
V-254242
|
Medium
|
Application/service account passwords must be of sufficient length to prevent...
|
|
V-205661
|
Medium
|
Application/service account passwords must be of sufficient length to prevent...
|
|
V-254243
|
Medium
|
Setting application account passwords to expire may cause applications to sto...
|
|
V-205847
|
Medium
|
Setting application account passwords to expire may cause applications to sto...
|
|
V-254244
|
Medium
|
Shared accounts (accounts where two or more people log on with the same user ...
|
|
V-205699
|
Medium
|
Shared accounts (accounts where two or more people log on with the same user ...
|
|
V-254245
|
Medium
|
Using an allowlist provides a configuration management method to allow the ex...
|
|
V-205807
|
Medium
|
Using an allowlist provides a configuration management method to allow the ex...
|
|
V-253262
|
Medium
|
Utilizing an allowlist provides a configuration management method for allowin...
|
|
V-220705
|
Medium
|
Utilizing an allowlist provides a configuration management method for allowin...
|
|
V-254246
|
Medium
|
Credential Guard uses virtualization-based security to protect data that coul...
|
|
V-205848
|
Medium
|
Credential Guard uses virtualization-based security to protect data that coul...
|
|
V-253255
|
Medium
|
Credential Guard uses virtualization-based security to protect information th...
|
|
V-220698
|
Medium
|
Credential Guard uses virtualization-based security to protect information th...
|
|
V-263646
|
Medium
|
Synchronization of internal system clocks with an authoritative source provid...
|
|
V-205215
|
High
|
Applications handling data requiring "data-at-rest" protections mus...
|
|
V-205214
|
High
|
Applications handling data requiring "data at rest" protections mus...
|
|
V-205216
|
High
|
Without protection of the transmitted information, confidentiality and integr...
|
|
V-263645
|
Medium
|
Time synchronization of system clocks is essential for the correct execution ...
|
|
V-263644
|
Medium
|
A Trusted Platform Module (TPM) is an example of a hardware-protected data st...
|
|
V-263643
|
Medium
|
Public key infrastructure (PKI) certificates are certificates with visibility...
|
|
V-263642
|
Medium
|
Nonlocal maintenance and diagnostic activities are conducted by individuals w...
|
|
V-263641
|
Medium
|
Public key cryptography is a valid authentication mechanism for individuals, ...
|
|
V-263640
|
Medium
|
Password-based authentication applies to passwords regardless of whether they...
|
|
V-263639
|
Medium
|
Password-based authentication applies to passwords regardless of whether they...
|
|
V-263638
|
Medium
|
Password-based authentication applies to passwords regardless of whether they...
|
|
V-263637
|
Medium
|
Password-based authentication applies to passwords regardless of whether they...
|
|
V-263636
|
Medium
|
Password-based authentication applies to passwords regardless of whether they...
|
|
V-263635
|
Medium
|
Password-based authentication applies to passwords regardless of whether they...
|
|
V-263634
|
Medium
|
Password-based authentication applies to passwords regardless of whether they...
|
|
V-263633
|
Medium
|
Password-based authentication applies to passwords regardless of whether they...
|
|
V-263632
|
Medium
|
Password-based authentication applies to passwords regardless of whether they...
|
|
V-263631
|
Medium
|
The purpose of requiring a device that is separate from the system to which t...
|
|
V-263630
|
Medium
|
The purpose of requiring a device that is separate from the system to which t...
|
|
V-263629
|
Medium
|
Individual authentication prior to shared group authentication mitigates the ...
|
|
V-263628
|
Medium
|
Software and firmware components prevented from installation unless signed wi...
|
|
V-263627
|
Medium
|
Organizations log system accesses associated with applying configuration chan...
|
|
V-263626
|
Medium
|
Audit information includes all information needed to successfully audit syste...
|
|
V-263625
|
Medium
|
Automated mechanisms for centralized reviews and analyses include Security In...
|
|
V-263624
|
Medium
|
Disabling expired, inactive, or otherwise anomalous accounts supports the con...
|
|
V-263623
|
Medium
|
Disabling expired, inactive, or otherwise anomalous accounts supports the con...
|
|
V-220317
|
Medium
|
In addition to network-based dispersion, authoritative name servers should be...
|
|
V-220316
|
Medium
|
To enable zone transfer (requests and responses) through authenticated messag...
|
|
V-205253
|
Medium
|
Configuration settings are the set of parameters that can be changed that aff...
|
|
V-205252
|
Medium
|
The use of CNAME records for exercises, tests, or zone-spanning aliases shoul...
|
|
V-205251
|
Medium
|
If a name server were able to claim authority for a resource record in a doma...
|
|
V-205250
|
Medium
|
The private keys in the KSK and ZSK key pairs must be protected from unauthor...
|
|
V-205249
|
Medium
|
The private keys in the KSK and ZSK key pairs must be protected from unauthor...
|
|
V-205248
|
Medium
|
OS configuration practices as issued by the US Computer Emergency Response Te...
|
|
V-205247
|
Medium
|
OS configuration practices as issued by the US Computer Emergency Response Te...
|
|
V-205246
|
Medium
|
A hidden master authoritative server is an authoritative DNS server whose IP ...
|
|
V-205245
|
Medium
|
Failure to provide logical access restrictions associated with changes to app...
|
|
V-205244
|
Medium
|
Each newer version of the name server software, especially the BIND software,...
|
|
V-205243
|
Medium
|
All caching name servers must be authoritative for the root zone because, wit...
|
|
V-205242
|
Medium
|
DNS servers with an internal role only process name/address resolution reques...
|
|
V-205241
|
Medium
|
Discretionary Access Control (DAC) is based on the premise that individual us...
|
|
V-205240
|
Medium
|
Any DNS implementation must be designed to be able to conform to the Internet...
|
|
V-205239
|
Medium
|
Authoritative name servers (especially primary name servers) should be config...
|
|
V-205238
|
Medium
|
Instead of having the same set of authoritative name servers serve different ...
|
|
V-205237
|
Medium
|
Instead of having the same set of authoritative name servers serve different ...
|
|
V-205236
|
Medium
|
Authoritative name servers for an enterprise may be configured to receive req...
|
|
V-205235
|
Medium
|
The choice of digital signature algorithm will be based on recommended algori...
|
|
V-205234
|
Medium
|
The specification for a digital signature mechanism in the context of the DNS...
|
|
V-205233
|
Medium
|
The only protection approach for content control of DNS zone file is the use ...
|
|
V-205232
|
Medium
|
Most enterprises have an authoritative primary server and a host of authorita...
|
|
V-205231
|
Medium
|
To enable zone transfer (requests and responses) through authenticated messag...
|
|
V-205230
|
Medium
|
Poorly constructed NS records pose a security risk because they create condit...
|
|
V-205229
|
Medium
|
To ensure that RRs associated with a query are really missing in a zone file ...
|
|
V-205228
|
Medium
|
The best way for a zone administrator to minimize the impact of a key comprom...
|
|
V-205227
|
Medium
|
NSEC3 RRs contain other options than just the (hashed) next name and RRType b...
|
|
V-205226
|
Medium
|
Use of weak or untested encryption algorithms undermines the purposes of util...
|
|
V-205225
|
Medium
|
Auditing and logging are key components of any security architecture. It is e...
|
|
V-205224
|
Medium
|
Auditing and logging are key components of any security architecture. It is e...
|
|
V-205223
|
Medium
|
Security function is defined as the hardware, software, and/or firmware of th...
|
|
V-205222
|
Medium
|
Security function is defined as the hardware, software, and/or firmware of th...
|
|
V-205221
|
Medium
|
Failing to an unsecure condition negatively impacts application security and ...
|
|
V-205220
|
Medium
|
A common vulnerability of applications is unpredictable behavior when invalid...
|
|
V-205219
|
Medium
|
Information can be either unintentionally or maliciously disclosed or modifie...
|
|
V-205218
|
Medium
|
Information can be either unintentionally or maliciously disclosed or modifie...
|
|
V-205217
|
Medium
|
Encrypting information for transmission protects information from unauthorize...
|
|
V-205213
|
Medium
|
Untrusted Certificate Authorities (CA) can issue certificates, but they may b...
|
|
V-205212
|
Medium
|
If data origin authentication and data integrity verification are not perform...
|
|
V-205211
|
Medium
|
If data origin authentication and data integrity verification are not perform...
|
|
V-205210
|
Medium
|
If data origin authentication and data integrity verification are not perform...
|
|
V-205209
|
Medium
|
If data origin authentication and data integrity verification are not perform...
|
|
V-205208
|
Medium
|
The major threat associated with DNS forged responses or failures is the inte...
|
|
V-205207
|
Medium
|
The major threat associated with DNS forged responses or failures is the inte...
|
|
V-205206
|
Medium
|
The major threat associated with DNS forged responses or failures is the inte...
|
|
V-205205
|
Medium
|
Without configuring a local cache of revocation data, there is the potential ...
|
|
V-205204
|
Medium
|
Without authenticating devices, unidentified or unknown devices may be introd...
|
|
V-205203
|
Medium
|
Without authenticating devices, unidentified or unknown devices may be introd...
|
|
V-205201
|
Medium
|
A potential vulnerability of DNS is that an attacker can poison a name server...
|
|
V-205199
|
Medium
|
Failing to act on the validation errors may result in the use of invalid, cor...
|
|
V-205198
|
Medium
|
Validation of the binding of the information prevents the modification of inf...
|
|
V-205197
|
Medium
|
Without a means for identifying the individual that produced the information,...
|
|
V-205196
|
Medium
|
Weakly bound credentials can be modified without invalidating the credential;...
|
|
V-205193
|
Medium
|
Security function is defined as the hardware, software, and/or firmware of th...
|
|
V-205192
|
Medium
|
Predictable failure prevention requires organizational planning to address sy...
|
|
V-205191
|
Medium
|
Invalid user input occurs when a user inserts data or characters into an appl...
|
|
V-205190
|
Medium
|
A DoS is a condition when a resource is not available for legitimate users. W...
|
|
V-205189
|
Medium
|
A DoS is a condition where a resource is not available for legitimate users. ...
|
|
V-205188
|
Medium
|
Preventing unauthorized information transfers mitigates the risk of informati...
|
|
V-205187
|
Medium
|
Information at rest refers to the state of information when it is located on ...
|
|
V-205186
|
Medium
|
Failure to a known state can address safety or security in accordance with th...
|
|
V-205185
|
Medium
|
Failure to a known safe state helps prevent systems from failing to a state t...
|
|
V-205184
|
Medium
|
The underlying feature in the major threat associated with DNS query/response...
|
|
V-205183
|
Medium
|
DNS is a fundamental network service that is prone to various attacks, such a...
|
|
V-205182
|
Medium
|
DNS is a fundamental network service that is prone to various attacks, such a...
|
|
V-205180
|
Medium
|
If name server replies are invalid or cannot be validated, many networking fu...
|
|
V-205179
|
Medium
|
A mechanism to detect and prevent unauthorized communication flow must be con...
|
|
V-205178
|
Medium
|
The best way for a zone administrator to minimize the impact of a key comprom...
|
|
V-205177
|
Medium
|
If name server replies are invalid or cannot be validated, many networking fu...
|
|
V-205176
|
Medium
|
The underlying feature in the major threat associated with DNS query/response...
|
|
V-205175
|
Medium
|
If maintenance tools are used by unauthorized personnel, they may accidentall...
|
|
V-205174
|
Medium
|
Security-relevant information is any information within information systems t...
|
|
V-205173
|
Medium
|
The private keys in the KSK and ZSK key pairs must be protected from unauthor...
|
|
V-205172
|
Medium
|
To enable zone transfer (requests and responses) through authenticated messag...
|
|
V-205171
|
Medium
|
To enable zone transfer (requests and responses) through authenticated messag...
|
|
V-205170
|
Medium
|
The cornerstone of the PKI is the private key used to encrypt or digitally si...
|
|
V-205169
|
Medium
|
Without identifying devices, unidentified or unknown devices may be introduce...
|
|
V-205168
|
Medium
|
In order to prevent unauthorized connection of devices, unauthorized transfer...
|
|
V-205167
|
Medium
|
Protection of log data includes assuring log data is not accidentally lost or...
|
|
V-205166
|
Medium
|
Without information that establishes the identity of the subjects (i.e., user...
|
|
V-205165
|
Medium
|
Without information about the outcome of events, security personnel cannot ma...
|
|
V-205164
|
Medium
|
Without establishing the source of the event, it is impossible to establish, ...
|
|
V-205163
|
Medium
|
Without establishing where events occurred, it is impossible to establish, co...
|
|
V-205162
|
Medium
|
Without establishing when events occurred, it is impossible to establish, cor...
|
|
V-205161
|
Medium
|
Auditing and logging are key components of any security architecture. It is e...
|
|
V-205160
|
Medium
|
Without the capability to generate audit records, it would be difficult to es...
|
|
V-205159
|
Medium
|
Without the capability to generate audit records, it would be difficult to es...
|
|
V-205158
|
Medium
|
Limiting the number of concurrent sessions reduces the risk of Denial of Serv...
|
|
V-205157
|
Medium
|
Limiting the number of concurrent sessions reduces the risk of Denial of Serv...
|
|
V-253256
|
Medium
|
UEFI provides additional security features in comparison to legacy BIOS fir...
|
|
V-254283
|
Medium
|
UEFI provides additional security features in comparison to legacy BIOS fir...
|
|
V-205856
|
Low
|
UEFI provides additional security features in comparison to legacy BIOS fir...
|
|
V-220699
|
Medium
|
UEFI provides additional security features in comparison to legacy BIOS fir...
|
|
V-254325
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205777
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254326
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205778
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254303
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205625
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253308
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220750
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254304
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205626
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253310
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220752
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254305
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205627
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253309
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220751
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254306
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205839
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254310
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205834
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253314
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220756
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254311
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205838
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253315
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220757
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254312
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205634
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253317
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220759
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254313
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205635
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253316
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220758
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254314
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205835
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253318
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220760
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254315
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205836
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253321
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220763
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254316
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205837
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253322
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220764
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254318
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205841
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253323
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220765
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254319
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205771
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253325
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220767
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254320
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205772
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254321
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205773
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253326
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220768
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254322
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205774
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253327
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220769
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254323
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205775
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253329
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220771
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254324
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205776
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253328
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220770
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254327
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205779
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253331
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220773
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254328
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205780
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253332
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220774
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254329
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205781
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253333
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220775
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254330
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205782
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253334
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220776
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254331
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205783
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253336
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220778
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254332
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205784
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253335
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220777
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254302
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205769
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254300
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205832
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253307
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220749
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254301
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205833
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253306
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220748
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254407
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205628
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254408
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205791
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254410
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205793
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254307
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205770
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253312
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220754
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254309
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205730
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253313
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-220755
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254356
|
Medium
|
Some features may communicate with the vendor, sending system information o...
|
|
V-257503
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-253415
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-252896
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254384
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-218786
|
Medium
|
Internet Information Services (IIS) on Windows Server 2012 provides basic l...
|
|
V-218788
|
Medium
|
Web server logging capability is critical for accurate forensic analysis. W...
|
|
V-218789
|
Medium
|
Web server logging capability is critical for accurate forensic analysis. W...
|
|
V-218790
|
Medium
|
A major tool in exploring the website use, attempted use, unusual condition...
|
|
V-218791
|
Medium
|
Protection of log data includes ensuring log data is not accidentally lost ...
|
|
V-218792
|
Medium
|
User management and authentication can be an essential part of any applicat...
|
|
V-218793
|
Medium
|
A web server can provide many features, services, and processes. Some of th...
|
|
V-218794
|
Medium
|
A web server should be primarily a web server or a proxy server but not bot...
|
|
V-218795
|
High
|
Web server documentation, sample code, example applications, and tutorials ...
|
|
V-218796
|
Medium
|
Accounts used for web server features such as documentation, sample code, e...
|
|
V-218797
|
Medium
|
Just as running unneeded services and protocols is a danger to the web serv...
|
|
V-218798
|
Medium
|
Controlling what a user of a hosted application can access is part of the s...
|
|
V-218799
|
Medium
|
A web server can be installed with functionality that by its nature is not ...
|
|
V-218801
|
Medium
|
Mobile code in hosted applications allows the developer to add functionalit...
|
|
V-218802
|
High
|
As a rule, accounts on a web server are to be kept to a minimum. Only admin...
|
|
V-218803
|
Medium
|
The separation of user functionality from web server management can be acco...
|
|
V-218804
|
Medium
|
Cookies are used to exchange data between the web server and the client. Co...
|
|
V-218805
|
Medium
|
ASP.NET provides a session state, which is available as the HttpSessionStat...
|
|
V-218806
|
Medium
|
Making certain that the web server has not been updated by an unauthorized ...
|
|
V-218807
|
Medium
|
The Machine Key element of the ASP.NET web.config specifies the algorithm a...
|
|
V-218808
|
Medium
|
Directory browsing allows the contents of a directory to be displayed upon ...
|
|
V-218809
|
Medium
|
The indexing service can be used to facilitate a search function for websit...
|
|
V-218810
|
Medium
|
HTTP error pages contain information that could enable an attacker to gain ...
|
|
V-218812
|
Medium
|
Remote access to the web server is any access that communicates through an ...
|
|
V-218813
|
Medium
|
During an attack on the web server or any of the hosted applications, the s...
|
|
V-218814
|
Medium
|
This check verifies the key web server system configuration files are owned...
|
|
V-218815
|
Medium
|
To ensure the logging mechanism used by the web server has sufficient stora...
|
|
V-218816
|
Medium
|
A web server can be modified through parameter modification, patch installa...
|
|
V-218817
|
Medium
|
Web servers provide numerous processes, features, and functionalities that ...
|
|
V-218818
|
Medium
|
The use of IPP on an IIS web server allows client access to shared printers...
|
|
V-218819
|
Medium
|
A Denial of Service (DoS) can occur when the web server is overwhelmed and ...
|
|
V-218820
|
Medium
|
The HTTP protocol is a stateless protocol. To maintain a session, a session...
|
|
V-218821
|
High
|
TLS encryption is a required security setting for a private web server. Enc...
|
|
V-218822
|
Medium
|
TLS is a required transmission protocol for a web server hosting controlled...
|
|
V-218823
|
High
|
During installation of the web server software, accounts are created for th...
|
|
V-218824
|
Medium
|
By allowing unspecified file extensions to execute, the web servers attack ...
|
|
V-218825
|
Medium
|
Authorization rules can be configured at the server, website, folder (inclu...
|
|
V-228572
|
Medium
|
Anonymous SMTP relays are strictly prohibited. An anonymous SMTP relay can ...
|
|
V-218826
|
Medium
|
Resource exhaustion can occur when an unlimited number of concurrent reques...
|
|
V-218827
|
Low
|
HTTP Strict Transport Security (HSTS) ensures browsers always connect to a ...
|
|
V-241789
|
Low
|
HTTP Response Headers contain information that could enable an attacker to ...
|
|
V-268325
|
Medium
|
Security scans show Request Smuggling vulnerability on IIS server.The vulne...
|
|
V-268420
|
Medium
|
Apple Watches are not an approved authenticator and their use must be disab...
|
|
V-268421
|
Medium
|
Users must authenticate when unlocking the screen saver.The screen saver ac...
|
|
V-268434
|
Medium
|
If FileVault is enabled, automatic login must be disabled so that both File...
|
|
V-268435
|
Medium
|
If SSHD is enabled, it must be configured with the Client Alive Interval se...
|
|
V-268436
|
Medium
|
If SSHD is enabled, it must be configured with the Client Alive Maximum Cou...
|
|
V-268437
|
Medium
|
If SSHD is enabled, it must be configured to wait only 30 seconds before ti...
|
|
V-268438
|
High
|
If SSHD is enabled, it must be configured to limit the Ciphers, HostbasedAc...
|
|
V-268440
|
Medium
|
The macOS system must be configured to enforce a lockout time of at least 1...
|
|
V-268441
|
Medium
|
The screen saver timeout must be set to 900 seconds or a shorter length of ...
|
|
V-268442
|
Medium
|
The ability to log in to another user's active or locked session must be di...
|
|
V-268443
|
Medium
|
To assure individual accountability and prevent unauthorized access, loggin...
|
|
V-268444
|
Medium
|
SSH must be configured with an Active Server Alive Maximum Count set to 900...
|
|
V-268445
|
Medium
|
If SSHD is enabled, it must be configured with session ChannelTimeout set t...
|
|
V-268446
|
Medium
|
If SSHD is enabled, it must be configured with unused connection timeout se...
|
|
V-268447
|
Medium
|
SSH must be configured with an Active Server Alive Maximum Count set to 0. ...
|
|
V-268448
|
Medium
|
Auto logout must be configured to automatically terminate a user session an...
|
|
V-268449
|
Medium
|
An approved time server must be the only server configured for use. As of m...
|
|
V-268439
|
High
|
SSH must be configured to limit the Ciphers, HostbasedAcceptedAlgorithms, H...
|
|
V-268450
|
Medium
|
The macOS time synchronization daemon (timed) must be enabled for proper ti...
|
|
V-268451
|
Medium
|
Sudo must be configured to log privilege escalation.Without logging privile...
|
|
V-268452
|
Medium
|
The auditing system must be configured to flag administrative action (ad) e...
|
|
V-268453
|
Medium
|
The audit system must be configured to record all attempts to log in and ou...
|
|
V-268454
|
Medium
|
The information system must be configured to generate audit records.Audit r...
|
|
V-268455
|
Medium
|
The audit service must be configured to shut down the computer if it is una...
|
|
V-268456
|
Medium
|
Audit log files must be owned by root.The audit service must be configured ...
|
|
V-268457
|
Medium
|
Audit log folders must be owned by root.The audit service must be configure...
|
|
V-268458
|
Medium
|
Audit log files must have the group set to wheel.The audit service must be ...
|
|
V-268459
|
Medium
|
Audit log files must have the group set to wheel.The audit service must be ...
|
|
V-268460
|
Medium
|
The audit service must be configured to create log files that are readable ...
|
|
V-268461
|
Medium
|
The audit log folder must be configured to mode 700 or less permissive so t...
|
|
V-268462
|
Medium
|
The audit system must be configured to record enforcement actions of attemp...
|
|
V-268463
|
Medium
|
The audit system must be configured to record enforcement actions of attemp...
|
|
V-268464
|
Medium
|
The audit system must be configured to record enforcement actions of access...
|
|
V-268465
|
Medium
|
The audit system must be configured to record enforcement actions of access...
|
|
V-269094
|
Medium
|
The audit system must be configured to record enforcement actions of access...
|
|
V-268467
|
Low
|
The audit service must be configured to require that records be kept for an...
|
|
V-268468
|
Medium
|
The audit service must be configured to notify the system administrator whe...
|
|
V-268469
|
Medium
|
The audit service must be configured to immediately print messages to the c...
|
|
V-268470
|
Medium
|
The auditing system must be configured to flag authorization and authentica...
|
|
V-268471
|
Medium
|
The macOS system must be configured to block access to users who are no lon...
|
|
V-268472
|
Medium
|
If SSH is enabled to ensure individual accountability and prevent unauthori...
|
|
V-268473
|
Medium
|
/etc/security/audit_control must have the group set to wheel.The audit serv...
|
|
V-268474
|
Medium
|
/etc/security/audit_control must have the owner set to root.The audit servi...
|
|
V-268475
|
Medium
|
/etc/security/audit_control must be configured so that it is readable only ...
|
|
V-269095
|
Medium
|
/etc/security/audit_control must not contain ACLs./etc/security/audit_contr...
|
|
V-268477
|
High
|
If remote login through SSH is enabled, password-based authentication must ...
|
|
V-268478
|
Medium
|
Support for SMB file sharing is nonessential and must be disabled.The infor...
|
|
V-268479
|
Medium
|
Support for NFS services is nonessential and, therefore, must be disabled. ...
|
|
V-268480
|
Medium
|
Location Services must be disabled.The information system must be configure...
|
|
V-268481
|
Medium
|
Bonjour multicast advertising must be disabled to prevent the system from b...
|
|
V-268482
|
Medium
|
The system must not have the UUCP service active.UUCP, a set of programs th...
|
|
V-268483
|
Medium
|
If the system does not require Internet Sharing, support for it is nonessen...
|
|
V-268484
|
Medium
|
The built-in web server is a nonessential service built into macOS and must...
|
|
V-268485
|
Medium
|
AirDrop must be disabled to prevent file transfers to or from unauthorized ...
|
|
V-268486
|
Medium
|
The macOS built-in FaceTime.app must be disabled.The FaceTime.app establish...
|
|
V-268487
|
Medium
|
The macOS built-in Calendar.app connection to Apple's iCloud service must b...
|
|
V-268488
|
Medium
|
The macOS built-in Reminders.app connection to Apple's iCloud service must ...
|
|
V-268489
|
Medium
|
The macOS built-in Contacts.app connection to Apple's iCloud service must b...
|
|
V-268490
|
Medium
|
The macOS built-in Mail.app connection to Apple's iCloud service must be di...
|
|
V-268491
|
Medium
|
The macOS built-in Notes.app connection to Apple's iCloud service must be d...
|
|
V-268492
|
Medium
|
It is detrimental for operating systems to provide, or install by default, ...
|
|
V-268493
|
Medium
|
Support for Siri is nonessential and must be disabled.The information syste...
|
|
V-268494
|
Medium
|
The ability to submit diagnostic data to Apple must be disabled.The informa...
|
|
V-268495
|
Medium
|
If the system does not require Remote Apple Events, support for Apple Remot...
|
|
V-269096
|
Medium
|
The ability for Apple to store and review audio recordings and transcripts ...
|
|
V-269566
|
Medium
|
Sending data to Apple to help improve search must be disabled.The informati...
|
|
V-268496
|
Medium
|
The prompt for Apple ID setup during Setup Assistant must be disabled.macOS...
|
|
V-268497
|
Medium
|
The prompt for Privacy Setup services during Setup Assistant must be disabl...
|
|
V-268498
|
Medium
|
The prompt to set up iCloud storage services during Setup Assistant must be...
|
|
V-268499
|
High
|
If the system does not require TFTP support, it is nonessential and must be...
|
|
V-268500
|
Medium
|
The prompt for Siri during Setup Assistant must be disabled.Organizations m...
|
|
V-268501
|
Medium
|
The macOS system's ability to automatically synchronize a user's passwords ...
|
|
V-268502
|
Medium
|
The macOS built-in iCloud document synchronization service must be disabled...
|
|
V-268503
|
Medium
|
The macOS built-in Safari.app bookmark synchronization via the iCloud servi...
|
|
V-268504
|
Medium
|
The macOS built-in Photos.app connection to Apple's iCloud service must be ...
|
|
V-268505
|
Medium
|
Support for both Screen Sharing and Apple Remote Desktop is nonessential an...
|
|
V-268506
|
Medium
|
The System Settings pane for Wallet and Apple Pay must be disabled.Disablin...
|
|
V-268507
|
Medium
|
The System Settings pane for Siri must be hidden.Hiding the System Settings...
|
|
V-268508
|
High
|
The information system implements cryptographic mechanisms to authenticate ...
|
|
V-268509
|
High
|
The macOS system must be configured to disable Bluetooth unless an approved...
|
|
V-268510
|
Medium
|
Guest access must be disabled.Turning off guest access prevents anonymous u...
|
|
V-268511
|
High
|
Gatekeeper must be enabled.Gatekeeper is a security feature that ensures th...
|
|
V-268512
|
High
|
Automatic login must be disabled.When automatic logins are enabled, the def...
|
|
V-268513
|
Medium
|
The system must be configured to prevent access to other users' home folder...
|
|
V-268514
|
High
|
The system must be configured to require an administrator password to modif...
|
|
V-268515
|
Medium
|
Airplay Receiver allows users to send content from one Apple device to be d...
|
|
V-268516
|
Medium
|
TouchID enables the ability to unlock a Mac system with a user's fingerprin...
|
|
V-268517
|
Medium
|
Media Sharing must be disabled.When Media Sharing is enabled, the computer ...
|
|
V-268518
|
Medium
|
Bluetooth Sharing must be disabled.Bluetooth Sharing allows users to wirele...
|
|
V-268519
|
Medium
|
The system must disable Account Modification. Account Modification includes...
|
|
V-268521
|
Medium
|
Content Caching must be disabled.Content Caching is a macOS service that he...
|
|
V-268522
|
Medium
|
The macOS system's ability to automatically synchronize a user's Desktop an...
|
|
V-268523
|
Medium
|
This works only with supervised devices (mobile device management [MDM]) an...
|
|
V-268524
|
Medium
|
Enterprise networks may be required to audit all network traffic by policy;...
|
|
V-268525
|
Medium
|
The Find My service must be disabled.A Mobile Device Management (MDM) solut...
|
|
V-268526
|
Medium
|
Ad tracking and targeted ads must be disabled.The information system must b...
|
|
V-268527
|
Medium
|
The ability for Apple to store and review audio of Siri and Dictation inter...
|
|
V-268528
|
Medium
|
Dictation must be restricted to On Device Only to prevent potential data ex...
|
|
V-268529
|
Medium
|
Dictation must be disabled on Intel-based Macs as the feature On Device Dic...
|
|
V-268530
|
Medium
|
Printer Sharing must be disabled.
|
|
V-268531
|
Medium
|
Remote Management must be disabled.
|
|
V-268532
|
Medium
|
The Bluetooth System Setting pane must be disabled to prevent access to the...
|
|
V-268533
|
Medium
|
The macOS built-in Freeform.app connection to Apple's iCloud service must b...
|
|
V-272477
|
Medium
|
iPhone Mirroring must be disabled to prevent file transfers to or from unau...
|
|
V-268534
|
Medium
|
The organization must issue or obtain public key certificates from an organ...
|
|
V-268535
|
Medium
|
The macOS must be configured to require at least one numeric character be u...
|
|
V-268536
|
Medium
|
The macOS must be configured to enforce a maximum password lifetime limit o...
|
|
V-268537
|
Medium
|
The macOS must be configured to require that a minimum of 14 characters be ...
|
|
V-268538
|
Medium
|
The macOS must be configured to require that at least one special character...
|
|
V-268539
|
Medium
|
Password hints must be disabled.Password hints leak information about passw...
|
|
V-268540
|
Medium
|
A firmware password must be enabled and set.Single user mode, recovery mode...
|
|
V-268541
|
Medium
|
User accounts must not contain password hints.Password hints leak informati...
|
|
V-268542
|
Medium
|
Smart card authentication must be enforced.The use of smart card credential...
|
|
V-268543
|
Medium
|
Smart card authentication must be allowed.The use of smart card credentials...
|
|
V-268544
|
Medium
|
The system must be configured to enforce multifactor authentication.All use...
|
|
V-268545
|
Medium
|
The system must be configured such that, when the su command is used, multi...
|
|
V-268546
|
Medium
|
The system must be configured to enforce multifactor authentication when th...
|
|
V-268547
|
Medium
|
The macOS must be configured to require that at least one lowercase charact...
|
|
V-268548
|
Medium
|
The macOS must be configured to enforce a minimum password lifetime limit o...
|
|
V-268549
|
Medium
|
The macOS must be configured to disable accounts after 35 days of inactivit...
|
|
V-268550
|
Medium
|
The Apple System Logs must be owned by root.ASLs contain sensitive data abo...
|
|
V-268551
|
Medium
|
The Apple System Logs must be configured to be writable by root and readabl...
|
|
V-274881
|
Medium
|
The file /etc/sudoers must include a timestamp_timout of 0.Without reauthen...
|
|
V-268552
|
Medium
|
The system log files must be owned by root.System logs contain sensitive da...
|
|
V-268553
|
Medium
|
The system logs must be configured to be writable by root and readable only...
|
|
V-268554
|
Low
|
The install.log must be configured to require that records be kept for an o...
|
|
V-274880
|
Medium
|
The file /etc/sudoers must be configured to not include a timestamp_type of...
|
|
V-268555
|
High
|
System Integrity Protection is vital to protecting the integrity of the sys...
|
|
V-268556
|
High
|
The information system implements cryptographic mechanisms to protect the c...
|
|
V-268557
|
Medium
|
The macOS Application Firewall is the built-in firewall that comes with mac...
|
|
V-268558
|
Medium
|
The login window must be configured to prompt all users for both a username...
|
|
V-268559
|
Medium
|
The prompt for TouchID during Setup Assistant must be disabled.macOS prompt...
|
|
V-268560
|
Medium
|
The prompt for Screen Time setup during Setup Assistant must be disabled. E...
|
|
V-268561
|
Medium
|
The prompt for Apple Watch unlock setup during Setup Assistant must be disa...
|
|
V-268562
|
Medium
|
Handoff must be disabled.Handoff allows users to continue working on a docu...
|
|
V-268563
|
Medium
|
Proximity-based password sharing requests must be disabled.The default beha...
|
|
V-268564
|
Medium
|
Erase Content and Settings must be disabled.Without disabling the Erase Con...
|
|
V-268565
|
Medium
|
Authenticated Root must be enabled.When Authenticated Root is enabled, the ...
|
|
V-268566
|
Medium
|
Users must not be allowed to install software into /users/.Allowing regular...
|
|
V-268567
|
Medium
|
USB devices connected to a Mac must be authorized.[IMPORTANT]====This featu...
|
|
V-268568
|
Medium
|
The Secure Boot security setting must be set to "full".Full security is the...
|
|
V-268569
|
Medium
|
Users must enroll their Mac in MDM software.User Approved MDM (UAMDM) enrol...
|
|
V-268570
|
Medium
|
A Recovery Lock password must be enabled and set.Single user mode, recovery...
|
|
V-268571
|
Medium
|
Software Update must be configured to update XProtect Remediator and Gateke...
|
|
V-268572
|
Medium
|
Apple Intelligence features that use off-device Artificial Intelligence (AI...
|
|
V-268573
|
Medium
|
Apple Intelligence features that use off-device artificial intelligence mus...
|
|
V-268574
|
Medium
|
Apple Intelligence features that use off device Artificial Intelligence mus...
|
|
V-268575
|
Medium
|
Security flaws with operating systems are discovered daily. Vendors are con...
|
|
V-254455
|
Medium
|
A computer connecting to a domain controller will establish a secure channe...
|
|
V-205824
|
Medium
|
A computer connecting to a domain controller will establish a secure channe...
|
|
V-253443
|
Medium
|
A computer connecting to a domain controller will establish a secure channe...
|
|
V-220919
|
Medium
|
A computer connecting to a domain controller will establish a secure channe...
|
|
V-254409
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-205792
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254459
|
Medium
|
Unattended systems are susceptible to unauthorized use and must be locked. ...
|
|
V-253448
|
Medium
|
Unattended systems are susceptible to unauthorized use and must be locked. ...
|
|
V-220924
|
Medium
|
Unattended systems are susceptible to unauthorized use and must be locked. ...
|
|
V-254472
|
Medium
|
PKU2U is a peer-to-peer authentication protocol. This setting prevents onli...
|
|
V-205918
|
Medium
|
PKU2U is a peer-to-peer authentication protocol. This setting prevents onli...
|
|
V-253459
|
Medium
|
PKU2U is a peer-to-peer authentication protocol. This setting prevents onli...
|
|
V-220935
|
Medium
|
PKU2U is a peer-to-peer authentication protocol. This setting prevents onli...
|
|
V-225051
|
Medium
|
PKU2U is a peer-to-peer authentication protocol. This setting prevents onli...
|
|
V-254480
|
Medium
|
This setting ensures the system uses algorithms that are FIPS-compliant for...
|
|
V-205842
|
Medium
|
This setting ensures the system uses algorithms that are FIPS-compliant for...
|
|
V-253466
|
Medium
|
This setting ensures that the system uses algorithms that are FIPS-complian...
|
|
V-220942
|
Medium
|
This setting ensures that the system uses algorithms that are FIPS-complian...
|
|
V-225059
|
Medium
|
This setting ensures the system uses algorithms that are FIPS-compliant for...
|
|
V-254490
|
Medium
|
Attachments from outside sources may contain malicious code. Preserving zon...
|
|
V-205924
|
Medium
|
Attachments from outside sources may contain malicious code. Preserving zon...
|
|
V-253478
|
Medium
|
Preserving zone of origin (internet, intranet, local, restricted) informati...
|
|
V-220955
|
Medium
|
Preserving zone of origin (internet, intranet, local, restricted) informati...
|
|
V-225069
|
Medium
|
Attachments from outside sources may contain malicious code. Preserving zon...
|
|
V-271426
|
Medium
|
Active Directory domain services elevation of privilege vulnerability could...
|
|
V-271428
|
Medium
|
Active Directory domain services elevation of privilege vulnerability could...
|
|
V-254417
|
Medium
|
Enabling this setting on all domain controllers in a domain prevents domain...
|
|
V-225073
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254337
|
Low
|
Allowing ICMP redirect of routes can lead to traffic not being routed prope...
|
|
V-205860
|
Low
|
Allowing ICMP redirect of routes can lead to traffic not being routed prope...
|
|
V-220797
|
Low
|
Allowing ICMP redirect of routes can lead to traffic not being routed prope...
|
|
V-254338
|
Low
|
Configuring the system to ignore name release requests, except from WINS se...
|
|
V-205819
|
Low
|
Configuring the system to ignore name release requests, except from WINS se...
|
|
V-253356
|
Low
|
Configuring the system to ignore name release requests, except from WINS se...
|
|
V-220798
|
Low
|
Configuring the system to ignore name release requests, except from WINS se...
|
|
V-254481
|
Low
|
Windows systems maintain a global list of shared system resources such as D...
|
|
V-205923
|
Low
|
Windows systems maintain a global list of shared system resources such as D...
|
|
V-253467
|
Low
|
Windows systems maintain a global list of shared system resources such as D...
|
|
V-220943
|
Low
|
Windows systems maintain a global list of shared system resources such as D...
|
|
V-225060
|
Low
|
Windows systems maintain a global list of shared system resources such as D...
|
|
V-254458
|
Low
|
Failure to display the logon banner prior to a logon attempt will negate le...
|
|
V-205632
|
Low
|
Failure to display the logon banner prior to a logon attempt will negate le...
|
|
V-253446
|
Low
|
Failure to display the logon banner prior to a logon attempt will negate le...
|
|
V-220922
|
Low
|
Failure to display the logon banner prior to a logon attempt will negate le...
|
|
V-254363
|
Low
|
Legacy plug-in applications may continue to function when a File Explorer s...
|
|
V-205871
|
Low
|
Legacy plug-in applications may continue to function when a File Explorer s...
|
|
V-253397
|
Low
|
Legacy plug-in applications may continue to function when a File Explorer s...
|
|
V-220838
|
Low
|
Legacy plug-in applications may continue to function when a File Explorer s...
|
|
V-254465
|
High
|
Allowing anonymous SID/Name translation can provide sensitive information f...
|
|
V-205913
|
High
|
Allowing anonymous SID/Name translation can provide sensitive information f...
|
|
V-253452
|
High
|
Allowing anonymous SID/Name translation can provide sensitive information f...
|
|
V-220928
|
High
|
Allowing anonymous SID/Name translation can provide sensitive information f...
|
|
V-254492
|
High
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205750
|
High
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253481
|
High
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220958
|
High
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225071
|
High
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254496
|
High
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205753
|
High
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253486
|
High
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220963
|
High
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225091
|
High
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254418
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205665
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225049
|
Medium
|
Services using Local System that use Negotiate when reverting to NTLM authe...
|
|
V-225050
|
Medium
|
NTLM sessions that are allowed to fall back to Null (unauthenticated) sessi...
|
|
V-225052
|
Medium
|
Certain encryption types are no longer considered secure. The DES and RC4 e...
|
|
V-225053
|
High
|
The LAN Manager hash uses a weak encryption algorithm and there are several...
|
|
V-225054
|
High
|
The Kerberos v5 authentication protocol is the default for authentication o...
|
|
V-225055
|
Medium
|
This setting controls the signing requirements for LDAP clients. This must ...
|
|
V-225056
|
Medium
|
Microsoft has implemented a variety of security support providers for use w...
|
|
V-225057
|
Medium
|
Microsoft has implemented a variety of security support providers for use w...
|
|
V-225058
|
Medium
|
If the private key is discovered, an attacker can use the key to authentica...
|
|
V-225061
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevati...
|
|
V-225062
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevati...
|
|
V-225063
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevati...
|
|
V-225064
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevati...
|
|
V-225065
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevati...
|
|
V-225066
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevati...
|
|
V-225067
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevati...
|
|
V-225068
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevati...
|
|
V-225070
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225072
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225074
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225076
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225077
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225078
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225079
|
High
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225080
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225081
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225082
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225083
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225084
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225085
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225086
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225087
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225088
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225089
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225092
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254282
|
Medium
|
Accounts or groups given rights on a system may show up as unresolved SIDs ...
|
|
V-253290
|
Medium
|
Accounts or groups given rights on a system may show up as unresolved SIDs ...
|
|
V-220733
|
Medium
|
Accounts or groups given rights on a system may show up as unresolved SIDs ...
|
|
V-205855
|
Medium
|
Accounts or groups given rights on a system may show up as unresolved SIDs fo...
|
|
V-254420
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205666
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254386
|
Medium
|
This policy setting determines whether the Kerberos Key Distribution Center...
|
|
V-205702
|
Medium
|
This policy setting determines whether the Kerberos Key Distribution Center...
|
|
V-254387
|
Medium
|
This setting determines the maximum amount of time (in minutes) that a gran...
|
|
V-205703
|
Medium
|
This setting determines the maximum amount of time (in minutes) that a gran...
|
|
V-254388
|
Medium
|
In Kerberos, there are two types of tickets: Ticket Granting Tickets (TGTs)...
|
|
V-205704
|
Medium
|
In Kerberos, there are two types of tickets: Ticket Granting Tickets (TGTs)...
|
|
V-277982
|
Medium
|
Security flaws with operating systems are discovered daily. Vendors are con...
|
|
V-277983
|
Medium
|
Hardware components provide the foundation for organizational systems and t...
|
|
V-277985
|
Medium
|
Using a privileged account to perform routine functions makes the computer ...
|
|
V-277986
|
Medium
|
The longer a password is in use, the greater the opportunity for someone to...
|
|
V-277987
|
High
|
Using applications that access the internet or have potential internet sour...
|
|
V-277988
|
Medium
|
Backup Operators are able to read and write to any file in the system, rega...
|
|
V-277989
|
Medium
|
Application/service account passwords must be of sufficient length to preve...
|
|
V-277990
|
Medium
|
Setting application account passwords to expire may cause applications to s...
|
|
V-277991
|
Medium
|
Shared accounts (accounts where two or more people log on with the same use...
|
|
V-277992
|
Medium
|
Using an allowlist provides a configuration management method to allow the ...
|
|
V-277993
|
Medium
|
Credential Guard uses virtualization-based security to protect data that co...
|
|
V-277995
|
Medium
|
Malicious software can establish a base on individual desktops and servers....
|
|
V-277996
|
Medium
|
A properly configured host-based intrusion detection system (HIDS) or host-...
|
|
V-277997
|
High
|
The ability to set access permissions and auditing is critical to maintaini...
|
|
V-277998
|
Medium
|
Changing the system's file and directory permissions allows the possibility...
|
|
V-277999
|
Medium
|
Changing the system's file and directory permissions allows the possibility...
|
|
V-278000
|
Medium
|
Changing the system's file and directory permissions allows the possibility...
|
|
V-278001
|
Medium
|
The registry is integral to the function, security, and stability of the Wi...
|
|
V-278002
|
Low
|
Windows shares are a means by which files, folders, printers, and other res...
|
|
V-278003
|
Medium
|
Outdated or unused accounts provide penetration points that may go undetect...
|
|
V-278004
|
Medium
|
The lack of password protection enables anyone to gain access to the inform...
|
|
V-278005
|
Medium
|
Passwords that do not expire or are reused increase the exposure of a passw...
|
|
V-278006
|
Medium
|
Monitoring system files for changes against a baseline on a regular basis m...
|
|
V-278007
|
Medium
|
Shares on a system provide network access. To prevent exposing sensitive in...
|
|
V-278008
|
Medium
|
Use of software certificates and their accompanying installation files for ...
|
|
V-278009
|
Medium
|
This requirement addresses protection of user-generated data as well as ope...
|
|
V-278010
|
Medium
|
Information can be either unintentionally or maliciously disclosed or modif...
|
|
V-278011
|
Medium
|
Unnecessary roles and features increase the attack surface of a system. Lim...
|
|
V-278012
|
Medium
|
A firewall provides a line of defense against attack, allowing or blocking ...
|
|
V-278013
|
Medium
|
If temporary user accounts remain active when no longer needed or for an ex...
|
|
V-278014
|
Medium
|
Emergency administrator accounts are privileged accounts established in res...
|
|
V-278015
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-278016
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-278017
|
Medium
|
Unnecessary connections could increase the attack surface of a system. Some...
|
|
V-278018
|
Medium
|
Unnecessary applications and/or services such as Bluetooth could allow an a...
|
|
V-278019
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-278020
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-278021
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-278022
|
Medium
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-278023
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 ...
|
|
V-278024
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 ...
|
|
V-278025
|
Medium
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 ...
|
|
V-278026
|
Medium
|
Windows PowerShell 5.x added advanced logging features that can provide add...
|
|
V-278027
|
Medium
|
The FTP service allows remote users to access shared files and directories....
|
|
V-278028
|
Medium
|
The FTP service allows remote users to access shared files and directories ...
|
|
V-278029
|
Low
|
The Windows Time Service controls time synchronization settings. Time synch...
|
|
V-278030
|
Medium
|
Accounts or groups given rights on a system may show up as unresolved SIDs ...
|
|
V-278031
|
Medium
|
UEFI provides additional security features in comparison to legacy BIOS fir...
|
|
V-278032
|
Medium
|
Secure Boot is a standard that ensures systems boot only to a trusted opera...
|
|
V-278033
|
Medium
|
When enabled, the account lockout feature prevents brute-force password att...
|
|
V-278034
|
Medium
|
The account lockout feature, when enabled, prevents brute-force password at...
|
|
V-278035
|
Medium
|
When enabled, the account lockout feature prevents brute-force password att...
|
|
V-278036
|
Medium
|
A system is more vulnerable to unauthorized access when system users recycl...
|
|
V-278037
|
Medium
|
The longer a password is in use, the greater the opportunity for someone to...
|
|
V-278038
|
Medium
|
Permitting passwords to be changed in immediate succession within the same ...
|
|
V-278039
|
Medium
|
The use of complex passwords increases their strength against attack. The b...
|
|
V-278040
|
High
|
Storing passwords using reversible encryption is essentially the same as st...
|
|
V-278041
|
Medium
|
Protection of log data includes ensuring the log data is not accidentally l...
|
|
V-278042
|
Medium
|
Protection of log data includes ensuring the log data is not accidentally l...
|
|
V-278043
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278044
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278045
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278046
|
Medium
|
Protecting audit information also includes identifying and protecting the t...
|
|
V-278047
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278048
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278049
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278050
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278051
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278052
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278053
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278054
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278055
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278056
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278057
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278058
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278059
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278060
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278061
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278062
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278063
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278064
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278065
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278066
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278067
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278068
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278069
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278070
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278071
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278072
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278073
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278074
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278075
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278076
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278077
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278078
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278079
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278080
|
Medium
|
Slide shows displayed on the lock screen could display sensitive informatio...
|
|
V-278082
|
Low
|
Configuring the system to disable IPv6 source routing protects against spoo...
|
|
V-278083
|
Low
|
Configuring the system to disable IP source routing protects against spoofing.
|
|
V-278084
|
Low
|
Allowing ICMP redirect of routes can lead to traffic not being routed prope...
|
|
V-278085
|
Low
|
Configuring the system to ignore name release requests, except from WINS se...
|
|
V-278086
|
Medium
|
Insecure guest logons allow unauthenticated access to shared folders. Share...
|
|
V-278087
|
Medium
|
Additional security requirements are applied to UNC paths specified in hard...
|
|
V-278088
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278089
|
Medium
|
An exportable version of credentials is provided to remote hosts when using...
|
|
V-278090
|
Medium
|
Virtualization Based Security (VBS) provides the platform for the additiona...
|
|
V-278091
|
Medium
|
Compromised boot drivers can introduce malware prior to protection mechanis...
|
|
V-278092
|
Medium
|
Registry entries for group policy settings can potentially be changed from ...
|
|
V-278093
|
Medium
|
Some features may communicate with the vendor, sending system information o...
|
|
V-278094
|
Medium
|
Some features may communicate with the vendor, sending system information o...
|
|
V-278095
|
Medium
|
Enabling interaction with the network selection UI allows users to change c...
|
|
V-278096
|
Medium
|
A system that does not require authentication when resuming from sleep may ...
|
|
V-278097
|
Medium
|
A system that does not require authentication when resuming from sleep may ...
|
|
V-278098
|
Low
|
Some features may communicate with the vendor, sending system information o...
|
|
V-278099
|
High
|
Allowing AutoPlay to execute may introduce malicious code to a system. Auto...
|
|
V-278100
|
High
|
Allowing AutoRun commands to execute may introduce malicious code to a syst...
|
|
V-278101
|
High
|
Allowing AutoPlay to execute may introduce malicious code to a system. Auto...
|
|
V-278102
|
Medium
|
Enumeration of administrator accounts when elevating can provide part of th...
|
|
V-278103
|
Medium
|
Some features may communicate with the vendor, sending system information o...
|
|
V-278104
|
Low
|
Windows Update can obtain updates from additional sources instead of Micros...
|
|
V-278105
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent...
|
|
V-278106
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent...
|
|
V-278107
|
Medium
|
Inadequate log size will cause the log to fill up quickly. This may prevent...
|
|
V-278108
|
Medium
|
Microsoft Defender antivirus SmartScreen helps protect systems from program...
|
|
V-278109
|
Medium
|
Data Execution Prevention provides additional protection by performing chec...
|
|
V-278110
|
Low
|
Legacy plug-in applications may continue to function when a File Explorer s...
|
|
V-278111
|
Medium
|
The shell protocol will limit the set of folders that applications can open...
|
|
V-278112
|
Medium
|
Saving passwords in the Remote Desktop Client could allow an unauthorized u...
|
|
V-278113
|
Medium
|
Preventing users from sharing the local drives on their client computers wi...
|
|
V-278114
|
Medium
|
This setting controls the ability of users to supply passwords automaticall...
|
|
V-278115
|
Medium
|
Allowing unsecure RPC communication exposes the system to man-in-the-middle...
|
|
V-278116
|
Medium
|
Remote connections must be encrypted to prevent interception of data or sen...
|
|
V-278117
|
Medium
|
Attachments from RSS feeds may not be secure. This setting will prevent att...
|
|
V-278118
|
Medium
|
Basic authentication uses plain-text passwords that could be used to compro...
|
|
V-278119
|
Medium
|
Indexing of encrypted files may expose sensitive data. This setting prevent...
|
|
V-278120
|
Medium
|
Installation options for applications are typically controlled by administr...
|
|
V-278121
|
High
|
Standard user accounts must not be granted elevated privileges. Enabling Wi...
|
|
V-278122
|
Medium
|
Web-based programs may attempt to install malicious software on a system. E...
|
|
V-278123
|
Medium
|
Windows can be configured to automatically sign the user back in after a Wi...
|
|
V-278124
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278125
|
High
|
Basic authentication uses plain-text passwords that could be used to compro...
|
|
V-278126
|
Medium
|
Unencrypted remote access to a system can allow sensitive information to be...
|
|
V-278127
|
Medium
|
Digest authentication is not as strong as other options and may be subject ...
|
|
V-278128
|
High
|
Basic authentication uses plain-text passwords that could be used to compro...
|
|
V-278129
|
Medium
|
Unencrypted remote access to a system can allow sensitive information to be...
|
|
V-278130
|
Medium
|
Storage of administrative credentials could allow unauthorized access. Disa...
|
|
V-278131
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278132
|
High
|
An account that does not have Administrator duties must not have Administra...
|
|
V-278133
|
Medium
|
This policy setting determines whether the Kerberos Key Distribution Center...
|
|
V-278134
|
Medium
|
This setting determines the maximum amount of time (in minutes) that a gran...
|
|
V-278135
|
Medium
|
In Kerberos, there are two types of tickets: Ticket Granting Tickets (TGTs)...
|
|
V-278136
|
Medium
|
This setting determines the period of time (in days) during which a user's ...
|
|
V-278137
|
Medium
|
This setting determines the maximum time difference (in minutes) that Kerbe...
|
|
V-278138
|
High
|
Improper access permissions for directory data-related files could allow un...
|
|
V-278139
|
High
|
Improper access permissions for directory data files could allow unauthoriz...
|
|
V-278140
|
High
|
When directory service database objects do not have appropriate access cont...
|
|
V-278141
|
High
|
When Active Directory objects do not have appropriate access control permis...
|
|
V-278142
|
High
|
When directory service database objects do not have appropriate access cont...
|
|
V-278143
|
Medium
|
When directory service data files, especially for directories used for iden...
|
|
V-278144
|
Medium
|
Executing application servers on the same host machine with a directory ser...
|
|
V-278145
|
Medium
|
Directory data that is not appropriately encrypted is subject to compromise...
|
|
V-278146
|
High
|
To the extent that anonymous access to directory data (outside the root DSE...
|
|
V-278147
|
Low
|
The failure to terminate inactive network connections increases the risk of...
|
|
V-278148
|
Medium
|
When inappropriate audit settings are configured for directory service data...
|
|
V-278149
|
Medium
|
When inappropriate audit settings are configured for directory service data...
|
|
V-278150
|
Medium
|
When inappropriate audit settings are configured for directory service data...
|
|
V-278151
|
Medium
|
When inappropriate audit settings are configured for directory service data...
|
|
V-278152
|
Medium
|
When inappropriate audit settings are configured for directory service data...
|
|
V-278153
|
Medium
|
When inappropriate audit settings are configured for directory service data...
|
|
V-278154
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278155
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278156
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278157
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278158
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278159
|
Medium
|
Domain controllers are part of the chain of trust for PKI authentications. ...
|
|
V-278160
|
High
|
A PKI implementation depends on the practices established by the Certificat...
|
|
V-278161
|
High
|
A PKI implementation depends on the practices established by the Certificat...
|
|
V-278162
|
Medium
|
Smart cards such as the CAC support a two-factor authentication technique. ...
|
|
V-278163
|
Medium
|
Unsigned network traffic is susceptible to man-in-the-middle attacks, where...
|
|
V-278164
|
Medium
|
Enabling this setting on all domain controllers in a domain prevents domain...
|
|
V-278165
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278166
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278167
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278168
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278169
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278170
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278171
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278172
|
Medium
|
Active Directory domain services elevation of privilege vulnerability could...
|
|
V-278173
|
Medium
|
Weak mappings give rise to security vulnerabilities and demand hardening me...
|
|
V-278174
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278175
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278176
|
Medium
|
The krbtgt account acts as a service account for the Kerberos Key Distribut...
|
|
V-278177
|
High
|
An account that does not have Administrator duties must not have Administra...
|
|
V-278178
|
Medium
|
A compromised local administrator account can provide means for an attacker...
|
|
V-278179
|
Medium
|
The username is one part of logon credentials that could be used to gain ac...
|
|
V-278180
|
Medium
|
Unauthenticated RPC clients may allow anonymous access to sensitive informa...
|
|
V-278181
|
Medium
|
The default Windows configuration caches the last logon credentials for use...
|
|
V-278182
|
Medium
|
The Windows SAM stores users' passwords. Restricting Remote Procedure Call ...
|
|
V-278183
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278184
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278185
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278186
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278187
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278188
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278189
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278190
|
High
|
Credential Guard uses virtualization-based security to protect data that co...
|
|
V-278192
|
Medium
|
To ensure secure DOD websites and DOD-signed code are properly validated, t...
|
|
V-278193
|
Medium
|
To ensure users do not experience denial of service when performing certifi...
|
|
V-278194
|
Medium
|
To ensure users do not experience denial of service when performing certifi...
|
|
V-278195
|
Medium
|
A system faces an increased vulnerability threat if the built-in guest acco...
|
|
V-278196
|
High
|
An account without a password can allow unauthorized access to a system as ...
|
|
V-278197
|
Medium
|
The built-in administrator account is a well-known account subject to attac...
|
|
V-278198
|
Medium
|
The built-in guest account is a well-known user account on all Windows syst...
|
|
V-278199
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-278200
|
Medium
|
Requests sent on the secure channel are authenticated, and sensitive inform...
|
|
V-278201
|
Medium
|
Requests sent on the secure channel are authenticated, and sensitive inform...
|
|
V-278202
|
Medium
|
Requests sent on the secure channel are authenticated, and sensitive inform...
|
|
V-278203
|
Medium
|
Computer account passwords are changed automatically on a regular basis. Di...
|
|
V-278204
|
Medium
|
Computer account passwords are changed automatically on a regular basis. Th...
|
|
V-278205
|
Medium
|
A computer connecting to a domain controller will establish a secure channe...
|
|
V-278206
|
Medium
|
Unattended systems are susceptible to unauthorized use and must be locked w...
|
|
V-278207
|
Medium
|
Failure to display the logon banner prior to a logon attempt will negate le...
|
|
V-278208
|
Low
|
Failure to display the logon banner prior to a logon attempt will negate le...
|
|
V-278209
|
Medium
|
Unattended systems are susceptible to unauthorized use and must be locked. ...
|
|
V-278210
|
Medium
|
The server message block (SMB) protocol provides the basis for many network...
|
|
V-278211
|
Medium
|
The server message block (SMB) protocol provides the basis for many network...
|
|
V-278212
|
Medium
|
Some non-Microsoft SMB servers only support unencrypted (plain-text) passwo...
|
|
V-278213
|
Medium
|
The server message block (SMB) protocol provides the basis for many network...
|
|
V-278214
|
Medium
|
The server message block (SMB) protocol provides the basis for many network...
|
|
V-278215
|
High
|
Allowing anonymous SID/Name translation can provide sensitive information f...
|
|
V-278216
|
High
|
Anonymous enumeration of SAM accounts allows anonymous logon users (null se...
|
|
V-278217
|
High
|
Allowing anonymous logon users (null session connections) to list all accou...
|
|
V-278218
|
Medium
|
Access by anonymous users must be restricted. If this setting is enabled, a...
|
|
V-278219
|
High
|
Allowing anonymous access to named pipes or shares provides the potential f...
|
|
V-278220
|
Medium
|
Services using Local System that use Negotiate when reverting to NTLM authe...
|
|
V-278221
|
Medium
|
NTLM sessions that are allowed to fall back to Null (unauthenticated) sessi...
|
|
V-278222
|
Medium
|
PKU2U is a peer-to-peer authentication protocol. This setting prevents onli...
|
|
V-278223
|
Medium
|
Certain encryption types are no longer considered secure. The DES and RC4 e...
|
|
V-278225
|
High
|
The Kerberos v5 authentication protocol is the default for authentication o...
|
|
V-278226
|
Medium
|
This setting controls the signing requirements for LDAP clients. This must ...
|
|
V-278227
|
Medium
|
Microsoft has implemented a variety of security support providers for use w...
|
|
V-278228
|
Medium
|
Microsoft has implemented a variety of security support providers for use w...
|
|
V-278229
|
Medium
|
If the private key is discovered, an attacker can use the key to authentica...
|
|
V-278230
|
Medium
|
This setting ensures the system uses FIPS-compliant algorithms for encrypti...
|
|
V-278231
|
Low
|
Windows systems maintain a global list of shared system resources such as D...
|
|
V-278232
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, inclu...
|
|
V-278233
|
Medium
|
User Account Control (UAC) is a security mechanism for limiting the elevati...
|
|
V-278234
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, inclu...
|
|
V-278235
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, inclu...
|
|
V-278236
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, inclu...
|
|
V-278237
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, inclu...
|
|
V-278238
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, inclu...
|
|
V-278239
|
Medium
|
UAC is a security mechanism for limiting the elevation of privileges, inclu...
|
|
V-278240
|
Medium
|
Attachments from outside sources may contain malicious code. Preserving zon...
|
|
V-278241
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278242
|
High
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278243
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278244
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278245
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278246
|
High
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278247
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278248
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278249
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278250
|
High
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278251
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278252
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278253
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278254
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278255
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278256
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278257
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278258
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278259
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278260
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278261
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-278262
|
Medium
|
Inappropriately granting user rights provides system, administrative, and o...
|
|
V-279916
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-279917
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-279918
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-279919
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-279920
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-279921
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-279922
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-279923
|
Medium
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-254389
|
Medium
|
This setting determines the period of time (in days) during which a user's ...
|
|
V-205705
|
Medium
|
This setting determines the period of time (in days) during which a user's ...
|
|
V-254390
|
Medium
|
This setting determines the maximum time difference (in minutes) that Kerbe...
|
|
V-205706
|
Medium
|
This setting determines the maximum time difference (in minutes) that Kerbe...
|
|
V-254419
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205744
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254421
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205667
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254434
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205671
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253480
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220957
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254422
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205668
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254423
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205669
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254425
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205732
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254435
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205672
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253491
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220968
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254436
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205673
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253492
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220969
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254491
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205749
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253479
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220956
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205674
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254437
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254425
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205733
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253495
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220972
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254493
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205676
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253482
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220959
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254495
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205752
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253485
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220962
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254497
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205754
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253487
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220964
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-271427
|
Medium
|
Weak mappings give rise to security vulnerabilities and demand hardening me...
|
|
V-271429
|
Medium
|
Weak mappings give rise to security vulnerabilities and demand hardening me...
|
|
V-254498
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205755
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253488
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220965
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254499
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205756
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253489
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220966
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254501
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205758
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205758
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220974
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254502
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205759
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254503
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254503
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254503
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220975
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254504
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205761
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254505
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205762
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253499
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220976
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254507
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205643
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253501
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220978
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254508
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205764
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253502
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220979
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254509
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205765
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253503
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220980
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254510
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205766
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253504
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220981
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254511
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205767
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253505
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220982
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-254512
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205768
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-253506
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-220983
|
Medium
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-205851
|
Medium
|
A properly configured Host-based Intrusion Detection System (HIDS) and Host...
|
|
V-254249
|
Medium
|
A properly configured Host-based Intrusion Detection System (HIDS) and Host...
|
|
V-243466
|
High
|
The Enterprise Admins group is a highly privileged group. Personnel who ar...
|
|
V-243467
|
High
|
The Domain Admins group is a highly privileged group. Personnel who are sy...
|
|
V-243468
|
Medium
|
Personnel who are system administrators must log on to domain systems only ...
|
|
V-243469
|
Medium
|
Personnel who are system administrators must log on to domain systems only ...
|
|
V-243470
|
High
|
Privileged accounts such as those belonging to any of the administrator gro...
|
|
V-243471
|
Medium
|
Local administrator accounts on domain systems must use unique passwords. I...
|
|
V-243472
|
Medium
|
A separate smart card for Enterprise Admin and Domain Admin accounts elimin...
|
|
V-243473
|
Medium
|
Public facing servers should be in DMZs with separate Active Directory fore...
|
|
V-243475
|
Medium
|
Domain controllers provide access to highly privileged areas of a domain. ...
|
|
V-243476
|
Medium
|
When a smart card is required for a domain account, a long password, unknow...
|
|
V-243477
|
Medium
|
User accounts with domain level administrative privileges are highly prized...
|
|
V-243478
|
Medium
|
Unconstrained delegation enabled on a computer can allow the computer accou...
|
|
V-243479
|
Medium
|
The DSRM password, used to log on to a domain controller (DC) when rebootin...
|
|
V-243480
|
Medium
|
Domains operating at functional levels below Windows Server versions no lon...
|
|
V-243481
|
Medium
|
Because trust relationships effectively eliminate a level of authentication...
|
|
V-243482
|
High
|
If a robust cross-domain solution is not used, then it could permit unautho...
|
|
V-243483
|
High
|
The configuration of an AD trust relationship is one of the steps used to a...
|
|
V-243484
|
Medium
|
Under some circumstances it is possible for attackers or rogue administrato...
|
|
V-243485
|
Medium
|
Enabling Selective Authentication on outbound Active Directory (AD) forest ...
|
|
V-243486
|
Medium
|
The Pre-Windows 2000 Compatible Access group was created to allow Windows N...
|
|
V-243487
|
Medium
|
Membership in the Group Policy Creator Owners and Incoming Forest Trust Bui...
|
|
V-243488
|
Low
|
In AD it is possible to delegate account and other AD object ownership and ...
|
|
V-243489
|
Medium
|
The RODC role provides a unidirectional replication method for selected inf...
|
|
V-243490
|
Medium
|
Monitoring the usage of administrative accounts can alert on suspicious beh...
|
|
V-243491
|
Medium
|
Monitoring for the use of local accounts to log on remotely from other syst...
|
|
V-243492
|
Medium
|
Remote Desktop activity for administration should be limited to specific ad...
|
|
V-243493
|
Medium
|
Failure to maintain a current backup of directory data could make it diffic...
|
|
V-243494
|
Low
|
Active Directory (AD) external, forest, and realm trust configurations are ...
|
|
V-243495
|
Medium
|
The normal operation of AD requires the use of IP network ports and protoco...
|
|
V-243496
|
Medium
|
Membership in certain default directory groups assigns a high privilege lev...
|
|
V-243497
|
Medium
|
Timely replication makes certain that directory service data is consistent ...
|
|
V-243498
|
Medium
|
To provide data confidentiality, a VPN is configured to encrypt the data be...
|
|
V-243499
|
Low
|
When an incident occurs that requires multiple Active Directory (AD) domain...
|
|
V-243500
|
Medium
|
In Active Directory (AD) architecture, multiple domain controllers provide ...
|
|
V-243501
|
Low
|
When incidents occur that require a change in the Cyber Protection Conditio...
|
|
V-269097
|
Medium
|
Although Kerberos logging can be used for troubleshooting, it can also prov...
|
|
V-277028
|
Medium
|
Apple Watches are not an approved authenticator and their use must be disab...
|
|
V-277029
|
Medium
|
Users must authenticate when unlocking the screen saver.
The screen save...
|
|
V-277030
|
Medium
|
A screen saver must be enabled and the system must be configured to require...
|
|
V-277031
|
Medium
|
The screen lock must be configured to initiate automatically when the smart...
|
|
V-277032
|
Medium
|
Hot corners must be disabled.
The information system conceals, via the s...
|
|
V-277033
|
Medium
|
The system must be configured to not display sensitive information at the L...
|
|
V-277034
|
Medium
|
The macOS system can be configured to set an automated termination for 72 h...
|
|
V-277035
|
Medium
|
Time synchronization must be enforced on all networked systems.
This rul...
|
|
V-277036
|
Medium
|
The macOS must be configured to limit the number of failed login attempts t...
|
|
V-277037
|
Medium
|
Remote login service must be configured to display a policy banner at login...
|
|
V-277038
|
Medium
|
SSH must be configured to display a policy banner.
Displaying a standard...
|
|
V-277039
|
Medium
|
Displaying a standardized and approved use notification before granting acc...
|
|
V-277040
|
Medium
|
The audit log files must not contain ACLs.
This rule ensures that audit ...
|
|
V-277041
|
Medium
|
The audit log folder must not contain ACLs.
Audit logs contain sensitive...
|
|
V-277042
|
Medium
|
If FileVault is enabled, automatic login must be disabled so that both File...
|
|
V-277043
|
Medium
|
If SSHD is enabled, it must be configured with the Client Alive Interval se...
|
|
V-277044
|
Medium
|
If SSHD is enabled, it must be configured with the Client Alive Maximum Cou...
|
|
V-277045
|
Medium
|
If SSHD is enabled, it must be configured to wait only 30 seconds before ti...
|
|
V-277046
|
High
|
If SSHD is enabled, it must be configured to limit the Ciphers, HostbasedAc...
|
|
V-277047
|
High
|
SSH must be configured to limit the Ciphers, HostbasedAcceptedAlgorithms, H...
|
|
V-277048
|
Medium
|
The macOS system must be configured to enforce a lockout time of at least 1...
|
|
V-277049
|
Medium
|
The screen saver timeout must be set to 900 seconds or a shorter length of ...
|
|
V-277050
|
Medium
|
The ability to log in to another user's active or locked session must be di...
|
|
V-277051
|
Medium
|
To ensure individual accountability and prevent unauthorized access, loggin...
|
|
V-277052
|
Medium
|
SSH must be configured with an Active Server Alive Maximum Count set to 900...
|
|
V-277053
|
Medium
|
If SSHD is enabled, it must be configured with session ChannelTimeout set t...
|
|
V-277054
|
Medium
|
If SSHD is enabled, it must be configured with unused connection timeout se...
|
|
V-277055
|
Medium
|
SSH must be configured with an Active Server Alive Maximum Count set to 0. ...
|
|
V-277056
|
Medium
|
Auto logout must be configured to automatically terminate a user session an...
|
|
V-277057
|
Medium
|
An approved time server must be the only server configured for use. As of m...
|
|
V-277058
|
Medium
|
The macOS time synchronization daemon (timed) must be enabled for proper ti...
|
|
V-277059
|
Medium
|
Sudo must be configured to log privilege escalation.
Without logging pri...
|
|
V-277060
|
Medium
|
The auditing system must be configured to flag administrative action (ad) e...
|
|
V-277061
|
Medium
|
The audit system must be configured to record all attempts to log in and ou...
|
|
V-277062
|
Medium
|
The information system must be configured to generate audit records.
Aud...
|
|
V-277063
|
Medium
|
Audit log files must be owned by root.
The audit service must be configu...
|
|
V-277064
|
Medium
|
Audit log folders must be owned by root.
The audit service must be confi...
|
|
V-277065
|
Medium
|
Audit log files must have the group set to wheel.
The audit service must...
|
|
V-277066
|
Medium
|
Audit log files must have the group set to wheel.
The audit service must...
|
|
V-277067
|
Medium
|
The audit service must be configured to create log files that are readable ...
|
|
V-277068
|
Medium
|
The audit log folder must be configured to mode 700 or less permissive so t...
|
|
V-277069
|
Medium
|
The audit system must be configured to record enforcement actions of attemp...
|
|
V-277070
|
Medium
|
The audit system must be configured to record enforcement actions of attemp...
|
|
V-277071
|
Medium
|
The audit system must be configured to record enforcement actions of access...
|
|
V-277072
|
Medium
|
The audit system must be configured to record enforcement actions of access...
|
|
V-277073
|
Medium
|
The audit system must be configured to record enforcement actions of access...
|
|
V-277074
|
Low
|
The audit service must be configured to require that records be kept for an...
|
|
V-277075
|
Medium
|
The audit service must be configured to notify the system administrator whe...
|
|
V-277076
|
Medium
|
The audit service must be configured to immediately print messages to the c...
|
|
V-277077
|
Medium
|
The auditing system must be configured to flag authorization and authentica...
|
|
V-277078
|
Medium
|
The macOS system must be configured to block access to users who are no lon...
|
|
V-277079
|
Medium
|
If SSH is enabled to ensure individual accountability and prevent unauthori...
|
|
V-277080
|
Medium
|
/etc/security/audit_control must have the group set to wheel.
The audit ...
|
|
V-277081
|
Medium
|
/etc/security/audit_control must have the owner set to root.
The audit s...
|
|
V-277082
|
Medium
|
/etc/security/audit_control must be configured so that it is readable only ...
|
|
V-277083
|
Medium
|
/etc/security/audit_control must not contain ACLs.
/etc/security/audit_c...
|
|
V-277084
|
High
|
If remote login through SSH is enabled, password-based authentication must ...
|
|
V-277085
|
Medium
|
Support for SMB file sharing is nonessential and must be disabled.
The i...
|
|
V-277086
|
Medium
|
Support for NFS services is nonessential and, therefore, must be disabled. ...
|
|
V-277087
|
Medium
|
Location Services must be disabled.
The information system must be confi...
|
|
V-277088
|
Medium
|
Bonjour multicast advertising must be disabled to prevent the system from b...
|
|
V-277089
|
Medium
|
The system must not have the UUCP service active.
UUCP, a set of program...
|
|
V-277090
|
Medium
|
If the system does not require Internet Sharing, support for it is nonessen...
|
|
V-277091
|
Medium
|
The built-in web server managed by launchd is a nonessential service built ...
|
|
V-277092
|
Medium
|
AirDrop must be disabled to prevent file transfers to or from unauthorized ...
|
|
V-277093
|
Medium
|
The macOS built-in FaceTime.app must be disabled.
The FaceTime.app estab...
|
|
V-277094
|
Medium
|
The macOS built-in Calendar.app connection to Apple's iCloud service must b...
|
|
V-277095
|
Medium
|
The macOS built-in Reminders.app connection to Apple's iCloud service must ...
|
|
V-277096
|
Medium
|
The macOS built-in Contacts.app connection to Apple's iCloud service must b...
|
|
V-277097
|
Medium
|
The macOS built-in Mail.app connection to Apple's iCloud service must be di...
|
|
V-277098
|
Medium
|
The macOS built-in Notes.app connection to Apple's iCloud service must be d...
|
|
V-277099
|
Medium
|
It is detrimental for operating systems to provide, or install by default, ...
|
|
V-277100
|
Medium
|
Support for Siri is nonessential and must be disabled.
The information s...
|
|
V-277101
|
Medium
|
The ability to submit diagnostic data to Apple must be disabled.
The inf...
|
|
V-277102
|
Medium
|
If the system does not require Remote Apple Events, support for Apple Remot...
|
|
V-277103
|
Medium
|
The ability for Apple to store and review audio recordings and transcripts ...
|
|
V-277104
|
Medium
|
Sending data to Apple to help improve search must be disabled.
The infor...
|
|
V-277105
|
Medium
|
The prompt for Apple ID setup during Setup Assistant must be disabled.
m...
|
|
V-277106
|
Medium
|
The prompt for Privacy Setup services during Setup Assistant must be disabl...
|
|
V-277107
|
Medium
|
The prompt to set up iCloud storage services during Setup Assistant must be...
|
|
V-277108
|
High
|
If the system does not require TFTP support, it is nonessential and must be...
|
|
V-277109
|
Medium
|
The prompt for Siri during Setup Assistant must be disabled.
Organizatio...
|
|
V-277110
|
Medium
|
The macOS system's ability to automatically synchronize a user's passwords ...
|
|
V-277111
|
Medium
|
The macOS built-in iCloud document synchronization service must be disabled...
|
|
V-277112
|
Medium
|
The macOS built-in Safari.app bookmark synchronization via the iCloud servi...
|
|
V-277113
|
Medium
|
The macOS built-in Photos.app connection to Apple's iCloud service must be ...
|
|
V-277114
|
Medium
|
Support for both Screen Sharing and Apple Remote Desktop is nonessential an...
|
|
V-277115
|
Medium
|
The System Settings pane for Wallet and Apple Pay must be disabled.
Disa...
|
|
V-277116
|
Medium
|
The System Settings pane for Siri must be hidden.
Hiding the System Sett...
|
|
V-277117
|
High
|
The information system implements cryptographic mechanisms to authenticate ...
|
|
V-277118
|
High
|
The macOS system must be configured to disable Bluetooth unless an approved...
|
|
V-277119
|
Medium
|
Guest access must be disabled.
Turning off guest access prevents anonymo...
|
|
V-277120
|
High
|
Gatekeeper must be enabled.
Gatekeeper is a security feature that ensure...
|
|
V-277121
|
High
|
Automatic login must be disabled.
When automatic logins are enabled, the...
|
|
V-277122
|
Medium
|
The system must be configured to prevent access to other users' home folder...
|
|
V-277123
|
High
|
The system must be configured to require an administrator password to modif...
|
|
V-277124
|
Medium
|
Airplay Receiver allows users to send content from one Apple device to be d...
|
|
V-277125
|
Medium
|
TouchID enables the ability to unlock a Mac system with a user's fingerprin...
|
|
V-277126
|
Medium
|
Media Sharing must be disabled.
When Media Sharing is enabled, the compu...
|
|
V-277127
|
Medium
|
Bluetooth Sharing must be disabled.
Bluetooth Sharing allows users to wi...
|
|
V-277128
|
Medium
|
The system must disable Account Modification.
Account Modification incl...
|
|
V-277129
|
Medium
|
Content Caching must be disabled.
Content Caching is a macOS service tha...
|
|
V-277130
|
Medium
|
The macOS system's ability to automatically synchronize a user's Desktop an...
|
|
V-277131
|
Medium
|
This works only with supervised devices (mobile device management [MDM]) an...
|
|
V-277132
|
Medium
|
Enterprise networks may be required to audit all network traffic by policy;...
|
|
V-277133
|
Medium
|
The Find My service must be disabled.
A Mobile Device Management (MDM) s...
|
|
V-277134
|
Medium
|
Ad tracking and targeted ads must be disabled.
The information system mu...
|
|
V-277135
|
Medium
|
The ability for Apple to store and review audio of Siri and Dictation inter...
|
|
V-277136
|
Medium
|
Dictation must be restricted to On Device Only to prevent potential data ex...
|
|
V-277137
|
Medium
|
Dictation must be disabled on Intel-based Macs as the feature On Device Dic...
|
|
V-277138
|
Medium
|
Printer Sharing must be disabled.
|
|
V-277139
|
Medium
|
Remote Management must be disabled.
|
|
V-277140
|
Medium
|
The Bluetooth System Setting pane must be disabled to prevent access to the...
|
|
V-277141
|
Medium
|
The macOS built-in Freeform.app connection to Apple's iCloud service must b...
|
|
V-277142
|
Medium
|
iPhone Mirroring must be disabled to prevent file transfers to or from unau...
|
|
V-277143
|
Medium
|
The organization must issue or obtain public key certificates from an organ...
|
|
V-277144
|
Medium
|
The macOS must be configured to require at least one numeric character be u...
|
|
V-277145
|
Medium
|
The macOS must be configured to enforce a maximum password lifetime limit o...
|
|
V-277146
|
Medium
|
The macOS must be configured to require that a minimum of 14 characters be ...
|
|
V-277147
|
Medium
|
The macOS must be configured to require that at least one special character...
|
|
V-277148
|
Medium
|
Password hints must be disabled.
Password hints leak information about p...
|
|
V-277149
|
Medium
|
User accounts must not contain password hints.
Password hints leak infor...
|
|
V-277150
|
Medium
|
Smart card authentication must be enforced.
Using smart card credentials...
|
|
V-277151
|
Medium
|
Smart card authentication must be allowed.
Using smart card credentials ...
|
|
V-277152
|
Medium
|
The system must be configured to enforce multifactor authentication.
All...
|
|
V-277153
|
Medium
|
The system must be configured such that, when the su command is used, multi...
|
|
V-277154
|
Medium
|
The system must be configured to enforce multifactor authentication when th...
|
|
V-277155
|
Medium
|
The macOS must be configured to require at least one lowercase character an...
|
|
V-277156
|
Medium
|
The macOS must be configured to enforce a minimum password lifetime limit o...
|
|
V-277157
|
Medium
|
The macOS must be configured to disable accounts after 35 days of inactivit...
|
|
V-277158
|
Medium
|
The ASL must be owned by root.
ASLs contain sensitive data about the sys...
|
|
V-277159
|
Medium
|
The ASLs must be configured to be writable by root and readable only by the...
|
|
V-277160
|
Medium
|
The file /etc/sudoers must include a timestamp_timout of 0.
Without reau...
|
|
V-277161
|
Medium
|
The system log files must be owned by root.
System logs contain sensitiv...
|
|
V-277162
|
Medium
|
The system logs must be configured to be writable by root and readable only...
|
|
V-277163
|
Low
|
The install.log must be configured to require that records be kept for an o...
|
|
V-277164
|
Medium
|
The file /etc/sudoers must be configured to not include a timestamp_type of...
|
|
V-277165
|
High
|
SIP is vital to protecting the integrity of the system as it prevents malic...
|
|
V-277166
|
High
|
The information system implements cryptographic mechanisms to protect the c...
|
|
V-277167
|
Medium
|
The macOS Application Firewall is the built-in firewall that comes with mac...
|
|
V-277168
|
Medium
|
The login window must be configured to prompt all users for both a username...
|
|
V-277169
|
Medium
|
The prompt for TouchID during Setup Assistant must be disabled.
macOS pr...
|
|
V-277170
|
Medium
|
The prompt for Screen Time setup during Setup Assistant must be disabled.
...
|
|
V-277171
|
Medium
|
The prompt for Apple Watch unlock setup during Setup Assistant must be disa...
|
|
V-277172
|
Medium
|
Handoff must be disabled.
Handoff allows users to continue working on a ...
|
|
V-277173
|
Medium
|
Proximity-based password sharing requests must be disabled.
The default ...
|
|
V-277174
|
Medium
|
Erase Content and Settings must be disabled.
Without disabling the Erase...
|
|
V-277175
|
Medium
|
Authenticated Root must be enabled.
When Authenticated Root is enabled, ...
|
|
V-277176
|
Medium
|
Users must not be allowed to install software into /users/.
Allowing reg...
|
|
V-277177
|
Medium
|
USB devices connected to a Mac must be authorized.
[IMPORTANT]
====
Th...
|
|
V-277178
|
Medium
|
The Secure Boot security setting must be set to "full".
Full security is...
|
|
V-277179
|
Medium
|
Users must enroll their Mac in MDM software.
User Approved MDM (UAMDM) e...
|
|
V-277180
|
Medium
|
A Recovery Lock password must be enabled and set.
Single user mode, reco...
|
|
V-277181
|
Medium
|
Software Update must be configured to update XProtect Remediator and Gateke...
|
|
V-277182
|
Medium
|
Apple Intelligence features such as Genmoji must be disabled.
Using off-...
|
|
V-277183
|
Medium
|
Apple Intelligence features such as Image Playground must be disabled.
U...
|
|
V-277184
|
Medium
|
Apple Intelligence features that use off device Artificial Intelligence (AI...
|
|
V-277185
|
High
|
Security flaws with operating systems are discovered daily. Vendors are con...
|
|
V-279329
|
Medium
|
The prompt for Apple Intelligence setup during Setup Assistant must be disa...
|
|
V-282964
|
High
|
Unsupported software and systems should not be used because fixes to newly ...
|