CIS benchmark scanning not working

Hi.

I’m running the latest version of Nexpose with up2date plugins and are trying to get CIS-scannings to work. Scan Engine is authenticated to the servers using ScanAssistant. The scan is failing for all tested templates on both Windows and Linux-platform. There is an ongoing support case with support regarding the issue, but I’m wondering if anyone has seen this before an can provide me with a solution.

All scan ends with ERROR-result and then the final error is f.ex:

xccdf_org.cisecurity.benchmarks_benchmark_2.0.0_CIS_Microsoft_Windows_Server_2022_Benchmark:2.0.0 is not applicable due to platform restriction(s).

Snip of the scan-debug-log is following with enhanced logging enabled:

2024-04-12T07:09:52 [INFO] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] xccdf_org.cisecurity.benchmarks_benchmark_2.0.0_CIS_Microsoft_Windows_Server_2022_Benchmark:2.0.0:xccdf_org.cisecurity.benchmarks_profile_Level_1_-Member_Server:xccdf_org.cisecurity.benchmarks_rule_2.3.6.5_L1_Ensure_Domain_member_Maximum_machine_account_password_age_is_set_to_30_or_fewer_days_but_not_0 (CIS-2.0.0/CIS_WINDOWS_2022/CIS_Microsoft_Windows_Server_2022_Benchmark_v2.0.0-oval.xml/oval-org.cisecurity.benchmarks.microsoft_windows_server_2022-def-3607233) - ERROR
2024-04-12T07:09:52 [INFO] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] xccdf_org.cisecurity.benchmarks_benchmark_2.0.0_CIS_Microsoft_Windows_Server_2022_Benchmark:2.0.0:xccdf_org.cisecurity.benchmarks_profile_Level_1
-Member_Server:CIS-2.0.0/CIS_WINDOWS_2022/CIS_Microsoft_Windows_Server_2022_Benchmark_v2.0.0-oval.xml/oval-org.cisecurity.benchmarks.microsoft_windows_server_2022-var-3607261 (CIS-2.0.0/CIS_WINDOWS_2022/CIS_Microsoft_Windows_Server_2022_Benchmark_v2.0.0-oval.xml/oval-org.cisecurity.benchmarks.microsoft_windows_server_2022-var-3607261) - ERROR
2024-04-12T07:09:52 [INFO] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] xccdf_org.cisecurity.benchmarks_benchmark_2.0.0_CIS_Microsoft_Windows_Server_2022_Benchmark:2.0.0:xccdf_org.cisecurity.benchmarks_profile_Level_1
-Member_Server:xccdf_org.cisecurity.benchmarks_rule_2.2.7_L1_Ensure_Allow_log_on_locally_is_set_to_Administrators (CIS-2.0.0/CIS_WINDOWS_2022/CIS_Microsoft_Windows_Server_2022_Benchmark_v2.0.0-oval.xml/oval-org.cisecurity.benchmarks.microsoft_windows_server_2022-def-3607147) - ERROR
2024-04-12T07:09:52 [DEBUG] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] PolicyResults: Policy xccdf_org.cisecurity.benchmarks_benchmark_2.0.0_CIS_Microsoft_Windows_Server_2022_Benchmark:2.0.0:xccdf_org.cisecurity.benchmarks_profile_Level_1
-Member_Server rule status statistics:
2024-04-12T07:09:52 [DEBUG] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] PolicyResults: Policy rule count: 447
2024-04-12T07:09:52 [DEBUG] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] PolicyResults: Policy rule pass count: 0
2024-04-12T07:09:52 [DEBUG] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] PolicyResults: Policy rule fail count: 0
2024-04-12T07:09:52 [DEBUG] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] PolicyResults: Policy rule error count: 447
2024-04-12T07:09:52 [DEBUG] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] PolicyResults: Policy rule unknown count: 0
2024-04-12T07:09:52 [DEBUG] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] PolicyResults: Policy rule not applicable count: 0
2024-04-12T07:09:52 [DEBUG] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] PolicyResults: Policy rule not checked count: 0
2024-04-12T07:09:52 [DEBUG] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] PolicyResults: Policy rule not selected count: 0
2024-04-12T07:09:52 [DEBUG] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] PolicyResults: Policy rule informational count: 0
2024-04-12T07:09:52 [DEBUG] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] PolicyResults: Policy rule fixed count: 0
2024-04-12T07:09:52 [INFO] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] [10.xx.yy.zz] xccdf_org.cisecurity.benchmarks_benchmark_2.0.0_CIS_Microsoft_Windows_Server_2022_Benchmark:2.0.0 is not applicable due to platform restriction(s).
2024-04-12T07:09:52 [DEBUG] [Thread: Site_1 - vulnerability scan@10.xx.yy.zz] [Site: Site_1 - vulnerability scan] CheckProcessor: Loaded 321 policy rules for policy xccdf_org.cisecurity.benchmarks_benchmark_2.0.0_CIS_Microsoft_Windows_Server_2022_Benchmark:2.0.0:xccdf_org.cisecurity.benchmarks_profile_Level_1
-_Member_Server.

Any idea what might cause this?

Did support resolve this issue for you? I am having the same problem. A server is fingerprinted correctly

SystemFingerprint [[architecture=x86_64][certainty=1.0][description=Microsoft Windows Server 2019 Datacenter Edition 1809][deviceClass=Server][family=Windows][product=Windows Server 2019 Datacenter Edition][vendor=Microsoft][version=1809]] source: Configured Credentials

but the Policy check result data is logging

Policy xccdf_org.cisecurity.benchmarks_benchmark_2.0.0_CIS_Microsoft_Windows_Server_2022_Benchmark:2.0.0:xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Member_Server not applicable.

xccdf_org.cisecurity.benchmarks_benchmark_2.0.0_CIS_Microsoft_Windows_Server_2022_Benchmark:2.0.0 is not applicable due to platform restriction(s).