1.1.13 Ensure that the admission control plugin SecurityContextDeny is set | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
1.4.7 Ensure that the etcd pod specification file permissions are set to 644 or more restrictive | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
1.4.8 Ensure that the etcd pod specification file ownership is set to root:root | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
1.4.10 Ensure that the Container Network Interface file ownership is set to root:root | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
1.4.21 Ensure that the Kubernetes PKI key file permissions are set to 600 | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
1.6.1 Ensure that the cluster-admin role is only used where required | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
1.7.1.4 Ensure permissions on /etc/motd are configured | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
1.7.4 Do not admit containers wishing to share the host network namespace | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
2.2 Ensure the SharePoint farm service account (database access account) is configured with the minimum privileges for the local server. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | ACCESS CONTROL |
2.2 Ensure the SharePoint farm service account (database access account) is configured with the minimum privileges for the local server. | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | ACCESS CONTROL |
2.2.2 Ensure that the kubelet.conf file ownership is set to root:root | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
2.2.3 Ensure that the kubelet service file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
2.2.3 Ensure that the kubelet service file permissions are set to 644 or more restrictive | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
2.2.4 Ensure that the kubelet service file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
2.2.4 Ensure that the kubelet service file ownership is set to root:root | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
2.2.5 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
3.1 Ensure that docker.service file ownership is set to root:root | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.2.1.9 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled' | AirWatch - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
3.2.1.9 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled' | MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
3.2.1.11 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
3.2.1.12 Ensure 'Allow modifying cellular data app settings' is set to 'Disabled' | MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
3.3 Ensure that docker.socket file ownership is set to root:root | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.4.4 Ensure permissions on /etc/hosts.allow are configured | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
3.7 Ensure that registry certificate file ownership is set to root:root | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.9 Ensure that TLS CA certificate file ownership is set to root:root | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.11 Ensure that Docker server certificate file ownership is set to root:root | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.15 Ensure that Docker socket file ownership is set to root:docker | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.19 Ensure that /etc/default/docker file ownership is set to root:root | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
4.1 Ensure a user for the container has been created | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | ACCESS CONTROL |
4.1 Ensure Device is not Obviously Jailbroken | AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
4.1 Ensure device is not obviously jailbroken | AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
4.1 Ensure device is not obviously jailbroken | MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
4.1 Ensure device is not obviously jailbroken | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
4.1.12 Ensure use of privileged commands is collected | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.2.4 Ensure permissions on all logfiles are configured | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
5.1.2 Ensure permissions on /etc/crontab are configured | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
5.1.2 Ensure permissions on /etc/crontab are configured | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
5.1.5 Ensure permissions on /etc/cron.weekly are configured | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
6.30 Restrict Access to SYSIBMADM.OBJECTOWNERS | CIS IBM DB2 v10 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL |
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
Audit Sensitive Privilege Use | MSCT Windows 10 v20H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
Audit Sensitive Privilege Use | MSCT Windows Server v1909 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
Audit Sensitive Privilege Use | MSCT Windows 10 1809 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
Ensure permissions on /etc/cron.d are configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
Ensure permissions on /etc/cron.monthly are configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
Ensure permissions on /etc/issue are configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
Ensure permissions on /etc/issue.net are configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
Ensure permissions on /etc/ssh/sshd_config are configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
Ensure permissions on all logfiles are configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
Ensure use of privileged commands is collected | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |