Item Search

NameAudit NamePluginCategory
1.1.13 Ensure that the admission control plugin SecurityContextDeny is setCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

ACCESS CONTROL

1.4.7 Ensure that the etcd pod specification file permissions are set to 644 or more restrictiveCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

CONFIGURATION MANAGEMENT

1.4.8 Ensure that the etcd pod specification file ownership is set to root:rootCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

CONFIGURATION MANAGEMENT

1.4.10 Ensure that the Container Network Interface file ownership is set to root:rootCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

CONFIGURATION MANAGEMENT

1.4.21 Ensure that the Kubernetes PKI key file permissions are set to 600CIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

CONFIGURATION MANAGEMENT

1.6.1 Ensure that the cluster-admin role is only used where requiredCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.7.1.4 Ensure permissions on /etc/motd are configuredCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0Unix

CONFIGURATION MANAGEMENT

1.7.4 Do not admit containers wishing to share the host network namespaceCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

2.2 Ensure the SharePoint farm service account (database access account) is configured with the minimum privileges for the local server.CIS Microsoft SharePoint 2016 OS v1.1.0Windows

ACCESS CONTROL

2.2 Ensure the SharePoint farm service account (database access account) is configured with the minimum privileges for the local server.CIS Microsoft SharePoint 2019 OS v1.0.0Windows

ACCESS CONTROL

2.2.2 Ensure that the kubelet.conf file ownership is set to root:rootCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

CONFIGURATION MANAGEMENT

2.2.3 Ensure that the kubelet service file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.3 Ensure that the kubelet service file permissions are set to 644 or more restrictiveCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.4 Ensure that the kubelet service file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.4 Ensure that the kubelet service file ownership is set to root:rootCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

CONFIGURATION MANAGEMENT

2.2.5 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictiveCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

3.1 Ensure that docker.service file ownership is set to root:rootCIS Docker Community Edition v1.1.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.2.1.9 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled'AirWatch - CIS Apple iOS 10 v2.0.0 Institution Owned L1MDM

CONFIGURATION MANAGEMENT

3.2.1.9 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled'MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1MDM

CONFIGURATION MANAGEMENT

3.2.1.11 Ensure 'Allow installing configuration profiles' is set to 'Disabled'AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1MDM

CONFIGURATION MANAGEMENT

3.2.1.12 Ensure 'Allow modifying cellular data app settings' is set to 'Disabled'MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L2MDM

CONFIGURATION MANAGEMENT

3.3 Ensure that docker.socket file ownership is set to root:rootCIS Docker Community Edition v1.1.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.4.4 Ensure permissions on /etc/hosts.allow are configuredCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0Unix

CONFIGURATION MANAGEMENT

3.7 Ensure that registry certificate file ownership is set to root:rootCIS Docker Community Edition v1.1.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.9 Ensure that TLS CA certificate file ownership is set to root:rootCIS Docker Community Edition v1.1.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.11 Ensure that Docker server certificate file ownership is set to root:rootCIS Docker Community Edition v1.1.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.15 Ensure that Docker socket file ownership is set to root:dockerCIS Docker Community Edition v1.1.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

3.19 Ensure that /etc/default/docker file ownership is set to root:rootCIS Docker Community Edition v1.1.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

4.1 Ensure a user for the container has been createdCIS Docker Community Edition v1.1.0 L1 DockerUnix

ACCESS CONTROL

4.1 Ensure Device is not Obviously JailbrokenAirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1MDM

ACCESS CONTROL

4.1 Ensure device is not obviously jailbrokenAirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1MDM

ACCESS CONTROL

4.1 Ensure device is not obviously jailbrokenMobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1MDM

ACCESS CONTROL

4.1 Ensure device is not obviously jailbrokenAirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1MDM

ACCESS CONTROL

4.1.12 Ensure use of privileged commands is collectedCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0Unix

AUDIT AND ACCOUNTABILITY

4.2.4 Ensure permissions on all logfiles are configuredCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

CONFIGURATION MANAGEMENT

5.1.2 Ensure permissions on /etc/crontab are configuredCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0Unix

CONFIGURATION MANAGEMENT

5.1.2 Ensure permissions on /etc/crontab are configuredCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

CONFIGURATION MANAGEMENT

5.1.5 Ensure permissions on /etc/cron.weekly are configuredCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

CONFIGURATION MANAGEMENT

6.30 Restrict Access to SYSIBMADM.OBJECTOWNERSCIS IBM DB2 v10 v1.1.0 Database Level 1IBM_DB2DB

ACCESS CONTROL

18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0Windows

ACCESS CONTROL

Audit Sensitive Privilege UseMSCT Windows 10 v20H2 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Sensitive Privilege UseMSCT Windows Server v1909 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Sensitive Privilege UseMSCT Windows 10 1809 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Ensure permissions on /etc/cron.d are configuredTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT

Ensure permissions on /etc/cron.monthly are configuredTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT

Ensure permissions on /etc/issue are configuredTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT

Ensure permissions on /etc/issue.net are configuredTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT

Ensure permissions on /etc/ssh/sshd_config are configuredTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT

Ensure permissions on all logfiles are configuredTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT

Ensure use of privileged commands is collectedTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY