1.1.3 Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled'. | CIS Google Chrome L1 v2.0.0 | Windows | CONFIGURATION MANAGEMENT |
1.2.1 Set 'privilege 1' for local users - 'All users have encrypted passwords' | CIS Cisco IOS 15 L1 v4.1.0 | Cisco | |
1.2.1 Set 'privilege 1' for local users - 'No users with privileges 2-15' | CIS Cisco IOS 15 L1 v4.1.0 | Cisco | |
1.2.15 Ensure that the admission control plugin NamespaceLifecycle is set | CIS Kubernetes Benchmark v1.6.1 L1 Master | Unix | |
1.2.16 Ensure that the admission control plugin PodSecurityPolicy is set | CIS Kubernetes Benchmark v1.6.1 L1 Master | Unix | |
1.2.17 Ensure that the admission control plugin NodeRestriction is set | CIS Kubernetes Benchmark v1.6.1 L1 Master | Unix | |
1.3.1 Ensure sudo is installed | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | ACCESS CONTROL |
1.3.1 Ensure sudo is installed | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
1.3.1 Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | CIS Kubernetes Benchmark v1.6.1 L1 Master | Unix | |
1.3.2 Ensure sudo commands use pty | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | ACCESS CONTROL |
1.3.2 Ensure that the --profiling argument is set to false | CIS Kubernetes Benchmark v1.6.1 L1 Master | Unix | |
1.3.3 Ensure that the --use-service-account-credentials argument is set to true | CIS Kubernetes Benchmark v1.6.1 L1 Master | Unix | |
1.11 Ensure that Separation of duties is enforced while assigning KMS related roles to users | CIS Google Cloud Platform v1.1.0 L2 | GCP | |
1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' | CIS Microsoft Azure Foundations v1.3.1 L1 | microsoft_azure | |
1.16 Ensure IAM policies that allow full '*:*' administrative privileges are not attached | CIS Amazon Web Services Foundations L1 2.0.0 | amazon_aws | |
1.16 Ensure IAM policies that allow full '*:*' administrative privileges are not attached - *:* administrative privileges are not attached | CIS Amazon Web Services Foundations L1 1.4.0 | amazon_aws | |
1.21 Ensure that no custom subscription owner roles are created - Action Types | CIS Microsoft Azure Foundations v1.3.1 L2 | microsoft_azure | |
1.21 Ensure that no custom subscription owner roles are created - Assignable Scope | CIS Microsoft Azure Foundations v1.3.1 L2 | microsoft_azure | |
2.2 Ensure that the --client-cert-auth argument is set to true | CIS Kubernetes Benchmark v1.6.1 L1 Master | Unix | |
2.4 Ensure Docker is allowed to make changes to iptables - daemon.json | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
2.6 Ensure that the --peer-auto-tls argument is not set to true | CIS Kubernetes Benchmark v1.6.1 L1 Master | Unix | |
2.14 Ensure containers are restricted from acquiring new privileges | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
3.1 Ensure that the docker.service file ownership is set to root:root | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
3.3 Ensure that docker.socket file ownership is set to root:root | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
3.5 Ensure that the /etc/docker directory ownership is set to root:root | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
3.7 Ensure that registry certificate file ownership is set to root:root | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
3.13 Ensure that the Docker server certificate key file ownership is set to root:root | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
3.15 Ensure that the Docker socket file ownership is set to root:docker | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
3.17 Ensure that the daemon.json file ownership is set to root:root | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
3.19 Ensure that the /etc/default/docker file ownership is set to root:root | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
3.21 Ensure that the /etc/sysconfig/docker file ownership is set to root:root | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
4.1 Ensure that a user for the container has been created | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
4.8 Ensure setuid and setgid permissions are removed | CIS Docker v1.3.1 L2 Docker Linux | Unix | |
5.1.8 Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes cluster | CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master | Unix | IDENTIFICATION AND AUTHENTICATION |
5.2 Ensure SNMPv1/2 are set to Read Only | CIS Juniper OS Benchmark v2.0.0 L1 | Juniper | ACCESS CONTROL |
5.2 Ensure SNMPv1/2 are set to Read Only | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL |
5.5 Ensure SNMP Write Access is not set | CIS Juniper OS Benchmark v2.0.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
5.8.3 Ensure Legacy Authorization (ABAC) is Disabled | CIS Google Kubernetes Engine (GKE) v1.5.0 L1 | GCP | |
5.8.4 Ensure Legacy Authorization (ABAC) is Disabled | CIS Google Kubernetes Engine (GKE) v1.4.0 L1 | GCP | |
5.8.4 Ensure Legacy Authorization (ABAC) is Disabled | CIS Google Kubernetes Engine (GKE) v1.1.0 L1 Master | GCP | |
5.8.4 Ensure Legacy Authorization (ABAC) is Disabled | CIS Google Kubernetes Engine (GKE) v1.3.0 L1 | GCP | |
5.22 Ensure that docker exec commands are not used with the privileged option | CIS Docker v1.3.1 L2 Docker Linux | Unix | |
5.23 Ensure that docker exec commands are not used with the user=root option | CIS Docker v1.3.1 L2 Docker Linux | Unix | |
5.25 Ensure that the container is restricted from acquiring additional privileges | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
5.31 Ensure that the Docker socket is not mounted inside any containers | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
6.1.2 Create baseline of executables that require a specific group for elevation to a different EUID (not scored) | CIS IBM AIX 7.2 L2 v1.1.0 | Unix | ACCESS CONTROL |
6.4 Restrict root Login to System Console | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
6.5 Restrict Access to the su Command - auth required pam_wheel.so use_uid' | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
6.11.4 Ensure Console Port is Set as Insecure | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | ACCESS CONTROL |
8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services | CIS Microsoft Azure Foundations v1.3.1 L1 | microsoft_azure | |