Item Search

NameAudit NamePluginCategory
1.1.1 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.4.1.4 Ensure 'Disable user name and password' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

1.1.4.1.9 Ensure 'Object Caching Protection' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

1.1.4.1.11 Ensure 'Restrict ActiveX Install' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.11 Ensure that the admission control policy is set to DenyEscalatingExecCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

1.1.19 Ensure that the --token-auth-file parameter is not setCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.32 Ensure that the admission control policy is set to NodeRestrictionCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

1.4.2 Ensure that the API server pod specification file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.7 Ensure that the etcd pod specification file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.9 Ensure that the Container Network Interface file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.10 Ensure that the Container Network Interface file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix
1.4.12 Ensure that the etcd data directory ownership is set to etcd:etcdCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix
1.4.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.5.1 Ensure that the --cert-file and --key-file arguments are set as appropriate - ca-fileCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.5.2 Ensure that the --client-cert-auth argument is set to trueCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.5.7 Ensure that the --wal-dir argument is set as appropriateCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

AUDIT AND ACCOUNTABILITY

1.6.5 Ensure that the seccomp profile is set to docker/default in your pod definitionsCIS Kubernetes 1.8 Benchmark v1.2.0 L2Unix
2.1.1 Ensure that the --allow-privileged argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

2.1.1.3.2.2 Ensure 'Block macros from running in Office files from the internet' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

2.1.1.3.2.3 Ensure 'Disable Trust Bar Notification for unsigned application add-ins and block them' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

2.1.3 Ensure that the --authorization-mode argument is not set to AlwaysAllowCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

2.1.5 Ensure that the --read-only-port argument is set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.9 Ensure that the --keep-terminated-pod-volumes argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.13 Ensure that the --cadvisor-port argument is set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.14 Ensure that the RotateKubeletClientCertificate argument is not set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

2.2.5 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.6 Ensure that the proxy kubeconfig file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.3.2 Ensure 'SQLNET.CRYPTO_CHECKSUM_SERVER' Is Set to 'REQUIRED'CIS Oracle Server 19c Linux v1.2.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.36.1.1 Ensure 'Conversion Service Options' is set to 'Enabled: Do not allow to use Microsoft Conversion Service'CIS Microsoft Office Enterprise v1.2.0 L2Windows

CONFIGURATION MANAGEMENT

2.3.38.1.1 Ensure 'Improve Proofing Tools' is set to 'Disabled'CIS Microsoft Office Enterprise v1.2.0 L2Windows

CONFIGURATION MANAGEMENT

2.5.10.11 Ensure 'Internet and network paths into hyperlinks' is set to 'Disabled'CIS Microsoft Office Enterprise v1.2.0 L2Windows

CONFIGURATION MANAGEMENT

2.6.6.6.6 Ensure 'Turn off file validation' is set to 'Disabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

2.8.4.1.4 Ensure 'VBA Macro Notification Settings' is set to 'Enabled: Disable all except digitally signed macros'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

3.1 Ensure least privilege for database accountsCIS MongoDB 5 L1 DB v1.2.0MongoDB

ACCESS CONTROL

3.1.1 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

3.1.5 Ensure that the --insecure-port argument is set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

3.1.6 Ensure that the --secure-port argument is not set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.9 Ensure that the admission control policy is set to NamespaceLifecycleCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

3.1.16 Ensure that the --service-account-lookup argument is set to trueCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

3.2.1 Ensure that the --profiling argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

3.3 Ensure that MongoDB is run using a non-privileged, dedicated service accountCIS MongoDB 6 v1.2.0 L1 MongoDBWindows

ACCESS CONTROL

3.5 Review Superuser/Admin Roles - clusterAdminCIS MongoDB 5 L2 DB v1.2.0MongoDB

ACCESS CONTROL

3.5 Review Superuser/Admin Roles - hostManagerCIS MongoDB 5 L2 DB v1.2.0MongoDB

ACCESS CONTROL

3.5 Review Superuser/Admin Roles - userAdminCIS MongoDB 5 L2 DB v1.2.0MongoDB

ACCESS CONTROL

4.3 Ensure Encryption of Data in Transit TLS or SSL (Transport Encryption)CIS MongoDB 6 v1.2.0 L1 MongoDBWindows

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Ensure Federal Information Processing Standard (FIPS) is enabledCIS MongoDB 6 v1.2.0 L2 MongoDBWindows

SYSTEM AND COMMUNICATIONS PROTECTION

5.3 Ensure that logging captures as much information as possibleCIS MongoDB 6 v1.2.0 L2 MongoDBWindows

AUDIT AND ACCOUNTABILITY

5.4 Ensure that new entries are appended to the end of the log fileCIS MongoDB 6 v1.2.0 L2 MongoDBWindows

AUDIT AND ACCOUNTABILITY

7.1 Ensure appropriate key file permissions are setCIS MongoDB 6 v1.2.0 L1 MongoDBWindows

IDENTIFICATION AND AUTHENTICATION