Item Search

NameAudit NamePluginCategory
1.1.1 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.4.1.4 Ensure 'Disable user name and password' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

1.1.4.1.9 Ensure 'Object Caching Protection' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT

1.1.4.1.11 Ensure 'Restrict ActiveX Install' is set to 'Enabled'CIS Microsoft Office Enterprise v1.2.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.11 Ensure that the admission control policy is set to DenyEscalatingExecCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

1.1.19 Ensure that the --token-auth-file parameter is not setCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.32 Ensure that the admission control policy is set to NodeRestrictionCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

1.4.2 Ensure that the API server pod specification file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.7 Ensure that the etcd pod specification file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.9 Ensure that the Container Network Interface file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.10 Ensure that the Container Network Interface file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix
1.4.12 Ensure that the etcd data directory ownership is set to etcd:etcdCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix
1.4.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.5.1 Ensure that the --cert-file and --key-file arguments are set as appropriate - ca-fileCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.5.2 Ensure that the --client-cert-auth argument is set to trueCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.5.7 Ensure that the --wal-dir argument is set as appropriateCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

AUDIT AND ACCOUNTABILITY

1.6.5 Ensure that the seccomp profile is set to docker/default in your pod definitionsCIS Kubernetes 1.8 Benchmark v1.2.0 L2Unix
2.1.1 Ensure that the --allow-privileged argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

2.1.3 Ensure that the --authorization-mode argument is not set to AlwaysAllowCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

2.1.5 Ensure that the --read-only-port argument is set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.9 Ensure that the --keep-terminated-pod-volumes argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.13 Ensure that the --cadvisor-port argument is set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.14 Ensure that the RotateKubeletClientCertificate argument is not set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

2.2.5 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.6 Ensure that the proxy kubeconfig file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

3.1.1 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

3.1.5 Ensure that the --insecure-port argument is set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

3.1.6 Ensure that the --secure-port argument is not set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.9 Ensure that the admission control policy is set to NamespaceLifecycleCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

3.1.16 Ensure that the --service-account-lookup argument is set to trueCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

3.2.1 Ensure that the --profiling argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

CIS Control 1 (1.4) Maintain Detailed Asset InventoryCAS Implementation Group 1 Audit FileUnix

CONFIGURATION MANAGEMENT

CIS Control 10 (10.2) Perform Complete System BackupsCAS Implementation Group 1 Audit FileUnix

CONTINGENCY PLANNING

CIS_Apache_Tomcat_8_L2_v1.1.0.audit from CIS Apache Tomcat 8 BenchmarkCIS Apache Tomcat 8 L2 v1.1.0Unix
CIS_Apache_Tomcat_10_L1_v1.1.0.audit from CIS Apache Tomcat 10 BenchmarkCIS Apache Tomcat 10 L1 v1.1.0Unix
CIS_Apache_Tomcat_10_L2_v1.1.0.audit from CIS Apache Tomcat 10 BenchmarkCIS Apache Tomcat 10 L2 v1.1.0Unix
CIS_CentOS_Linux_8_v2.0.0_L1_Server.audit from CIS CentOS Linux 8 Benchmark v2.0.0CIS CentOS Linux 8 Server L1 v2.0.0Unix
CIS_CentOS_Linux_8_v2.0.0_L1_Workstation.audit from CIS CentOS Linux 8 Benchmark v2.0.0CIS CentOS Linux 8 Workstation L1 v2.0.0Unix
CIS_Debian_Linux_9_Server_v1.0.1_L1.audit from CIS Debian Linux 9 BenchmarkCIS Debian 9 Server L1 v1.0.1Unix
CIS_Debian_Linux_10_v2.0.0_L1_Server.audit from CIS Debian Linux 10 Benchmark v2.0.0CIS Debian 10 Server L1 v2.0.0Unix
CIS_Debian_Linux_12_v1.1.0_L2_Workstation.audit from CIS Debian Linux 12 Benchmark v1.1.0CIS Debian Linux 12 v1.1.0 L2 WorkstationUnix
CIS_Google_Chrome_L2_v3.0.0.audit from CIS Google Chrome Benchmark v3.0.0CIS Google Chrome L2 v3.0.0Windows
CIS_Oracle_Linux_7_v4.0.0_L1_Server.audit from CIS Oracle Linux 7 Benchmark v4.0.0CIS Oracle Linux 7 v4.0.0 L1 ServerUnix
CIS_Oracle_Linux_7_v4.0.0_L1_Workstation.audit from CIS Oracle Linux 7 Benchmark v4.0.0CIS Oracle Linux 7 v4.0.0 L1 WorkstationUnix
CIS_Oracle_Linux_7_v4.0.0_L2_Server.audit from CIS Oracle Linux 7 Benchmark v4.0.0CIS Oracle Linux 7 v4.0.0 L2 ServerUnix
CIS_Oracle_Linux_9_v2.0.0_L1_Server.audit from CIS Oracle Linux 9 Benchmark v2.0.0CIS Oracle Linux 9 v2.0.0 L1 ServerUnix
CIS_Oracle_Server_18c_v1.1.0_L1_Windows.audit from CIS Oracle Database 18c Benchmark v1.1.0CIS Oracle Server 18c Windows v1.1.0Windows
CIS_Rocky_Linux_8_v2.0.0_L1_Server.audit from CIS Rocky Linux 8 Benchmark v2.0.0CIS Rocky Linux 8 Server L1 v2.0.0Unix
CIS_Rocky_Linux_9_v2.0.0_L2_Workstation.audit from CIS Rocky Linux 9 Benchmark v2.0.0CIS Rocky Linux 9 v2.0.0 L2 WorkstationUnix