Item Search

NameAudit NamePluginCategory
1.1.8 Ensure that the --repair-malformed-updates argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.1.13 Ensure that the admission control policy is set to NamespaceLifecycleCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-certificateCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.27 Ensure that the admission control policy is set to ServiceAccountCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-private-key-fileCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.30 Ensure that the --etcd-cafile argument is set as appropriateCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.36 Ensure that the AdvancedAuditing argument is not set to false - audit-policy-file contentsCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

AUDIT AND ACCOUNTABILITY

1.1.36 Ensure that the AdvancedAuditing argument is not set to false - audit-policy-file parameterCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

AUDIT AND ACCOUNTABILITY

1.1.37 Ensure that the --request-timeout argument is set as appropriateCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.1 Ensure that the --profiling argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.3 Enable app update installsCIS Apple macOS 10.12 L1 v1.2.0Unix

SYSTEM AND INFORMATION INTEGRITY

1.3.5 Ensure that the --root-ca-file argument is set as appropriateCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.3.7 Ensure that the RotateKubeletServerCertificate argument is set to trueCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4 Enable system data files and security update installs - 'CriticalUpdateInstall'CIS Apple macOS 10.12 L1 v1.2.0Unix

SYSTEM AND INFORMATION INTEGRITY

1.4.3 Ensure that the controller manager pod specification file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.8 Ensure that the etcd pod specification file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.15 Ensure that the scheduler.conf file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.5 Enable macOS update installsCIS Apple macOS 10.12 L1 v1.2.0Unix

SYSTEM AND INFORMATION INTEGRITY

1.6.3 Create administrative boundaries between resources using namespacesCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

1.6.7 Configure Image Provenance using ImagePolicyWebhook admission controllerCIS Kubernetes 1.8 Benchmark v1.2.0 L2Unix
2.1.2 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

2.1.2 Turn off Bluetooth 'Discoverable' mode when not pairing devicesCIS Apple macOS 10.12 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

2.2.2 Ensure time set is within appropriate limitsCIS Apple macOS 10.12 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

2.3.3 Set a screen corner to Start Screen SaverCIS Apple macOS 10.12 L1 v1.2.0Unix

ACCESS CONTROL

2.4.6 Disable DVD or CD SharingCIS Apple macOS 10.12 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

3.1.8 Ensure that the admission control policy is not set to AlwaysAdmitCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

3.1.10 Ensure that the --audit-log-path argument is set as appropriateCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

AUDIT AND ACCOUNTABILITY

3.1.14 Ensure that the --authorization-mode argument is not set to AlwaysAllowCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

3.1.17 Ensure that the --service-account-key-file argument is set as appropriateCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

3.1.19 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-cert-fileCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

7.1 (L2) Virtual machines must enable Secure BootCIS VMware ESXi 8.0 v1.2.0 L2VMware

CONFIGURATION MANAGEMENT, MAINTENANCE

7.4 (L2) Virtual machines should deactivate 3D graphics features when not requiredCIS VMware ESXi 8.0 v1.2.0 L2VMware

CONFIGURATION MANAGEMENT

8.8 (L2) VMware Tools must deactivate ContainerInfo unless requiredCIS VMware ESXi 8.0 v1.2.0 L2VMware

CONFIGURATION MANAGEMENT

18.9.19.1 (L1) Ensure 'Turn off desktop gadgets' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.19.1 (L1) Ensure 'Turn off desktop gadgets' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.46.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Windows Server 2012 DC L2 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows Server 2022 v4.0.0 L2 DCWindows

CONFIGURATION MANAGEMENT

18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows Server 2022 v4.0.0 L2 MSWindows

CONFIGURATION MANAGEMENT

18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows Server 2025 v1.0.0 L2 MSWindows

CONFIGURATION MANAGEMENT

18.9.47.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 MSWindows

CONFIGURATION MANAGEMENT

18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NGWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BLWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.9.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 BitLockerWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.3.9 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 BLWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.10.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v4.0.0 BLWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.28.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows Server 2016 v3.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.28.2 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member ServerWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.28.2 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.29.3 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY