1.1 Ensure a separate user and group exist for Cassandra - group | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
1.1 Ensure a separate user and group exist for Cassandra - passwd | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
1.1 Ensure a separate user and group exist for Cassandra - user exists in group | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:root | CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master | Unix | CONFIGURATION MANAGEMENT |
1.1.10 Ensure that the Container Network Interface file ownership is set to root:root | CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master | Unix | CONFIGURATION MANAGEMENT |
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive | CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master | Unix | CONFIGURATION MANAGEMENT |
1.2.14 Ensure that the admission control plugin NamespaceLifecycle is set | CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master | Unix | ACCESS CONTROL |
1.2.15 Ensure that the admission control plugin NamespaceLifecycle is set | CIS Kubernetes Benchmark v1.5.1 L1 | Unix | ACCESS CONTROL |
1.2.16 Ensure that the admission control plugin NodeRestriction is set | CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master | Unix | ACCESS CONTROL |
1.3.1 Ensure sudo is installed | CIS Red Hat EL7 Workstation L1 v3.0.1 | Unix | CONFIGURATION MANAGEMENT |
1.3.2 Ensure sudo commands use pty | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
1.3.2 Ensure sudo commands use pty | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | ACCESS CONTROL |
1.3.2 Ensure sudo commands use pty | CIS Red Hat EL7 Workstation L1 v3.0.1 | Unix | ACCESS CONTROL |
1.5 Ensure the Cassandra service is run as a non-root user | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
1.13 Ensure there is only one active access key available for any single IAM user | CIS Amazon Web Services Foundations L1 1.3.0 | amazon_aws | IDENTIFICATION AND AUTHENTICATION |
1.13 Ensure there is only one active access key available for any single IAM user | CIS Amazon Web Services Foundations L1 3.0.0 | amazon_aws | ACCESS CONTROL |
1.16 Ensure IAM policies that allow full '*:*' administrative privileges are not attached - *:* administrative privileges are not attached | CIS Amazon Web Services Foundations L1 1.5.0 | amazon_aws | |
2.1 Run BIND as a non-root User - UID | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
2.6 Ensure that the User-ID service account does not have interactive logon rights | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL |
2.6 Ensure that the User-ID service account does not have interactive logon rights | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL |
3.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | ACCESS CONTROL |
3.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | ACCESS CONTROL |
4.1 Ensure that a user for the container has been created | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL |
4.1.4 If proxy kubeconfig file exists ensure ownership is set to root:root | CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Worker | Unix | CONFIGURATION MANAGEMENT |
4.1.8 Ensure that the client certificate authorities file ownership is set to root:root | CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Worker | Unix | CONFIGURATION MANAGEMENT |
4.3 Ensure excessive function privileges are revoked | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
4.3 Ensure excessive function privileges are revoked | CIS PostgreSQL 10 OS v1.0.0 | Unix | ACCESS CONTROL |
5.1.7 Avoid use of system:masters group | CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master | Unix | ACCESS CONTROL |
5.2.1 Ensure sudo is installed | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | ACCESS CONTROL |
5.2.1 Ensure sudo is installed | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
5.2.2 Ensure sudo commands use pty | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
5.2.2 Ensure sudo commands use pty | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | ACCESS CONTROL |
5.2.2 Ensure sudo commands use pty | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
5.2.2 Ensure sudo commands use pty | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
5.2.5 Minimize the admission of containers with allowPrivilegeEscalation | CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master | Unix | CONFIGURATION MANAGEMENT |
5.2.6 Minimize the admission of root containers | CIS Kubernetes v1.20 Benchmark v1.0.0 L2 Master | Unix | CONFIGURATION MANAGEMENT |
5.7 Ensure access to the su command is restricted - pam_wheel.so | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
5.7 Ensure access to the su command is restricted - wheel group contains root | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
5.7 Ensure access to the su command is restricted - wheel group contains root | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | ACCESS CONTROL |
6.1.1 Create baseline of executables that elevate to a different GUID (Not scored) | CIS IBM AIX 7.2 L2 v1.1.0 | Unix | ACCESS CONTROL |
6.1.3 Create baseline of executables that elevate directly to a new EUID (not scored) | CIS IBM AIX 7.2 L2 v1.1.0 | Unix | ACCESS CONTROL |
6.5 Ensure 'Superuser' Runtime Parameters are Configured | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
6.5 Restrict Access to the su Command - wheel:x:10:root, <user list>' | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
6.6 Ensure 'User' Runtime Parameters are Configured | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL |
6.6 Ensure 'User' Runtime Parameters are Configured | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
6.10.1.5 Ensure Remote Root-Login is denied via SSH | CIS Juniper OS Benchmark v2.0.0 L1 | Juniper | ACCESS CONTROL |
6.11.4 Ensure Console Port is Set as Insecure | CIS Juniper OS Benchmark v2.0.0 L2 | Juniper | ACCESS CONTROL |
6.11.5 Ensure Log-out-on-disconnect is Set for Console | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL |
6.11.5 Ensure Log-out-on-disconnect is Set for Console | CIS Juniper OS Benchmark v2.0.0 L1 | Juniper | MAINTENANCE |
7.2 Ensure a replication-only user is created and used for streaming replication | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |