Item Search

NameAudit NamePluginCategory
1.1.2.1 Set 'Audit Policy: Privilege Use: Sensitive Privilege Use' to 'Success and Failure'CIS Windows 8 L1 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

1.1.13 Ensure that the admission control plugin SecurityContextDeny is setCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

ACCESS CONTROL

1.4.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictiveCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

CONFIGURATION MANAGEMENT

1.4.3 Ensure that the controller manager pod specification file permissions are set to 644 or more restrictiveCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

CONFIGURATION MANAGEMENT

1.4.4 Ensure that the controller manager pod specification file ownership is set to root:rootCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.6 Ensure that the scheduler pod specification file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.6 Ensure that the scheduler pod specification file ownership is set to root:rootCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

CONFIGURATION MANAGEMENT

1.4.8 Ensure that the etcd pod specification file ownership is set to root:rootCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.10 Ensure that the Container Network Interface file ownership is set to root:rootCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.13 Ensure that the admin.conf file permissions are set to 644 or more restrictiveCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.15 Ensure that the scheduler.conf file permissions are set to 644 or more restrictiveCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.16 Ensure that the scheduler.conf file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.16 Ensure that the scheduler.conf file ownership is set to root:rootCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

CONFIGURATION MANAGEMENT

1.4.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictiveCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.18 Ensure that the controller-manager.conf file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.18 Ensure that the controller-manager.conf file ownership is set to root:rootCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.18 Ensure that the controller-manager.conf file ownership is set to root:rootCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

CONFIGURATION MANAGEMENT

1.7.1.5 Ensure permissions on /etc/issue are configuredCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

CONFIGURATION MANAGEMENT

1.7.2 Do not admit containers wishing to share the host process ID namespaceCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

1.7.3 Do not admit containers wishing to share the host IPC namespaceCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

CONFIGURATION MANAGEMENT

2.1.1 Ensure that the --allow-privileged argument is set to falseCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

ACCESS CONTROL

2.2.4 Ensure that the kubelet file ownership is set to root:rootCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.8 Ensure that the client certificate authorities file ownership is set to root:rootCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.9 Ensure that the kubelet configuration file ownership is set to root:rootCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

2.3 Ensure the SharePoint setup account is configured with the minimum privileges in Active Directory.CIS Microsoft SharePoint 2016 OS v1.1.0Windows

ACCESS CONTROL

3.1.1 Ensure 'Controls when the profile can be removed' is set to 'Never'MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1MDM

ACCESS CONTROL

3.1.1 Ensure 'Controls when the profile can be removed' is set to 'Never'MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1MDM

ACCESS CONTROL

3.1.3 Require explicit authorization for catalogingCIS IBM DB2 v10 v1.1.0 Windows OS Level 2Windows

ACCESS CONTROL

3.2.1.9 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled'MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1MDM

CONFIGURATION MANAGEMENT

3.2.1.9 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled'MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1MDM

CONFIGURATION MANAGEMENT

3.2.1.13 Ensure 'Allow modifying cellular data app settings' is set to 'Disabled'AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L2MDM

CONFIGURATION MANAGEMENT

3.2.1.13 Ensure 'Allow modifying cellular data app settings' is set to 'Disabled'MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L2MDM

CONFIGURATION MANAGEMENT

3.3 Ensure that MongoDB is run using a non-privileged, dedicated service accountCIS MongoDB 3.4 L1 Unix Audit v1.0.0Unix

ACCESS CONTROL

3.4.5 Ensure permissions on /etc/hosts.deny are configuredCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0Unix

CONFIGURATION MANAGEMENT

4.1 Ensure device is not obviously jailbrokenAirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1MDM

ACCESS CONTROL

4.1 Ensure device is not obviously jailbrokenMobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1MDM

ACCESS CONTROL

4.5 Verify Active Directory group membership for the 'ESX Admins' groupCIS VMware ESXi 5.1 v1.0.1 Level 1VMware

ACCESS CONTROL

5.1.3 Ensure permissions on /etc/cron.hourly are configuredCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0Unix

CONFIGURATION MANAGEMENT

5.1.7 Ensure permissions on /etc/cron.d are configuredCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0Unix

CONFIGURATION MANAGEMENT

5.2.1 Ensure permissions on /etc/ssh/sshd_config are configuredCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0Unix

CONFIGURATION MANAGEMENT

8.5 Remove the toor user.CIS FreeBSD v1.0.5Unix

ACCESS CONTROL

Audit Sensitive Privilege UseMSCT Windows Server v1909 MS v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Sensitive Privilege UseMSCT Windows 10 v2004 v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Sensitive Privilege UseMSCT Windows Server v20H2 MS v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Sensitive Privilege UseMSCT Windows Server v2004 MS v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Sensitive Privilege UseMSCT Windows Server 2012 R2 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Sensitive Privilege UseMSCT Windows Server 2019 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Sensitive Privilege UseMSCT Windows Server 2019 MS v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Ensure permissions on /etc/cron.weekly are configuredTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT