Item Search

NameAudit NamePluginCategory
1.1 Ensure 'Web content' is on non-system partitionCIS IIS 10 v1.2.0 Level 1Windows
1.1 Ensure web content is on non-system partitionCIS IIS 10 v1.1.1 Level 1Windows
1.1.1 Ensure a separate partition for containers has been createdCIS Docker v1.5.0 L1 Linux Host OSUnix
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceCIS MySQL 8.0 Enterprise Linux OS L1 v1.2.1Unix
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceCIS MySQL 8.0 Enterprise Linux OS L1 v1.1.0Unix
1.2.1 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes Benchmark v1.6.1 L1 MasterUnix
1.2.11 Ensure that the admission control plugin AlwaysAdmit is not setCIS Kubernetes Benchmark v1.6.1 L1 MasterUnix
1.3 Ensure device is physically securedCIS Juniper OS Benchmark v2.0.0 L1Juniper
1.14 Ensure that 'Guests can invite' is set to 'No'CIS Microsoft Azure Foundations v1.3.1 L2microsoft_azure
1.17 Ensure a support role has been created to manage incidents with AWS SupportCIS Amazon Web Services Foundations L1 1.5.0amazon_aws
1.17 Ensure a support role has been created to manage incidents with AWS SupportCIS Amazon Web Services Foundations L1 1.4.0amazon_aws
1.17 Ensure a support role has been created to manage incidents with AWS SupportCIS Amazon Web Services Foundations L1 2.0.0amazon_aws
1.20 Ensure that IAM Access analyzer is enabled for all regionsCIS Amazon Web Services Foundations L1 1.5.0amazon_aws
3.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllowCIS Google Kubernetes Engine (GKE) v1.1.0 L1 WorkerUnix
4.1.9 Minimize access to create persistent volumesCIS Google Kubernetes Engine (GKE) v1.5.0 L1GCP
4.1.10 Minimize access to the proxy sub-resource of nodesCIS Google Kubernetes Engine (GKE) v1.5.0 L1GCP
4.1.11 Minimize access to the approval sub-resource of certificatesigningrequests objectsCIS Google Kubernetes Engine (GKE) v1.5.0 L1GCP
4.1.12 Minimize access to webhook configuration objectsCIS Google Kubernetes Engine (GKE) v1.5.0 L1GCP
4.1.13 Minimize access to the service account token creationCIS Google Kubernetes Engine (GKE) v1.5.0 L1GCP
4.2.6 Ensure that the --make-iptables-util-chains argument is set to trueCIS Kubernetes Benchmark v1.7.1 L1 WorkerUnix
4.2.6 Ensure that the --make-iptables-util-chains argument is set to trueCIS Kubernetes Benchmark v1.8.0 L1 WorkerUnix
5.1.2 Minimize access to secretsCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
5.1.2 Minimize access to secretsCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix
5.1.3 Minimize wildcard use in Roles and ClusterRolesCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterrolesCIS Kubernetes Benchmark v1.8.0 L1 WorkerUnix
5.1.3 Minimize wildcard use in Roles and ClusterRoles - rolesCIS Kubernetes Benchmark v1.8.0 L1 WorkerUnix
5.1.4 Minimize access to create podsCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
5.1.4 Minimize access to create podsCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix
5.1.9 Minimize access to create persistent volumesCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
5.1.9 Minimize access to create persistent volumesCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix
5.1.10 Minimize access to the proxy sub-resource of nodesCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
5.1.10 Minimize access to the proxy sub-resource of nodesCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix
5.1.11 Minimize access to the approval sub-resource of certificatesigningrequests objectsCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
5.1.11 Minimize access to the approval sub-resource of certificatesigningrequests objectsCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix
5.1.12 Minimize access to webhook configuration objectsCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
5.1.12 Minimize access to webhook configuration objectsCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix
5.1.13 Minimize access to the service account token creationCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
5.1.13 Minimize access to the service account token creationCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix
5.17 Ensure that host devices are not directly exposed to containersCIS Docker v1.5.0 L1 Docker LinuxUnix
7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 10 v1.1.0 L2Palo_Alto
7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 9 v1.0.1 L2Palo_Alto
7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 10 v1.1.0 L1Palo_Alto
7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 10 v1.0.0 L1Palo_Alto
7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 9 v1.0.1 L1Palo_Alto
7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 10 v1.0.0 L2Palo_Alto
7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 11 v1.0.0 L1Palo_Alto
7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 11 v1.0.0 L2Palo_Alto
8.3 Ensure that Resource Locks are set for mission critical Azure resourcesCIS Microsoft Azure Foundations v1.3.1 L2microsoft_azure
8.5 Enable role-based access control (RBAC) within Azure Kubernetes ServicesCIS Microsoft Azure Foundations v1.3.1 L1microsoft_azure
9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'CIS Microsoft Azure Foundations v1.3.1 L2microsoft_azure