Item Search

NameAudit NamePluginCategory
1.1 Create a separate partition for containersCIS Docker 1.11.0 v1.0.0 L1 LinuxUnix

SYSTEM AND COMMUNICATIONS PROTECTION

1.1 Create a separate partition for containersCIS Docker 1.12.0 v1.0.0 L1 LinuxUnix

SYSTEM AND COMMUNICATIONS PROTECTION

1.1 Create a separate partition for containersCIS Docker 1.13.0 v1.0.0 L1 LinuxUnix

SYSTEM AND COMMUNICATIONS PROTECTION

1.1 Create a separate partition for containersCIS Docker 1.6 v1.0.0 L1 LinuxUnix

SYSTEM AND COMMUNICATIONS PROTECTION

1.1 Ensure 'Web content' is on non-system partitionCIS IIS 10 v1.2.1 Level 1Windows

ACCESS CONTROL

1.1 Ensure a separate partition for containers has been createdCIS Docker Community Edition v1.1.0 L1 Linux Host OSUnix

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.1 Ensure a separate partition for containers has been createdCIS Docker v1.6.0 L1 Docker LinuxUnix

SYSTEM AND COMMUNICATIONS PROTECTION

1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceCIS MySQL 8.0 Enterprise Linux OS L1 v1.3.0Unix

ACCESS CONTROL

1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceCIS MySQL 8.0 Community Linux OS L1 v1.0.0Unix

ACCESS CONTROL

1.3 Ensure device is physically securedCIS Juniper OS Benchmark v2.1.0 L1Juniper

ACCESS CONTROL

1.17 Ensure a support role has been created to manage incidents with AWS SupportCIS Amazon Web Services Foundations L1 3.0.0amazon_aws

INCIDENT RESPONSE

1.20 Ensure that IAM Access analyzer is enabled for all regionsCIS Amazon Web Services Foundations L1 3.0.0amazon_aws

ACCESS CONTROL, MEDIA PROTECTION

1.22 Ensure access to AWSCloudShellFullAccess is restrictedCIS Amazon Web Services Foundations L1 3.0.0amazon_aws

ACCESS CONTROL

2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1MDM

ACCESS CONTROL

2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1MDM

ACCESS CONTROL

2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1MDM

ACCESS CONTROL

2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1MDM

ACCESS CONTROL

2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zonesCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL

2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zonesCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.4 Ensure that Cassandra is run using a non-privileged, dedicated service accountCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0Unix

ACCESS CONTROL

3.4 Ensure that Cassandra is run using a non-privileged, dedicated service accountCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0Unix

ACCESS CONTROL

4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

4.2.7 Ensure that the --make-iptables-util-chains argument is set to trueCIS Kubernetes v1.24 Benchmark v1.0.0 L1 WorkerUnix

CONFIGURATION MANAGEMENT

4.2.7 Ensure that the --make-iptables-util-chains argument is set to trueCIS Kubernetes v1.20 Benchmark v1.0.1 L1 WorkerUnix

CONFIGURATION MANAGEMENT

4.2.7 Ensure that the --make-iptables-util-chains argument is set to trueCIS Kubernetes v1.23 Benchmark v1.0.1 L1 WorkerUnix

CONFIGURATION MANAGEMENT

4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesAirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1MDM

ACCESS CONTROL

4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesMobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1MDM

ACCESS CONTROL

4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesMobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1MDM

ACCESS CONTROL

4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesAirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1MDM

ACCESS CONTROL

4.8 Ensure S3 bucket policy changes are monitoredCIS Amazon Web Services Foundations L1 3.0.0amazon_aws

AUDIT AND ACCOUNTABILITY

5.1.2 Minimize access to secretsCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL

5.1.2 Minimize access to secretsCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL

5.1.2 Minimize access to secretsCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL

5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterrolesCIS Kubernetes v1.24 Benchmark v1.0.0 L1 WorkerUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterrolesCIS Kubernetes v1.23 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterrolesCIS Kubernetes v1.20 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

5.1.3 Minimize wildcard use in Roles and ClusterRoles - rolesCIS Kubernetes v1.20 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

5.1.3 Minimize wildcard use in Roles and ClusterRoles - rolesCIS Kubernetes v1.23 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

5.1.3 Minimize wildcard use in Roles and ClusterRoles - rolesCIS Kubernetes v1.24 Benchmark v1.0.0 L1 WorkerUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

5.1.4 Minimize access to create podsCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

5.1.4 Minimize access to create podsCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

5.1.4 Minimize access to create podsCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

5.18 Ensure that host devices are not directly exposed to containersCIS Docker v1.6.0 L1 Docker LinuxUnix

ACCESS CONTROL

6.1.10 Ensure no world writable files existCIS Debian 9 Server L1 v1.0.1Unix

ACCESS CONTROL

6.1.10 Ensure no world writable files existCIS Debian 9 Workstation L1 v1.0.1Unix

ACCESS CONTROL

7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

ACCESS CONTROL

7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0Palo_Alto

ACCESS CONTROL

7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, MEDIA PROTECTION

7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 9 v1.1.0 L2Palo_Alto

ACCESS CONTROL, MEDIA PROTECTION