Item Search

NameAudit NamePluginCategory
1.2 Do Not Install a Multi-Use System - chkconfigCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

1.2 Do Not Install a Multi-Use System - chkconfigCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

1.2 Do Not Install a Multi-Use System - systemctlCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

1.2 Do Not Install a Multi-Use System - systemctlCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

SYSTEM AND SERVICES ACQUISITION

1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

SYSTEM AND SERVICES ACQUISITION

1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

SYSTEM AND SERVICES ACQUISITION

1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

SYSTEM AND SERVICES ACQUISITION

1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

SYSTEM AND SERVICES ACQUISITION

1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

SYSTEM AND SERVICES ACQUISITION

1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriateCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

SYSTEM AND SERVICES ACQUISITION

1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriateCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

SYSTEM AND SERVICES ACQUISITION

1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriateCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

SYSTEM AND SERVICES ACQUISITION

1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not usedCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

SYSTEM AND SERVICES ACQUISITION

1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not usedCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

SYSTEM AND SERVICES ACQUISITION

1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not usedCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

SYSTEM AND SERVICES ACQUISITION

1.3 Dedicated Name Server RoleCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

1.3 Dedicated Name Server RoleCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

2.2 Ensure 'Protect RE' Firewall Filter includes explicit terms for all Management ServicesCIS Juniper OS Benchmark v2.1.0 L2Juniper

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.2 Ensure network traffic is restricted between containers on the default bridgeCIS Docker v1.6.0 L1 Docker LinuxUnix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Ensure 'Protect RE' Firewall Filter includes explicit terms for all ProtocolsCIS Juniper OS Benchmark v2.1.0 L2Juniper

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabledCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL

2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabledCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - Link local addressesCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - Link local addressesCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - Multicast addressesCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - Multicast addressesCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 10/8; addressesCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 10/8; addressesCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 172.16/12; addressesCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 172.16/12; addressesCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 192.168/16; addressesCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 192.168/16; addressesCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

3.2.5 Disable IP Source-RoutingCIS Cisco NX-OS L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Ensure interface description is setCIS Juniper OS Benchmark v2.1.0 L1Juniper

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

3.4 Restrict Queries of the Cache - Authoritative OnlyCIS BIND DNS v1.0.0 L1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

3.4 Restrict Queries of the Cache - Caching OnlyCIS BIND DNS v1.0.0 L1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

3.5.2 Configure FCoE ZoningCIS Cisco NX-OS L2 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.13 Ensure VPN traffic goes through the relevant ACLCIS Cisco ASA 9.x Firewall L2 v1.1.0Cisco

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

3.16 Configure Mail Transfer Agent for Local-Only Mode - O DaemonPortOptions=Port=smtp, Addr=127.0.0.1, Name=MTACIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT

4.12.1 Ensure LLDP is Disabled if not RequiredCIS Juniper OS Benchmark v2.1.0 L2Juniper

CONFIGURATION MANAGEMENT

4.12.2 Ensure LLDP-MED is Disabled if not RequiredCIS Juniper OS Benchmark v2.1.0 L2Juniper

CONFIGURATION MANAGEMENT

6.10.9 Ensure Finger Service is Not SetCIS Juniper OS Benchmark v2.1.0 L1Juniper

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

7.2 Ensure that swarm services are bound to a specific host interfaceCIS Docker v1.6.0 L1 Docker SwarmUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.5 Firewall ConsiderationCIS Apple macOS 10.13 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

7.5 Firewall ConsiderationCIS Apple macOS 10.12 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

9.1 Ensure the TimeOut Is Set to 10 or LessCIS Apache HTTP Server 2.4 L1 v2.1.0 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

9.1 Ensure the TimeOut Is Set to 10 or LessCIS Apache HTTP Server 2.4 L1 v2.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION