800-53|SA-15

Title

DEVELOPMENT PROCESS, STANDARDS, AND TOOLS

Description

The organization:

Supplemental

Development tools include, for example, programming languages and computer-aided design (CAD) systems. Reviews of development processes can include, for example, the use of maturity models to determine the potential effectiveness of such processes. Maintaining the integrity of changes to tools and processes enables accurate supply chain risk assessment and mitigation, and requires robust configuration control throughout the life cycle (including design, development, transport, delivery, integration, and maintenance) to track authorized changes and prevent unauthorized changes.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SA-3,SA-8

Category: SYSTEM AND SERVICES ACQUISITION

Family: SYSTEM AND SERVICES ACQUISITION

Priority: P2

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate	Unix	CIS Kubernetes v1.10.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificate	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificate	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - key	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - key	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - key	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate	Unix	CIS Kubernetes v1.10.0 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.5 Ensure that the kubelet uses certificates to authenticate	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.6 Verify that the kubelet certificate authority is set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes v1.10.0 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.14 Ensure that the admission control plugin SecurityContextConstraint is set	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.15 Ensure that the admission control plugin NodeRestriction is set	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.15 Ensure that the admission control plugin PodSecurityPolicy is set	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.16 Ensure that the --insecure-bind-address argument is not set	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.17 Ensure that the --insecure-port argument is set to 0	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L1
2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L1
2.3.27.12 Ensure 'Encryption mode for Information Rights Management (IRM)' is set to 'Enabled: Cipher Block Chaining (CBC)'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.3.27.13 Ensure 'Encryption type for password protected Office 97-2003 files' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.3.27.14 Ensure 'Encryption type for password protected Office Open XML files' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.5.1.2.1 Ensure 'Authentication with Exchange server' is set to 'Enabled: Kerberos Password Authentication'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.7 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly	MySQLDB	CIS MySQL 5.6 Enterprise Database L2 v2.0.0
2.7 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly	MySQLDB	CIS MySQL 5.6 Community Database L2 v2.0.0
2.10 Ensure Only Approved Ciphers are Used	MySQLDB	CIS MySQL 5.6 Community Database L2 v2.0.0
2.10 Ensure Only Approved Ciphers are Used	MySQLDB	CIS MySQL 5.6 Enterprise Database L2 v2.0.0
2.10 Limit Accepted Transport Layer Security (TLS) Versions	Unix	CIS MariaDB 10.6 on Linux L2 v1.1.0
2.10 Limit Accepted Transport Layer Security (TLS) Versions	MySQLDB	CIS MariaDB 10.6 Database L2 v1.1.0
2.12 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly	MySQLDB	CIS MySQL 8.0 Community Database L2 v1.0.0
2.12 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly	MySQLDB	CIS MySQL 8.0 Enterprise Database L2 v1.3.0
2.12 Ensure Only Approved Ciphers are Used	MySQLDB	CIS MariaDB 10.6 Database L2 v1.1.0
2.12 Ensure Only Approved Ciphers are Used	Unix	CIS MariaDB 10.6 on Linux L2 v1.1.0
2.12 Limit Accepted Transport Layer Security (TLS) Versions	MySQLDB	CIS MySQL 5.7 Community Database L2 v2.0.0
2.12 Limit Accepted Transport Layer Security (TLS) Versions	MySQLDB	CIS MySQL 5.7 Enterprise Database L2 v2.0.0
2.14 Ensure Only Approved Ciphers are Used - ssl_cipher	MySQLDB	CIS MySQL 5.7 Community Database L2 v2.0.0
2.14 Ensure Only Approved Ciphers are Used - ssl_cipher	MySQLDB	CIS MySQL 5.7 Enterprise Database L2 v2.0.0
2.14 Ensure Only Approved Ciphers are Used - tls_ciphersuites	MySQLDB	CIS MySQL 5.7 Community Database L2 v2.0.0
2.15 Limit Accepted Transport Layer Security (TLS) Versions	MySQLDB	CIS MySQL 8.0 Enterprise Database L2 v1.3.0
2.15 Limit Accepted Transport Layer Security (TLS) Versions	MySQLDB	CIS MySQL 8.0 Community Database L2 v1.0.0
2.17 Ensure Only Approved Ciphers are Used	MySQLDB	CIS MySQL 8.0 Enterprise Database L2 v1.3.0
2.17 Ensure Only Approved Ciphers are Used	MySQLDB	CIS MySQL 8.0 Community Database L2 v1.0.0

Detections

Analytics