Detections
Analytics

CSCv6|14

Title

Controlled Access Based on the Need to Know

Description

Controlled Access Based on the Need to Know

Reference Item Details

Category: Controlled Access Based on the Need to Know

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 Ensure that the --anonymous-auth argument is set to falseUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.1 Ensure that the --anonymous-auth argument is set to falseUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.1 Ensure that the --anonymous-auth argument is set to falseUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.2 Ensure that the --anonymous-auth argument is set to falseUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.3.8.4 Set 'Microsoft network server: Server SPN target name validation level' to 'Accept if provided by client'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.10.1 Set 'Network access: Let Everyone permissions apply to anonymous users' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.10.5 Set 'Network access: Restrict anonymous access to Named Pipes and Shares' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.10.6 Set 'Network access: Sharing and security model for local accounts' to 'Classic - local users authenticate as themselves'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.10.7 Set 'Network access: Remotely accessible registry paths and sub-paths' to the following listWindowsCIS Windows 8 L1 v1.0.0
1.1.3.10.10 Set 'Network access: Remotely accessible registry paths' to the following listWindowsCIS Windows 8 L1 v1.0.0
1.1.3.11.3 Configure Network access: Shares that can be accessed anonymouslyWindowsCIS Windows 8 L1 v1.0.0
1.1.3.11.3 Set 'Network security: Allow Local System to use computer identity for NTLM' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.11.4 Set 'Network security: Allow LocalSystem NULL session fallback' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.7 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.8 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.8 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.8 Ensure that the --repair-malformed-updates argument is set to falseUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.9 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.9 Ensure that the --repair-malformed-updates argument is set to falseUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.9 Ensure that the --repair-malformed-updates argument is set to falseUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.9 Ensure that the admission control policy is not set to AlwaysAdmitUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.10 Ensure that the --repair-malformed-updates argument is set to falseUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.10 Ensure that the admission control plugin AlwaysAdmit is not setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.10 Ensure that the admission control plugin AlwaysAdmit is not setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.11 Ensure that the admission control policy is not set to AlwaysAdmitUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.11 Ensure that the admission control policy is set to DenyEscalatingExecUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.12 Ensure that the admission control plugin DenyEscalatingExec is setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.13 Ensure that the admission control policy is set to DenyEscalatingExecUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.13 Ensure that the admission control policy is set to NamespaceLifecycleUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.14 Ensure that the admission control plugin NamespaceLifecycle is setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.14 Ensure that the admission control plugin NamespaceLifecycle is setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.15 Ensure that the admission control policy is set to NamespaceLifecycleUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.24 Ensure that the admission control plugin PodSecurityPolicy is setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.24 Ensure that the admission control plugin PodSecurityPolicy is setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.24 Ensure that the admission control policy is set to PodSecurityPolicyUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.25 Ensure that the admission control policy is set to PodSecurityPolicyUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.32 Ensure that the admission control policy is set to NodeRestrictionUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.33 Ensure that the admission control plugin NodeRestriction is setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.33 Ensure that the admission control plugin NodeRestriction is setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.33 Ensure that the admission control policy is set to NodeRestrictionUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.1 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.2.1 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.1 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.1 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.3 Ensure specific whitelisted IP addresses, IP address ranges, and/or domains are setWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.3 Ensure specific whitelisted IP addresses, IP address ranges, and/or domains are setWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
1.3.1 Ensure that the --terminated-pod-gc-threshold argument is set as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.3.1 Ensure that the --terminated-pod-gc-threshold argument is set as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.3.1 Ensure that the --terminated-pod-gc-threshold argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.3.1 Ensure that the --terminated-pod-gc-threshold argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1