CSCv6|3

Title

Secure Configurations for Hardware and Software

Description

Secure Configurations for Hardware and Software

Reference Item Details

Reference: CIS Critical Security Controls v6

Category: Secure Configurations for Hardware and Software

Family: System

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3.8.2 Set 'Microsoft network server: Amount of idle time required before suspending session' to '15 or fewer minute(s)'	Windows	CIS Windows 8 L1 v1.0.0
1.1.25 Ensure that the --service-account-key-file argument is set as appropriate	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.25 Ensure that the --service-account-key-file argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.25 Ensure that the --service-account-key-file argument is set as appropriate	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.26 Ensure that the --service-account-key-file argument is set as appropriate	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2 Ensure the container host has been Hardened	Unix	CIS Docker Community Edition v1.1.0 L1 Linux Host OS
1.3.6 Apply Security Context to Your Pods and Containers	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L2
1.3.6 Apply Security Context to Your Pods and Containers	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L2
1.6.2 Create Pod Security Policies for your cluster	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.6.2 Create Pod Security Policies for your cluster	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.6.5 Apply Security Context to Your Pods and Containers	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L2
1.6.5 Apply Security Context to Your Pods and Containers	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.6.6 Apply Security Context to Your Pods and Containers	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L2
1.6.6 Apply Security Context to Your Pods and Containers	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L2
1.13 Ensure 'Lock SIM card' is set to 'Enabled'	MDM	AirWatch - CIS Google Android v1.3.0 L2
1.13 Ensure 'Lock SIM card' is set to 'Enabled'	MDM	MobileIron - CIS Google Android v1.3.0 L2
2.1.6 Ensure that the --protect-kernel-defaults argument is set to true	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
2.1.7 Ensure that the --protect-kernel-defaults argument is set to true	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
2.1.7 Ensure that the --protect-kernel-defaults argument is set to true	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L1
2.1.7 Ensure that the --protect-kernel-defaults argument is set to true	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L1
2.1.8 Ensure that the --hostname-override argument is not set	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
2.1.9 Ensure that the --hostname-override argument is not set	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L1
2.1.10 Ensure that the --hostname-override argument is not set	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
2.1.10 Ensure that the --hostname-override argument is not set	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L1
2.3.9.1 (L1) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.3.9.1 Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
2.3.9.1 Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
3.1.1 Ensure IP forwarding is disabled - ipv4 /etc/sysctl.conf /etc/sysctl.d/*	Unix	CIS Debian 8 Workstation L1 v2.0.2
3.1.1 Ensure IP forwarding is disabled - ipv4 /etc/sysctl.conf /etc/sysctl.d/*	Unix	CIS Debian 8 Server L1 v2.0.2
3.1.1 Ensure IP forwarding is disabled - ipv4 sysctl	Unix	CIS Debian 8 Server L1 v2.0.2
3.1.1 Ensure IP forwarding is disabled - ipv4 sysctl	Unix	CIS Debian 8 Workstation L1 v2.0.2
3.1.1 Ensure IP forwarding is disabled - ipv6 /etc/sysctl.conf /etc/sysctl.d/*	Unix	CIS Debian 8 Workstation L1 v2.0.2
3.1.1 Ensure IP forwarding is disabled - ipv6 /etc/sysctl.conf /etc/sysctl.d/*	Unix	CIS Debian 8 Server L1 v2.0.2
3.1.1 Ensure IP forwarding is disabled - ipv6 sysctl	Unix	CIS Debian 8 Workstation L1 v2.0.2
3.1.1 Ensure IP forwarding is disabled - ipv6 sysctl	Unix	CIS Debian 8 Server L1 v2.0.2
3.1.1 Ensure IP forwarding is disabled - sysctl ipv4	Unix	CIS Distribution Independent Linux Workstation L1 v2.0.0
3.1.1 Ensure IP forwarding is disabled - sysctl ipv4	Unix	CIS Distribution Independent Linux Server L1 v2.0.0
3.1.1 Ensure IP forwarding is disabled - sysctl ipv6	Unix	CIS Distribution Independent Linux Workstation L1 v2.0.0
3.1.1 Ensure IP forwarding is disabled - sysctl ipv6	Unix	CIS Distribution Independent Linux Server L1 v2.0.0
3.1.1 Ensure IP forwarding is disabled - sysctl.conf ipv4	Unix	CIS Distribution Independent Linux Workstation L1 v2.0.0
3.1.1 Ensure IP forwarding is disabled - sysctl.conf ipv4	Unix	CIS Distribution Independent Linux Server L1 v2.0.0
3.1.1 Ensure IP forwarding is disabled - sysctl.conf ipv6	Unix	CIS Distribution Independent Linux Server L1 v2.0.0
3.1.1 Ensure IP forwarding is disabled - sysctl.conf ipv6	Unix	CIS Distribution Independent Linux Workstation L1 v2.0.0
3.1.1 Ensure packet redirect sending is disabled - net.ipv4.conf.all.send_redirects (sysctl.conf/sysctl.d)	Unix	CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0

Detections

Analytics

CSCv6|3

Title

Description

Reference Item Details

Audit Items