Detections
Analytics

CSCv6|3.4

Title

Perform all remote administration of servers, workstation, network devices, and similar equipment over secure channels.

Description

Perform all remote administration of servers, workstation, network devices, and similar equipment over secure channels. Protocols such as telnet, VNC, RDP, or others that do not actively support strong encryption should only be used if they are performed over a secondary encryption channel, such as SSL, TLS or IPSEC.

Reference Item Details

Category: Secure Configurations for Hardware and Software

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.21 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.21 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.21 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.21 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.22 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-certificateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-certificateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-keyUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-keyUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.23 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-certificateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.23 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-keyUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.30 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.30 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.30 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.39 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.2.2 Set 'transport input ssh' for 'line vty' connectionsCiscoCIS Cisco IOS 15 L1 v4.0.1
1.2.2 Set 'transport input ssh' for 'line vty' connectionsCiscoCIS Cisco IOS 15 L1 v4.1.0
1.2.2 Set 'transport input ssh' for 'line vty' connectionsCiscoCIS Cisco IOS 16 L1 v1.1.0
1.2.2 Set 'transport input ssh' for 'line vty' connectionsCiscoCIS Cisco IOS 16 L1 v1.1.1
1.2.3 Ensure HTTP and Telnet options are disabled for the Management InterfacePalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the Management InterfacePalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interfacePalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interfacePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTPPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - TelnetPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - CertificatesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - CertificatesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4.5.3 Set 'Encryption Level' to 'Enabled:High Level'WindowsCIS Windows 8 L1 v1.0.0
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.5 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.5 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes Benchmark v1.5.1 L1
1.2.5 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.5 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes Benchmark v1.5.1 L1
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
1.2.34 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.35 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.35 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes Benchmark v1.5.1 L1