CSCv6|5

Title

Controlled Use of Administrative Privileges

Description

Controlled Use of Administrative Privileges

Reference Item Details

Reference: CIS Critical Security Controls v6

Category: Controlled Use of Administrative Privileges

Family: System

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1 Ensure that the --allow-privileged argument is set to false	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.3.1 Ensure 'Minimum Password Complexity' is enabled	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.3 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.3 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.4 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.4 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.5 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.5 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.6 Ensure 'Minimum Special Characters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.6 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.6 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.7 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.7 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.8 Ensure 'Minimum Numeric Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.8 Ensure 'Minimum Numeric Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.9 Ensure 'Minimum Special Characters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.9 Ensure 'Minimum Special Characters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.9 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.11 Ensure 'New Password Differs By Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.11 Ensure 'New Password Differs by Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.6.4 Ensure that the seccomp profile is set to docker/default in your pod definitions	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L2
1.6.4 Ensure that the seccomp profile is set to docker/default in your pod definitions	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.6.5 Ensure that the seccomp profile is set to docker/default in your pod definitions	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L2
1.6.5 Ensure that the seccomp profile is set to docker/default in your pod definitions	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L2
1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - clusterrolebinding	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - clusterrolebinding	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L2
1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - psp	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - psp	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L2
1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - rolebinding	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L2
1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - rolebinding	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.6.9 Place compensating controls in the form of PSP and RBAC for privileged containers usage - clusterrolebinding	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L2
1.6.9 Place compensating controls in the form of PSP and RBAC for privileged containers usage - psp	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L2
1.6.9 Place compensating controls in the form of PSP and RBAC for privileged containers usage - rolebinding	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L2
1.9 Ensure 'Developer Options' is set to 'Disabled'	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.9 Ensure 'Developer Options' is set to 'Disabled'	MDM	AirWatch - CIS Google Android v1.3.0 L1
1.11 Do not root your device	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.11 Do not root your device	MDM	AirWatch - CIS Google Android v1.3.0 L1
2.14 Ensure 'sa' Login Account has been renamed	MS_SQLDB	CIS SQL Server 2012 Database L1 AWS RDS v1.6.0
2.14 Ensure 'sa' Login Account has been renamed	MS_SQLDB	CIS SQL Server 2014 Database L1 DB v1.5.0
2.14 Ensure 'sa' Login Account has been renamed	MS_SQLDB	CIS SQL Server 2012 Database L1 DB v1.6.0
2.14 Ensure 'sa' Login Account has been renamed	MS_SQLDB	CIS SQL Server 2014 Database L1 AWS RDS v1.5.0
2.15 Ensure 'sa' Login Account has been renamed	MS_SQLDB	CIS SQL Server 2008 R2 DB Engine L1 v1.7.0
2.18 Ensure containers are restricted from acquiring new privileges	Unix	CIS Docker Community Edition v1.1.0 L1 Docker
18.8.28.1 (L1) Ensure 'Do not display network selection UI' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker

Detections

Analytics

CSCv6|5

Title

Description

Reference Item Details

Audit Items