Detections
Analytics

CSCv7|12

Title

Boundary Defense

Reference Item Details

Category: Boundary Defense

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Use a Split-Horizon ArchitectureUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
1.1 Use a Split-Horizon ArchitectureUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
3.5 Ensure proxy-arp is disabledJuniperCIS Juniper OS Benchmark v2.1.0 L2
3.5 Ensure proxy-arp is disabledJuniperCIS Juniper OS Benchmark v2.0.0 L2
3.6 Ensure ICMP Redirects are set to disabled (on all untrusted IPv4 networks)JuniperCIS Juniper OS Benchmark v2.0.0 L1
3.6 Ensure ICMP Redirects are set to disabled (on all untrusted IPv4 networks)JuniperCIS Juniper OS Benchmark v2.1.0 L1
3.7 Ensure ICMP Redirects are set to disabled (on all untrusted IPv6 networks)JuniperCIS Juniper OS Benchmark v2.1.0 L1
3.7 Ensure ICMP Redirects are set to disabled (on all untrusted IPv6 networks)JuniperCIS Juniper OS Benchmark v2.0.0 L1
4.1 Ensure 'Antivirus Update Schedule' is set to download and install updates hourlyPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
4.1 Ensure 'Antivirus Update Schedule' is set to download and install updates hourlyPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
4.1.4 Ensure Bogon Filtering is set (where EBGP is used)JuniperCIS Juniper OS Benchmark v2.0.0 L2
4.1.4 Ensure Bogon Filtering is set (where EBGP is used)JuniperCIS Juniper OS Benchmark v2.1.0 L2
4.1.5 Ensure Ingress Filtering is set for EBGP peersJuniperCIS Juniper OS Benchmark v2.0.0 L1
4.1.5 Ensure Ingress Filtering is set for EBGP peersJuniperCIS Juniper OS Benchmark v2.1.0 L1
4.1.6 Ensure RPKI is set for Origin Validation of EBGP peersJuniperCIS Juniper OS Benchmark v2.1.0 L2
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
4.6.1 Create administrative boundaries between resources using namespacesGCPCIS Google Kubernetes Engine (GKE) v1.5.0 L1
5.6.4 Ensure clusters are created with Private Endpoint Enabled and Public Access DisabledGCPCIS Google Kubernetes Engine (GKE) v1.1.0 L2 Master
5.6.4 Ensure clusters are created with Private Endpoint Enabled and Public Access DisabledGCPCIS Google Kubernetes Engine (GKE) v1.3.0 L2
5.6.4 Ensure clusters are created with Private Endpoint Enabled and Public Access DisabledGCPCIS Google Kubernetes Engine (GKE) v1.4.0 L2
5.6.4 Ensure clusters are created with Private Endpoint Enabled and Public Access DisabledGCPCIS Google Kubernetes Engine (GKE) v1.5.0 L2
5.6.5 Ensure clusters are created with Private NodesGCPCIS Google Kubernetes Engine (GKE) v1.5.0 L1
5.6.5 Ensure clusters are created with Private NodesGCPCIS Google Kubernetes Engine (GKE) v1.1.0 L1 Master
5.6.5 Ensure clusters are created with Private NodesGCPCIS Google Kubernetes Engine (GKE) v1.3.0 L1
5.6.5 Ensure clusters are created with Private NodesGCPCIS Google Kubernetes Engine (GKE) v1.4.0 L1
5.7 Ensure 'WildFire Update Schedule' is set to download and install updates every minutePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
5.7 Ensure 'WildFire Update Schedule' is set to download and install updates every minutePalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
5.7.1 Create administrative boundaries between resources using namespacesUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
5.7.1 Create administrative boundaries between resources using namespacesUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.7.1 Create administrative boundaries between resources using namespacesUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.7.1 Create administrative boundaries between resources using namespacesUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.7.1 Create administrative boundaries between resources using namespacesUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
5.7.1 Create administrative boundaries between resources using namespacesUnixCIS Kubernetes Benchmark v1.9.0 L1 Master
5.7.1 Create administrative boundaries between resources using namespacesUnixCIS Kubernetes Benchmark v1.7.1 L1 Master
5.9 Ensure that the host's network namespace is not sharedUnixCIS Docker v1.3.1 L1 Docker Linux
5.9 Ensure that the host's network namespace is not sharedUnixCIS Docker v1.5.0 L1 Docker Linux
5.10 Ensure that the host's network namespace is not sharedUnixCIS Docker v1.6.0 L1 Docker Linux
5.10.6 Enable Cloud Security Command Center (Cloud SCC)GCPCIS Google Kubernetes Engine (GKE) v1.1.0 L1 Master
5.30 Ensure that the host's user namespaces are not sharedUnixCIS Docker v1.5.0 L1 Docker Linux
5.30 Ensure that the host's user namespaces are not sharedUnixCIS Docker v1.3.1 L1 Docker Linux
5.31 Ensure that the host's user namespaces are not sharedUnixCIS Docker v1.6.0 L1 Docker Linux
6.16 Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zonesPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
6.16 Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zonesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
6.17 Ensure that a Zone Protection Profile with tuned Flood Protection settings enabled for all flood types is attached to all untrusted zonesPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
6.17 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actionsPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1