CSCv7|14

Title

Controlled Access Based on the Need to Know

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Controlled Access Based on the Need to Know

Audit Items

Name	Plugin	Audit Name
1.1 Create a separate partition for containers	Unix	CIS Docker 1.11.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containers	Unix	CIS Docker 1.12.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containers	Unix	CIS Docker 1.13.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containers	Unix	CIS Docker 1.6 v1.0.0 L1 Linux
1.1 Ensure 'Web content' is on non-system partition	Windows	CIS IIS 10 v1.2.1 Level 1
1.1 Ensure 'Web content' is on non-system partition	Windows	CIS IIS 10 v1.2.0 Level 1
1.1 Ensure a separate partition for containers has been created	Unix	CIS Docker Community Edition v1.1.0 L1 Linux Host OS
1.1 Ensure web content is on non-system partition	Windows	CIS IIS 10 v1.1.0 Level 1
1.1 Ensure web content is on non-system partition	Windows	CIS IIS 10 v1.1.1 Level 1
1.1.1 Ensure a separate partition for containers has been created	Unix	CIS Docker v1.5.0 L1 Linux Host OS
1.1.1 Ensure a separate partition for containers has been created	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.1 Ensure a separate partition for containers has been created	Unix	CIS Docker v1.3.1 L1 Linux Host OS
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service	Unix	CIS MySQL 8.0 Enterprise Linux OS L1 v1.2.1
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service	Unix	CIS MySQL 8.0 Enterprise Linux OS L1 v1.3.0
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service	Unix	CIS MySQL 8.0 Enterprise Linux OS L1 v1.1.0
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service	Unix	CIS MySQL 8.0 Community Linux OS L1 v1.0.0
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service	Unix	CIS MySQL 8.0 Enterprise Linux OS L1 v1.0.0
1.2.1 Ensure that the --anonymous-auth argument is set to false	Unix	CIS Kubernetes Benchmark v1.5.1 L1
1.2.1 Ensure that the --anonymous-auth argument is set to false	Unix	CIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.10 Ensure that the admission control plugin AlwaysAdmit is not set	Unix	CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.11 Ensure that the admission control plugin AlwaysAdmit is not set	Unix	CIS Kubernetes Benchmark v1.5.1 L1
1.2.11 Ensure that the admission control plugin AlwaysAdmit is not set	Unix	CIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.20 Ensure that the --profiling argument is set to false	Unix	CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.21 Ensure that the --profiling argument is set to false	Unix	CIS Kubernetes Benchmark v1.5.1 L1
1.2.21 Ensure that the --profiling argument is set to false	Unix	CIS Kubernetes Benchmark v1.6.1 L1 Master
1.3 Ensure device is physically secured	Juniper	CIS Juniper OS Benchmark v2.0.0 L1
1.3 Ensure device is physically secured	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.13 Ensure that 'Members can invite' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v1.3.1 L2
1.14 Ensure that 'Guests can invite' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v1.3.1 L2
1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes'	microsoft_azure	CIS Microsoft Azure Foundations v1.3.1 L1
1.17 Ensure a support role has been created to manage incidents with AWS Support	amazon_aws	CIS Amazon Web Services Foundations L1 1.4.0
1.17 Ensure a support role has been created to manage incidents with AWS Support	amazon_aws	CIS Amazon Web Services Foundations L1 2.0.0
1.17 Ensure a support role has been created to manage incidents with AWS Support	amazon_aws	CIS Amazon Web Services Foundations L1 1.3.0
1.17 Ensure a support role has been created to manage incidents with AWS Support	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
1.17 Ensure a support role has been created to manage incidents with AWS Support	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
1.20 Ensure that IAM Access analyzer is enabled for all regions	amazon_aws	CIS Amazon Web Services Foundations L1 1.4.0
1.20 Ensure that IAM Access analyzer is enabled for all regions	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
1.20 Ensure that IAM Access analyzer is enabled for all regions	amazon_aws	CIS Amazon Web Services Foundations L1 2.0.0
1.20 Ensure that IAM Access analyzer is enabled for all regions	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
1.21 Ensure that IAM Access analyzer is enabled	amazon_aws	CIS Amazon Web Services Foundations L1 1.3.0
1.22 Ensure access to AWSCloudShellFullAccess is restricted	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'	MDM	AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'	MDM	AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'	MDM	MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'	MDM	MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zones	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zones	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zones	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zones	Palo_Alto	CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1

Detections

Analytics

CSCv7|14

Title

Reference Item Details

Audit Items