CSCv7|14

Title

Controlled Access Based on the Need to Know

Reference Item Details

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Create a separate partition for containersUnixCIS Docker 1.11.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containersUnixCIS Docker 1.12.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containersUnixCIS Docker 1.13.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containersUnixCIS Docker 1.6 v1.0.0 L1 Linux
1.1 Ensure 'Web content' is on non-system partitionWindowsCIS IIS 10 v1.2.1 Level 1
1.1 Ensure a separate partition for containers has been createdUnixCIS Docker Community Edition v1.1.0 L1 Linux Host OS
1.1.1 Ensure a separate partition for containers has been createdUnixCIS Docker v1.6.0 L1 Docker Linux
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceUnixCIS MySQL 8.0 Enterprise Linux OS L1 v1.3.0
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceUnixCIS MySQL 8.0 Community Linux OS L1 v1.0.0
1.3 Ensure device is physically securedJuniperCIS Juniper OS Benchmark v2.1.0 L1
1.17 Ensure a support role has been created to manage incidents with AWS Supportamazon_awsCIS Amazon Web Services Foundations L1 3.0.0
1.20 Ensure that IAM Access analyzer is enabled for all regionsamazon_awsCIS Amazon Web Services Foundations L1 3.0.0
1.22 Ensure access to AWSCloudShellFullAccess is restrictedamazon_awsCIS Amazon Web Services Foundations L1 3.0.0
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MDMAirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MDMAirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MDMMobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MDMMobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zonesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zonesPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
3.4 Ensure that Cassandra is run using a non-privileged, dedicated service accountUnixCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
3.4 Ensure that Cassandra is run using a non-privileged, dedicated service accountUnixCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
4.2.7 Ensure that the --make-iptables-util-chains argument is set to trueUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker
4.2.7 Ensure that the --make-iptables-util-chains argument is set to trueUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker
4.2.7 Ensure that the --make-iptables-util-chains argument is set to trueUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesMDMMobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesMDMMobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesMDMAirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesMDMAirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1
4.8 Ensure S3 bucket policy changes are monitoredamazon_awsCIS Amazon Web Services Foundations L1 3.0.0
5.1.2 Minimize access to secretsUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.1.2 Minimize access to secretsUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.1.2 Minimize access to secretsUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterrolesUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker
5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterrolesUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker
5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterrolesUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker
5.1.3 Minimize wildcard use in Roles and ClusterRoles - rolesUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker
5.1.3 Minimize wildcard use in Roles and ClusterRoles - rolesUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker
5.1.3 Minimize wildcard use in Roles and ClusterRoles - rolesUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker
5.1.4 Minimize access to create podsUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.1.4 Minimize access to create podsUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.1.4 Minimize access to create podsUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.18 Ensure that host devices are not directly exposed to containersUnixCIS Docker v1.6.0 L1 Docker Linux
6.1.10 Ensure no world writable files existUnixCIS Debian 9 Workstation L1 v1.0.1
6.1.10 Ensure no world writable files existUnixCIS Debian 9 Server L1 v1.0.1
7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zonePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zonePalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zonePalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L2
7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zonePalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1