Detections
Analytics

CSCv7|14.6

Title

Protect Information through Access Control Lists

Description

Protect all information stored on systems with file system, network share, claims, application, or database specific access control lists. These controls will enforce the principle that only authorized individuals should have access to the information based on their need to access the information as a part of their responsibilities.

Reference Item Details

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictiveUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictiveUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictiveUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictiveUnixCIS Kubernetes Benchmark v1.9.0 L1 Master
1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.1.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictiveUnixCIS Kubernetes Benchmark v1.7.1 L1 Master
1.1.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.10 Ensure separate partition exists for /varUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server
1.1.10 Ensure separate partition exists for /varUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation
1.1.10 Ensure separate partition exists for /varUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.11 Ensure that the admission control plugin AlwaysPullImages is setUnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.11 Ensure that the admission control plugin AlwaysPullImages is setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveUnixCIS Kubernetes Benchmark v1.7.1 L1 Master
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveUnixCIS Kubernetes Benchmark v1.9.0 L1 Master
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.13 Ensure that the admin.conf file permissions are set to 600UnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.13 Ensure that the admin.conf file permissions are set to 600UnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.13 Ensure that the admin.conf file permissions are set to 600UnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.1.13 Ensure that the admin.conf file permissions are set to 600 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.1.13 Ensure that the admin.conf file permissions are set to 600 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.13 Ensure that the admin.conf file permissions are set to 600 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.1.13 Ensure that the admin.conf file permissions are set to 644UnixCIS Kubernetes Benchmark v1.7.1 L1 Master
1.1.13 Ensure that the admin.conf file permissions are set to 644 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.13 Ensure that the default administrative credential file permissions are set to 600UnixCIS Kubernetes Benchmark v1.9.0 L1 Master
1.1.13 Ensure that the kubeconfig file permissions are set to 600 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.1.13 Ensure that the kubeconfig file permissions are set to 600 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.1.15 Ensure that the Scheduler kubeconfig file permissions are set to 600 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.1.15 Ensure that the Scheduler kubeconfig file permissions are set to 600 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.1.15 Ensure that the scheduler.conf file permissions are set to 600 or more restrictiveUnixCIS Kubernetes Benchmark v1.9.0 L1 Master
1.1.15 Ensure that the scheduler.conf file permissions are set to 600 or more restrictiveUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.15 Ensure that the scheduler.conf file permissions are set to 600 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.1.15 Ensure that the scheduler.conf file permissions are set to 600 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.1.15 Ensure that the scheduler.conf file permissions are set to 600 or more restrictiveUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.15 Ensure that the scheduler.conf file permissions are set to 600 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.15 Ensure that the scheduler.conf file permissions are set to 600 or more restrictiveUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.1.15 Ensure that the scheduler.conf file permissions are set to 644 or more restrictiveUnixCIS Kubernetes Benchmark v1.7.1 L1 Master
1.1.15 Ensure that the scheduler.conf file permissions are set to 644 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.17 Ensure that the Controller Manager kubeconfig file permissions are set to 600 or more restrictiveOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1