CSCv7|16

Title

Account Monitoring and Control

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Account Monitoring and Control

Audit Items

Name	Plugin	Audit Name
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes Benchmark v1.7.1 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes Benchmark v1.9.0 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.13 Ensure that the admission control plugin ServiceAccount is set	Unix	CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.14 Ensure that the admission control plugin ServiceAccount is set	Unix	CIS Kubernetes Benchmark v1.5.1 L1
1.2.14 Ensure that the admission control plugin ServiceAccount is set	Unix	CIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.21 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes Benchmark v1.9.0 L1 Master
1.2.22 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.23 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.23 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes Benchmark v1.7.1 L1 Master
1.2.23 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes Benchmark v1.5.1 L1
1.10 Ensure KMS encryption keys are rotated within a period of 90 days	GCP	CIS Google Cloud Platform v1.1.0 L1
1.11 Do not setup access keys during initial user setup for all IAM users that have a console password	amazon_aws	CIS Amazon Web Services Foundations L1 1.3.0
1.11 Do not setup access keys during initial user setup for all IAM users that have a console password	amazon_aws	CIS Amazon Web Services Foundations L1 2.0.0
1.11 Do not setup access keys during initial user setup for all IAM users that have a console password	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
1.11 Do not setup access keys during initial user setup for all IAM users that have a console password	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
1.11 Do not setup access keys during initial user setup for all IAM users that have a console password	amazon_aws	CIS Amazon Web Services Foundations L1 1.4.0
1.11 Ensure that Separation of duties is enforced while assigning KMS related roles to users	GCP	CIS Google Cloud Platform v1.1.0 L2
1.12 Ensure API Keys Are Not Created for a Project	GCP	CIS Google Cloud Platform v1.3.0 L2
1.12 Ensure API keys are not created for a project	GCP	CIS Google Cloud Platform v1.1.0 L2
1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes'	microsoft_azure	CIS Microsoft Azure Foundations v1.3.1 L2
1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps	GCP	CIS Google Cloud Platform v1.3.0 L1
1.13 Ensure API keys are restricted to use by only specified Hosts and Apps	GCP	CIS Google Cloud Platform v1.1.0 L1
1.13 Ensure that 'Members can invite' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v1.3.1 L2
1.14 Ensure access keys are rotated every 90 days or less	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
1.14 Ensure access keys are rotated every 90 days or less	amazon_aws	CIS Amazon Web Services Foundations L1 1.4.0
1.14 Ensure access keys are rotated every 90 days or less	amazon_aws	CIS Amazon Web Services Foundations L1 2.0.0
1.14 Ensure access keys are rotated every 90 days or less	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
1.14 Ensure access keys are rotated every 90 days or less	amazon_aws	CIS Amazon Web Services Foundations L1 1.3.0
1.14 Ensure API Keys Are Restricted to Only APIs That Application Needs Access	GCP	CIS Google Cloud Platform v1.3.0 L1
1.14 Ensure API keys are restricted to only APIs that application needs access	GCP	CIS Google Cloud Platform v1.1.0 L1
1.14 Ensure that 'Guests can invite' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v1.3.1 L2
1.15 Ensure API Keys Are Rotated Every 90 Days	GCP	CIS Google Cloud Platform v1.3.0 L1
1.15 Ensure API keys are rotated every 90 days	GCP	CIS Google Cloud Platform v1.1.0 L1
1.15 Ensure IAM Users Receive Permissions Only Through Groups	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
1.15 Ensure IAM Users Receive Permissions Only Through Groups	amazon_aws	CIS Amazon Web Services Foundations L1 1.4.0
1.15 Ensure IAM Users Receive Permissions Only Through Groups	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
1.15 Ensure IAM Users Receive Permissions Only Through Groups	amazon_aws	CIS Amazon Web Services Foundations L1 2.0.0
1.15 Ensure IAM Users Receive Permissions Only Through Groups	amazon_aws	CIS Amazon Web Services Foundations L1 1.3.0
1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v1.3.1 L2
1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v1.3.1 L2
1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v1.3.1 L2
1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v1.3.1 L2

Detections

Analytics

CSCv7|16

Title

Reference Item Details

Audit Items