CSCv7|18

Title

Application Software Security

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Application Software Security

Audit Items

Name	Plugin	Audit Name
1.2 Ensure 'Host headers' are on all sites	Windows	CIS IIS 10 v1.2.1 Level 1
1.3 Do not use development tools in production	Unix	CIS Docker 1.6 v1.0.0 L1 Linux
1.3 Ensure 'Directory browsing' is set to Disabled	Windows	CIS IIS 10 v1.2.1 Level 1
1.4 Ensure 'application pool identity' is configured for all application pools	Windows	CIS IIS 10 v1.2.1 Level 1
1.4 Ensure Service Runlevel Is Registered And Set Correctly	Unix	CIS PostgreSQL 9.5 OS v1.1.0
1.4 Ensure Service Runlevel Is Registered And Set Correctly	Unix	CIS PostgreSQL 9.6 OS v1.0.0
1.4 Ensure systemd Service Files Are Enabled	Unix	CIS PostgreSQL 10 OS v1.0.0
2.1 Ensure 'global authorization rule' is set to restrict access	Windows	CIS IIS 10 v1.2.1 Level 1
2.4 Ensure 'forms authentication' is set to use cookies - Application	Windows	CIS IIS 10 v1.2.1 Level 2
2.4 Ensure 'forms authentication' is set to use cookies - Default	Windows	CIS IIS 10 v1.2.1 Level 2
2.5 Ensure 'cookie protection mode' is configured for forms authentication - Applications	Windows	CIS IIS 10 v1.2.1 Level 1
2.5 Ensure 'cookie protection mode' is configured for forms authentication - Default	Windows	CIS IIS 10 v1.2.1 Level 1
2.6 Ensure aufs storage driver is not used	Unix	CIS Docker v1.7.0 L1 Docker - Linux
2.9 Enable user namespace support	Unix	CIS Docker v1.7.0 L2 Docker - Linux
2.10 Ensure the default cgroup usage has been confirmed	Unix	CIS Docker v1.7.0 L2 Docker - Linux
2.17 Ensure that a daemon-wide custom seccomp profile is applied if appropriate	Unix	CIS Docker v1.7.0 L2 Docker - Linux
3.1 Ensure 'deployment method retail' is set	Windows	CIS IIS 10 v1.2.1 Level 1
3.2 Ensure 'debug' is turned off - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
3.2 Ensure 'debug' is turned off - Default	Windows	CIS IIS 10 v1.2.1 Level 2
3.3 Ensure custom error messages are not off - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
3.3 Ensure custom error messages are not off - Default	Windows	CIS IIS 10 v1.2.1 Level 2
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Applications	Windows	CIS IIS 10 v1.2.1 Level 1
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Default	Windows	CIS IIS 10 v1.2.1 Level 1
3.5 Ensure ASP.NET stack tracing is not enabled - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
3.5 Ensure ASP.NET stack tracing is not enabled - Default	Windows	CIS IIS 10 v1.2.1 Level 2
3.6 Ensure 'httpcookie' mode is configured for session state - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
3.6 Ensure 'httpcookie' mode is configured for session state - Default	Windows	CIS IIS 10 v1.2.1 Level 2
3.7 Ensure 'cookies' are set with HttpOnly attribute - Applications	Windows	CIS IIS 10 v1.2.1 Level 1
3.7 Ensure 'cookies' are set with HttpOnly attribute - Default	Windows	CIS IIS 10 v1.2.1 Level 1
4.1 Ensure 'maxAllowedContentLength' is configured - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
4.1 Ensure 'maxAllowedContentLength' is configured - Default	Windows	CIS IIS 10 v1.2.1 Level 2
4.2 Ensure 'maxURL request filter' is configured - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
4.2 Ensure 'maxURL request filter' is configured - Default	Windows	CIS IIS 10 v1.2.1 Level 2
4.3 Ensure 'MaxQueryString request filter' is configured - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
4.3 Ensure 'MaxQueryString request filter' is configured - Default	Windows	CIS IIS 10 v1.2.1 Level 2
4.4 Ensure non-ASCII characters in URLs are not allowed - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
4.4 Ensure non-ASCII characters in URLs are not allowed - Default	Windows	CIS IIS 10 v1.2.1 Level 2
4.5 Ensure Double-Encoded requests will be rejected - Applications	Windows	CIS IIS 10 v1.2.1 Level 1
4.5 Ensure Double-Encoded requests will be rejected - Default	Windows	CIS IIS 10 v1.2.1 Level 1
4.6 Ensure 'HTTP Trace Method' is disabled - Applications	Windows	CIS IIS 10 v1.2.1 Level 1
4.6 Ensure 'HTTP Trace Method' is disabled - Default	Windows	CIS IIS 10 v1.2.1 Level 1
4.7 Ensure Unlisted File Extensions are not allowed - Applications	Windows	CIS IIS 10 v1.2.1 Level 1
4.7 Ensure Unlisted File Extensions are not allowed - Default	Windows	CIS IIS 10 v1.2.1 Level 1
4.8 Ensure Handler is not granted Write and Script/Execute - Applications	Windows	CIS IIS 10 v1.2.1 Level 1
4.8 Ensure Handler is not granted Write and Script/Execute - Default	Windows	CIS IIS 10 v1.2.1 Level 1
4.9 Ensure 'notListedIsapisAllowed' is set to false	Windows	CIS IIS 10 v1.2.1 Level 1
4.10 Ensure 'notListedCgisAllowed' is set to false	Windows	CIS IIS 10 v1.2.1 Level 1
6.3 Ensure 'Postmaster' Runtime Parameters are Configured	PostgreSQLDB	CIS PostgreSQL 9.5 DB v1.1.0
6.3 Ensure 'Postmaster' Runtime Parameters are Configured	PostgreSQLDB	CIS PostgreSQL 9.6 DB v1.0.0
6.3 Ensure 'Postmaster' Runtime Parameters are Configured	PostgreSQLDB	CIS PostgreSQL 10 DB v1.0.0

Detections

Analytics

CSCv7|18

Title

Reference Item Details

Audit Items