CSCv7|18

Title

Application Software Security

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Application Software Security

Audit Items

Name	Plugin	Audit Name
1.2 Ensure 'Host headers' are on all sites	Windows	CIS IIS 10 v1.2.1 Level 1
1.3 Do not use development tools in production	Unix	CIS Docker 1.6 v1.0.0 L1 Linux
1.3 Ensure 'Directory browsing' is set to Disabled	Windows	CIS IIS 10 v1.2.1 Level 1
1.4 Ensure 'application pool identity' is configured for all application pools	Windows	CIS IIS 10 v1.2.1 Level 1
1.4 Ensure Service Runlevel Is Registered And Set Correctly	Unix	CIS PostgreSQL 9.5 OS v1.1.0
1.4 Ensure Service Runlevel Is Registered And Set Correctly	Unix	CIS PostgreSQL 9.6 OS v1.0.0
1.4 Ensure systemd Service Files Are Enabled	Unix	CIS PostgreSQL 10 OS v1.0.0
2.1 Ensure 'global authorization rule' is set to restrict access	Windows	CIS IIS 10 v1.2.1 Level 1
2.4 Ensure 'forms authentication' is set to use cookies - Application	Windows	CIS IIS 10 v1.2.1 Level 2
2.4 Ensure 'forms authentication' is set to use cookies - Default	Windows	CIS IIS 10 v1.2.1 Level 2
2.5 Ensure 'cookie protection mode' is configured for forms authentication - Applications	Windows	CIS IIS 10 v1.2.1 Level 1
2.5 Ensure 'cookie protection mode' is configured for forms authentication - Default	Windows	CIS IIS 10 v1.2.1 Level 1
2.6 Ensure aufs storage driver is not used	Unix	CIS Docker v1.6.0 L1 Docker Linux
2.8 Ensure the default ulimit is configured appropriately - daemon.json nofile hard	Unix	CIS Docker v1.6.0 L1 Docker Linux
2.8 Ensure the default ulimit is configured appropriately - daemon.json nofile soft	Unix	CIS Docker v1.6.0 L1 Docker Linux
2.8 Ensure the default ulimit is configured appropriately - daemon.json nproc hard	Unix	CIS Docker v1.6.0 L1 Docker Linux
2.8 Ensure the default ulimit is configured appropriately - daemon.json nproc soft	Unix	CIS Docker v1.6.0 L1 Docker Linux
2.8 Ensure the default ulimit is configured appropriately - ps	Unix	CIS Docker v1.6.0 L1 Docker Linux
2.9 Enable user namespace support - /etc/subgid	Unix	CIS Docker v1.6.0 L2 Docker Linux
2.9 Enable user namespace support - /etc/subuid	Unix	CIS Docker v1.6.0 L2 Docker Linux
2.9 Enable user namespace support - SecurityOptions	Unix	CIS Docker v1.6.0 L2 Docker Linux
2.10 Ensure the default cgroup usage has been confirmed - daemon.json	Unix	CIS Docker v1.6.0 L2 Docker Linux
2.10 Ensure the default cgroup usage has been confirmed - dockerd	Unix	CIS Docker v1.6.0 L2 Docker Linux
2.11 Ensure base device size is not changed until needed - daemon.json	Unix	CIS Docker v1.6.0 L2 Docker Linux
2.11 Ensure base device size is not changed until needed - dockerd	Unix	CIS Docker v1.6.0 L2 Docker Linux
2.15 Ensure live restore is enabled	Unix	CIS Docker v1.6.0 L1 Docker Linux
2.17 Ensure that a daemon-wide custom seccomp profile is applied if appropriate	Unix	CIS Docker v1.6.0 L2 Docker Linux
2.18 Ensure that experimental features are not implemented in production	Unix	CIS Docker v1.6.0 L1 Docker Linux
3.1 Ensure 'deployment method retail' is set	Windows	CIS IIS 10 v1.2.1 Level 1
3.2 Ensure 'debug' is turned off - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
3.2 Ensure 'debug' is turned off - Default	Windows	CIS IIS 10 v1.2.1 Level 2
3.3 Ensure custom error messages are not off - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
3.3 Ensure custom error messages are not off - Default	Windows	CIS IIS 10 v1.2.1 Level 2
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Applications	Windows	CIS IIS 10 v1.2.1 Level 1
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Default	Windows	CIS IIS 10 v1.2.1 Level 1
3.5 Ensure ASP.NET stack tracing is not enabled - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
3.5 Ensure ASP.NET stack tracing is not enabled - Default	Windows	CIS IIS 10 v1.2.1 Level 2
3.6 Ensure 'httpcookie' mode is configured for session state - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
3.6 Ensure 'httpcookie' mode is configured for session state - Default	Windows	CIS IIS 10 v1.2.1 Level 2
3.7 Ensure 'cookies' are set with HttpOnly attribute - Applications	Windows	CIS IIS 10 v1.2.1 Level 1
3.7 Ensure 'cookies' are set with HttpOnly attribute - Default	Windows	CIS IIS 10 v1.2.1 Level 1
4.1 Ensure 'maxAllowedContentLength' is configured - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
4.1 Ensure 'maxAllowedContentLength' is configured - Default	Windows	CIS IIS 10 v1.2.1 Level 2
4.2 Ensure 'maxURL request filter' is configured - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
4.2 Ensure 'maxURL request filter' is configured - Default	Windows	CIS IIS 10 v1.2.1 Level 2
4.3 Ensure 'MaxQueryString request filter' is configured - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
4.3 Ensure 'MaxQueryString request filter' is configured - Default	Windows	CIS IIS 10 v1.2.1 Level 2
4.4 Ensure non-ASCII characters in URLs are not allowed - Applications	Windows	CIS IIS 10 v1.2.1 Level 2
4.4 Ensure non-ASCII characters in URLs are not allowed - Default	Windows	CIS IIS 10 v1.2.1 Level 2
4.10 Ensure 'notListedCgisAllowed' is set to false	Windows	CIS IIS 10 v1.2.1 Level 1

Detections

Analytics

CSCv7|18

Title

Reference Item Details

Audit Items