CSCv7|4

Title

Controlled Use of Administrative Privileges

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Controlled Use of Administrative Privileges

Audit Items

Name	Plugin	Audit Name
1.1 Ensure a separate user and group exist for Cassandra - group	Unix	CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - group	Unix	CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - passwd	Unix	CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - passwd	Unix	CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - user exists in group	Unix	CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - user exists in group	Unix	CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1.2 Ensure only trusted users are allowed to control Docker daemon	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.2 Ensure that the API server pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.2 Ensure that the API server pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.2 Ensure that the API server pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.8 Ensure that the etcd pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.8 Ensure that the etcd pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.8 Ensure that the etcd pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.10 Ensure that the Container Network Interface file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.10 Ensure that the Container Network Interface file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.10 Ensure that the Container Network Interface file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.14 Ensure that the admin.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.14 Ensure that the admin.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.14 Ensure that the admin.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictive	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictive	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictive	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.1 Set 'privilege 1' for local users - 'All users have encrypted passwords'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.2.1 Set 'privilege 1' for local users - 'No users with privileges 2-15'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.3.1 Ensure sudo is installed	Unix	CIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.3.1 Ensure sudo is installed	Unix	CIS Fedora 19 Family Linux Server L1 v1.0.0
1.3.2 Ensure sudo commands use pty	Unix	CIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.3.2 Ensure sudo commands use pty	Unix	CIS Fedora 19 Family Linux Server L1 v1.0.0
1.5 Ensure the Cassandra service is run as a non-root user	Unix	CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.5 Ensure the Cassandra service is run as a non-root user	Unix	CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.6.1.9 Ensure non-privileged users are prevented from executing privileged functions	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.13 Ensure there is only one active access key available for any single IAM user	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
1.16 Ensure IAM policies that allow full ':' administrative privileges are not attached	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
2.1 Run BIND as a non-root User - process -u named	Unix	CIS BIND DNS v1.0.0 L1 Authoritative Name Server
2.1 Run BIND as a non-root User - process -u named	Unix	CIS BIND DNS v1.0.0 L1 Caching Only Name Server
2.1 Run BIND as a non-root User - UID	Unix	CIS BIND DNS v1.0.0 L1 Caching Only Name Server
2.1 Run BIND as a non-root User - UID	Unix	CIS BIND DNS v1.0.0 L1 Authoritative Name Server
2.1 Run the Docker daemon as a non-root user, if possible	Unix	CIS Docker v1.6.0 L1 Docker Linux

Detections

Analytics

CSCv7|4

Title

Reference Item Details

Audit Items