CSCv7|4.5

Title

Use Multifactor Authentication For All Administrative Access

Description

Use multi-factor authentication and encrypted channels for all administrative account access.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1 Ensure that multi-factor authentication is enabled for all privileged users	microsoft_azure	CIS Microsoft Azure Foundations v1.3.1 L1
1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L1
1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.1.21 Ensure that the --kubelet-certificate-authority argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.21 Ensure that the --kubelet-certificate-authority argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - key	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - key	Unix	CIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.30 Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.30 Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Unix	CIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.2.1 Set the 'hostname'	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.2.2 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa'	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.2.2 Set 'transport input ssh' for 'line vty' connections	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L1
1.2.2 Set 'transport input ssh' for 'line vty' connections	Cisco	CIS Cisco IOS 16 L1 v1.1.2
1.2.2 Set 'transport input ssh' for 'line vty' connections	Cisco	CIS Cisco IOS 15 L1 v4.1.0
1.2.2 Set 'transport input ssh' for 'line vty' connections	Cisco	CIS Cisco IOS 17 L1 v1.0.0
1.2.2 Set 'transport input ssh' for 'line vty' connections	Cisco	CIS Cisco IOS 16 L1 v2.0.0
1.2.2 Set 'transport input ssh' for 'line vty' connections	Cisco	CIS Cisco IOS 17 L1 v2.0.0
1.2.2 Set 'transport input ssh' for 'line vty' connections	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L1
1.2.2 Set 'transport input ssh' for 'line vty' connections	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.2.2 Set 'transport input ssh' for 'line vty' connections	Cisco	CIS Cisco IOS 16 L1 v1.1.0
1.2.2 Set 'transport input ssh' for 'line vty' connections	Cisco	CIS Cisco IOS 16 L1 v1.1.1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.3 Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.2.3 Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L1
1.2.3 Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.2.3 Set 'seconds' for 'ssh timeout' for 60 seconds or less	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - key	Unix	CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.5 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificate	Unix	CIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.5 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificate	Unix	CIS Kubernetes Benchmark v1.5.1 L1
1.2.5 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - key	Unix	CIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.5 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - key	Unix	CIS Kubernetes Benchmark v1.5.1 L1
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificates	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.6 Ensure Multi-factor Authentication is Required for Azure Management	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L1
1.2.6 Ensure Multi-factor Authentication is Required for Azure Management	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.2.6 Ensure Multifactor Authentication is Required for Windows Azure Service Management API	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.2.34 Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Unix	CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.35 Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Unix	CIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.35 Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Unix	CIS Kubernetes Benchmark v1.5.1 L1
1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password	amazon_aws	CIS Amazon Web Services Foundations L1 2.0.0
1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password	amazon_aws	CIS Amazon Web Services Foundations L1 1.3.0
1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password	amazon_aws	CIS Amazon Web Services Foundations L1 1.4.0
1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0

Detections

Analytics

CSCv7|4.5

Title

Description

Reference Item Details

Audit Items