1.2.2 Ensure that the --basic-auth-file argument is not set - openshift-kube-apiserver | CIS RedHat OpenShift Container Platform 4 v1.5.0 L1 | OpenShift | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.2.2 Ensure that the --token-auth-file parameter is not set | CIS Kubernetes Benchmark v1.9.0 L1 Master | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.2.2 Ensure that the --token-auth-file parameter is not set | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.2.3 Ensure that the --DenyServiceExternalIPs is not set | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.2.3 Ensure that the --DenyServiceExternalIPs is not set | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.2.3 Ensure that the --token-auth-file parameter is not set - KubeApiServers | CIS RedHat OpenShift Container Platform 4 v1.5.0 L1 | OpenShift | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.2.3 Ensure that the --token-auth-file parameter is not set - openshift-apiserver | CIS RedHat OpenShift Container Platform 4 v1.5.0 L1 | OpenShift | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.2.3 Ensure that the DenyServiceExternalIPs is set | CIS Kubernetes Benchmark v1.9.0 L1 Master | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.3 (L1) Host hardware must enable Intel TXT, if available | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.4 (L1) Host hardware must enable and configure a TPM 2.0 | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.5 (L1) Host integrated hardware management controller must be secure | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.6 (L1) Host integrated hardware management controller must enable time synchronization | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.9 (L2) Host hardware must enable AMD SEV-ES, if available | CIS VMware ESXi 8.0 v1.1.0 L2 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.10 (L2) Host hardware must enable Intel SGX, if available | CIS VMware ESXi 8.0 v1.1.0 L2 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
2.6.7 Audit Lockdown Mode | CIS Apple macOS 13.0 Ventura v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
2.11 (L1) Host must use sufficient entropy for cryptographic operations | CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
2.12 (L2) Host must enable volatile key destruction | CIS VMware ESXi 8.0 v1.1.0 L2 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
3.24 (L1) Host must display a login banner for the DCUI and Host Client | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
3.25 (L1) Host must display a login banner for SSH connections | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
4.3.3 daemon | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
4.5.1 Configure Image Provenance using ImagePolicyWebhook admission controller | CIS Google Kubernetes Engine (GKE) v1.5.0 L2 | GCP | CONFIGURATION MANAGEMENT, MAINTENANCE |
4.5.3.1 OpenSSH: Minimum version is 8.1 | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
4.5.3.4 sshd_config: Restrict users and groups allowed access via OpenSSH | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
4.5.3.6 sshd_config: Banner exists and message contains 'Only authorized users allowed' | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
4.5.3.10 sshd_config: LogLevel is 'INFO' or 'VERBOSE' | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
4.5.3.11 sshd_config: sftp-server arguments include '-u 027 -f AUTH -l INFO' | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
4.5.3.12 sshd_config: MaxAuthTries is '4' | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
4.5.3.13 sshd_config: PermitUserEnvironment is 'no' | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
4.5.3.16 sshd_config, ssh_config: Ciphers | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
6.2.10 Ensure no users have .netrc files | CIS SUSE Linux Enterprise Server 12 L1 v3.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
6.2.10 Ensure no users have .netrc files | CIS SUSE Linux Enterprise Workstation 12 L1 v3.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
6.2.10 Ensure no users have .netrc files | CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
6.2.10 Ensure no users have .netrc files | CIS SUSE Linux Enterprise 15 Server L1 v1.1.1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
6.5.4 (L1) Host SSH daemon, if enabled, must not allow host-based authentication | CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
6.5.5 (L1) Host SSH daemon, if enabled, must set a timeout count on idle sessions | CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
6.5.6 (L1) Host SSH daemon, if enabled, must set a timeout interval on idle sessions | CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
6.5.7 (L1) Host SSH daemon, if enabled, must display the system login banner before granting access | CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
6.5.8 (L1) Host SSH daemon, if enabled, must ignore .rhosts files | CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
6.5.9 (L1) Host SSH daemon, if enabled, must disable stream local forwarding | CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
6.5.10 (L1) Host SSH daemon, if enabled, must disable TCP forwarding | CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
6.5.11 (L1) Host SSH daemon, if enabled, must not permit tunnels | CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
6.5.12 (L1) Host SSH daemon, if enabled, must not permit user environment settings | CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
7.1 (L1) Virtual machines must enable Secure Boot | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
8.3.3 (L1) Ensure secure protocols are used for virtual serial port access | CIS VMware ESXi 7.0 v1.4.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
8.3.3 Ensure secure protocols are used for virtual serial port access | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
8.4 (L1) VMware Tools on deployed virtual machines must prevent being recustomized | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
8.6 (L1) VMware Tools must limit the automatic removal of features | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
Big Sur - Verify remote disconnection of sessions | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | MAINTENANCE |
Catalina - Verify remote disconnection of sessions | NIST macOS Catalina v1.5.0 - All Profiles | Unix | MAINTENANCE |
Monterey - Verify remote disconnection of sessions | NIST macOS Monterey v1.0.0 - All Profiles | Unix | MAINTENANCE |