Item Search

NameAudit NamePluginCategory
1.1.1 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.11 Ensure that the admission control policy is set to DenyEscalatingExecCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

1.1.19 Ensure that the --token-auth-file parameter is not setCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.32 Ensure that the admission control policy is set to NodeRestrictionCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

1.4.2 Ensure that the API server pod specification file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.7 Ensure that the etcd pod specification file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.9 Ensure that the Container Network Interface file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.10 Ensure that the Container Network Interface file ownership is set to root:rootCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix
1.4.12 Ensure that the etcd data directory ownership is set to etcd:etcdCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix
1.4.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

1.5.1 Ensure that the --cert-file and --key-file arguments are set as appropriate - ca-fileCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.5.2 Ensure that the --client-cert-auth argument is set to trueCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.5.7 Ensure that the --wal-dir argument is set as appropriateCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

AUDIT AND ACCOUNTABILITY

2.1.1 Ensure that the --allow-privileged argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

2.1.3 Ensure that the --authorization-mode argument is not set to AlwaysAllowCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

2.1.5 Ensure that the --read-only-port argument is set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.13 Ensure that the --cadvisor-port argument is set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.14 Ensure that the RotateKubeletClientCertificate argument is not set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only)CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only)CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT

5.2 Ensure External File System Access is disabled - enable file accessCIS Sybase 15.0 L1 DB v1.1.0SybaseDB
18.8.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'CIS Microsoft Windows 8.1 v2.4.1 L1 BitlockerWindows

MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

18.8.48.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'CIS Microsoft Windows 10 Enterprise v4.0.0 BLWindows

MEDIA PROTECTION

18.9.19.1 (L1) Ensure 'Turn off desktop gadgets' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT

18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows Server 2016 v3.0.0 L2 MSWindows

CONFIGURATION MANAGEMENT

18.9.47.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MSWindows

CONFIGURATION MANAGEMENT

18.10.43.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.10.43.6 (NG) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.43.6 (NG) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'CIS Microsoft Windows 10 Stand-alone v3.0.0 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.44.6 (NG) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.44.6 (NG) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NGWindows

SYSTEM AND INFORMATION INTEGRITY

CIS_Amazon_Linux_2023_v1.0.0_L2_Server.audit from CIS Amazon Linux 2023 Benchmark v1.0.0CIS Amazon Linux 2023 Server L2 v1.0.0Unix
CIS_Apache_Tomcat_8_L1_v1.1.0.audit from CIS Apache Tomcat 8 BenchmarkCIS Apache Tomcat 8 L1 v1.1.0Unix
CIS_Debian_Linux_11_v2.0.0_L1_Workstation.audit from CIS Debian Linux 11 Benchmark v2.0.0CIS Debian Linux 11 v2.0.0 L1 WorkstationUnix
CIS_Debian_Linux_12_v1.1.0_L1_Server.audit from CIS Debian Linux 12 Benchmark v1.1.0CIS Debian Linux 12 v1.1.0 L1 ServerUnix
CIS_Debian_Linux_12_v1.1.0_L2_Server.audit from CIS Debian Linux 12 Benchmark v1.1.0CIS Debian Linux 12 v1.1.0 L2 ServerUnix
CIS_IBM_DB2_9_Benchmark_v3.0.1_Level_2_OS_Windows.audit from CIS IBM DB2 9 Benchmark v3.0.1CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS WindowsWindows
CIS_MongoDB_3.2_Benchmark_Level_1_OS_Unix_v1.0.0.audit from CIS MongoDB 3.2 Benchmark v1.0.0CIS MongoDB 3.2 L1 Unix Audit v1.0.0Unix
CIS_MongoDB_3.2_Benchmark_Level_2_OS_Unix_v1.0.0.audit from CIS MongoDB 3.2 Benchmark v1.0.0CIS MongoDB 3.2 L2 Unix Audit v1.0.0Unix
CIS_MongoDB_3.4_Benchmark_Level_1_OS_Windows_v1.0.0.audit from CIS MongoDB 3.4 Benchmark v1.0.0CIS MongoDB 3.4 L1 Windows Audit v1.0.0Windows
CIS_Oracle_Linux_7_v4.0.0_L2_Workstation.audit from CIS Oracle Linux 7 Benchmark v4.0.0CIS Oracle Linux 7 v4.0.0 L2 WorkstationUnix
CIS_Oracle_Linux_9_v2.0.0_L2_Workstation.audit from CIS Oracle Linux 9 Benchmark v2.0.0CIS Oracle Linux 9 v2.0.0 L2 WorkstationUnix
CIS_Rocky_Linux_9_v2.0.0_L1_Server.audit from CIS Rocky Linux 9 Benchmark v2.0.0CIS Rocky Linux 9 v2.0.0 L1 ServerUnix
CIS_Rocky_Linux_9_v2.0.0_L1_Workstation.audit from CIS Rocky Linux 9 Benchmark v2.0.0CIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix
CIS_Ubuntu_20.04_LTS_v2.0.1_L2_Server.audit from CIS Ubuntu Linux 20.04 LTS BenchmarkCIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1Unix
CIS_Ubuntu_20.04_LTS_v2.0.1_L2_Workstation.audit from CIS Ubuntu Linux 20.04 LTS BenchmarkCIS Ubuntu Linux 20.04 LTS Workstation L2 v2.0.1Unix
CIS_VMware_ESXi_6.5_v1.0.0_L1_Bare_Metal.audit from CIS VMware ESXi 6.5 v1.0.0 benchmarkCIS VMware ESXi 6.5 v1.0.0 Level 2 Bare MetalUnix
CIS_VMware_ESXi_7.0_v1.4.0_L1_Bare_Metal.audit from CIS VMware ESXi 7.0 Benchmark v1.4.0CIS VMware ESXi 7.0 v1.4.0 L1 Bare MetalUnix