Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.29 Ensure that the --client-ca-file argument is set as appropriateCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.29 Ensure that the --client-ca-file argument is set as appropriateCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

2.2 Ensure access to sensitive site features is restricted to authenticated principals onlyCIS IIS 8.0 v1.5.1 Level 1Windows

ACCESS CONTROL

3.1.1 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictiveCIS Google Kubernetes Engine (GKE) v1.7.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

3.1.2 Ensure that the proxy kubeconfig file ownership is set to root:rootCIS Google Kubernetes Engine (GKE) v1.7.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

3.1.2 Ensure the log destinations are set correctlyCIS PostgreSQL 12 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.2 Ensure the log destinations are set correctlyCIS PostgreSQL 15 DB v1.1.0PostgreSQLDB

AUDIT AND ACCOUNTABILITY

3.1.3 Ensure that the kubelet configuration file has permissions set to 644CIS Google Kubernetes Engine (GKE) v1.7.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

3.2.3 Ensure that a Client CA File is ConfiguredCIS Google Kubernetes Engine (GKE) v1.7.0 L1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.6 Ensure that the --make-iptables-util-chains argument is set to trueCIS Google Kubernetes Engine (GKE) v1.7.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.9 Ensure that the RotateKubeletServerCertificate argument is set to trueCIS Google Kubernetes Engine (GKE) v1.7.0 L1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.1 Ensure that the cluster-admin role is only used where requiredCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

ACCESS CONTROL

4.1.2 Minimize access to secretsCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.1.5 Ensure that Service Account Tokens are only mounted where necessaryCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

CONFIGURATION MANAGEMENT

4.1.6 Avoid use of system:masters groupCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

ACCESS CONTROL

4.1.8 Avoid bindings to system:anonymousCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

ACCESS CONTROL

4.1.10 Avoid non-default bindings to system:authenticatedCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

ACCESS CONTROL

4.2.1 Ensure that the cluster enforces Pod Security Standard Baseline profile or stricter for all namespaces.CIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

CONFIGURATION MANAGEMENT

4.4.1 Prefer using secrets as files over secrets as environment variablesCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

SYSTEM AND COMMUNICATIONS PROTECTION

4.4.2 Consider external secret storageCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

SYSTEM AND COMMUNICATIONS PROTECTION

4.6.2 Ensure that the seccomp profile is set to RuntimeDefault in the pod definitionsCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

CONFIGURATION MANAGEMENT

4.6.3 Apply Security Context to Pods and ContainersCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

CONFIGURATION MANAGEMENT

4.6.4 The default namespace should not be usedCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.1 Ensure Image Vulnerability Scanning is enabledCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

RISK ASSESSMENT

5.1.3 Minimize cluster access to read-only for Container Image repositoriesCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

ACCESS CONTROL, MEDIA PROTECTION

5.1.4 Ensure only trusted container images are usedCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

CONFIGURATION MANAGEMENT

5.5.1 Ensure Container-Optimized OS (cos_containerd) is used for GKE node imagesCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

CONFIGURATION MANAGEMENT

5.5.4 When creating New Clusters - Automate GKE version management using Release ChannelsCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

5.5.7 Ensure Secure Boot for Shielded GKE Nodes is EnabledCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

RISK ASSESSMENT

5.6.3 Ensure Control Plane Authorized Networks is EnabledCIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

ACCESS CONTROL, MEDIA PROTECTION

5.6.5 Ensure clusters are created with Private NodesCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.8.2 Manage Kubernetes RBAC users with Google Groups for GKECIS Google Kubernetes Engine (GKE) v1.7.0 L2GCP

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

5.10.1 Ensure Kubernetes Web UI is DisabledCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

CONFIGURATION MANAGEMENT

18.9.66.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.66.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.66.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.66.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.66.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

18.9.66.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.57.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.57.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.57.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

Allow unencrypted traffic - Service - AllowUnencryptedTrafficMSCT Windows Server 2025 DC v1.0.0Windows

ACCESS CONTROL

Allow unencrypted traffic - Service - AllowUnencryptedTrafficMSCT Windows 11 v24H2 v1.0.0Windows

ACCESS CONTROL

Allow unencrypted traffic - Service - AllowUnencryptedTrafficMSCT Windows Server v1909 DC v1.0.0Windows

ACCESS CONTROL

Allow unencrypted traffic - Service - AllowUnencryptedTrafficMSCT Windows Server v2004 MS v1.0.0Windows

ACCESS CONTROL

Allow unencrypted traffic - WinRM ServiceMSCT Windows Server 2019 DC v1.0.0Windows

ACCESS CONTROL

Configure Controlled folder accessMSCT Windows 11 v23H2 v1.0.0Windows
Firewall Filter - Rate-limit authorized protocols using policersJuniper Hardening JunOS 12 Devices ChecklistJuniper

SYSTEM AND COMMUNICATIONS PROTECTION

SRG-OS-000266-ESXI5 - The system must require that passwords contain at least one special character.DISA STIG VMWare ESXi Server 5 STIG v2r1VMware

IDENTIFICATION AND AUTHENTICATION