1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfile | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfile | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
1.1.27 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfile | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
1.3 Dedicated Name Server Role | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.8 Ensure that the --make-iptables-util-chains argument is set to true | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.8 Ensure that the --make-iptables-util-chains argument is set to true | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabled | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
3.1 Ignore Erroneous or Unwanted Queries - Link local addresses | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
3.1 Ignore Erroneous or Unwanted Queries - Link local addresses | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
3.1 Ignore Erroneous or Unwanted Queries - Multicast addresses | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 10/8; addresses | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 10/8; addresses | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 192.168/16; addresses | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
3.1.18 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfile | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
3.1.18 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-keyfile | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
3.2.1.12 Ensure 'Allow adding VPN configurations' is set to 'Disabled' | MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
3.2.1.12 Ensure 'Allow adding VPN configurations' is set to 'Disabled' | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Connection Timeout | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | ACCESS CONTROL |
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Max Connections | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above traffic volume thresholds - maxConnections | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
5.3 Securely Authenticate Update Forwarding | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.13 Ensure incoming container traffic is binded to a specific host interface | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
5.31 Ensure the Docker socket is not mounted inside any containers | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
6.1 Hide BIND Version String | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.1 Hide BIND Version String | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
6.2 Hide Nameserver ID | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
7.3 Ensure swarm services are binded to a specific host interface | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
9.2 Ensure KeepAlive Is Enabled | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
18.4.4 Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (Protects against packet spoofing) | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server 1903 MS v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server v1909 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server v1909 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (Protects against packet spoofing) | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (Protects against packet spoofing) | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows Server 1903 MS v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows Server v1909 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows Server v1909 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows 10 1909 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |