Item Search

NameAudit NamePluginCategory
1.1.1 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.1 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.8 Ensure that the --profiling argument is set to falseCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

1.1.11 Ensure that the admission control policy is set to DenyEscalatingExecCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

1.1.14 Ensure that the admission control plugin NamespaceLifecycle is setCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

ACCESS CONTROL

1.1.15 Ensure that the admission control policy is set to NamespaceLifecycleCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1Unix

ACCESS CONTROL

1.1.25 Ensure that the admission control policy is set to PodSecurityPolicyCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1Unix

ACCESS CONTROL

1.1.32 Ensure that the admission control policy is set to NodeRestrictionCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

1.1.33 Ensure that the admission control policy is set to NodeRestrictionCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1Unix

ACCESS CONTROL

1.2.1 Ensure that the --profiling argument is set to falseCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

CONFIGURATION MANAGEMENT

1.3.2 Ensure that the --profiling argument is set to falseCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1Unix

CONFIGURATION MANAGEMENT

1.3.2 Ensure that the --profiling argument is set to falseCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

1.4.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix
1.4.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix
1.4.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1Unix
1.4.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix
1.4.12 Ensure that the etcd data directory ownership is set to etcd:etcdCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix
1.4.12 Ensure that the etcd data directory ownership is set to etcd:etcdCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix
1.4.12 Ensure that the etcd data directory ownership is set to etcd:etcdCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1Unix
1.4.12 Ensure that the etcd data directory ownership is set to etcd:etcdCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix
1.5.7 Ensure that the --wal-dir argument is set as appropriateCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

AUDIT AND ACCOUNTABILITY

2.1.2 Ensure that the --authorization-mode argument is not set to AlwaysAllowCIS Kubernetes 1.13 Benchmark v1.4.1 L1Unix

ACCESS CONTROL

2.1.3 Ensure that the --authorization-mode argument is not set to AlwaysAllowCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

2.1.9 Ensure that the --keep-terminated-pod-volumes argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

2.4 Ensure SharePoint provides the ability to prohibit the transfer of unsanctioned information in accordance with security policy.CIS Microsoft SharePoint 2016 OS v1.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MobileIron - CIS Apple iOS 10 v2.0.0 End User Owned L1MDM

ACCESS CONTROL

2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1MDM

ACCESS CONTROL

3.1.1 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

3.1.7 Ensure that the --profiling argument is set to falseCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1Unix

CONFIGURATION MANAGEMENT

3.1.9 Ensure that the admission control policy is set to NamespaceLifecycleCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

ACCESS CONTROL

3.2.1 Ensure that the --profiling argument is set to falseCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

CONFIGURATION MANAGEMENT

3.2.1.5 Ensure 'Allow iCloud documents & data' is set to 'Disabled'AirWatch - CIS Apple iOS 10 v2.0.0 Institution Owned L1MDM

CONFIGURATION MANAGEMENT

3.2.1.5 Ensure 'Allow iCloud documents & data' is set to 'Disabled'AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1MDM

CONFIGURATION MANAGEMENT

3.2.1.5 Ensure 'Allow iCloud documents & data' is set to 'Disabled'MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1MDM

CONFIGURATION MANAGEMENT

3.2.1.6 Ensure 'Allow iCloud Keychain' is set to 'Disabled'AirWatch - CIS Apple iOS 10 v2.0.0 Institution Owned L1MDM

CONFIGURATION MANAGEMENT

3.2.1.6 Ensure 'Allow iCloud Keychain' is set to 'Disabled'AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1MDM

CONFIGURATION MANAGEMENT

3.2.1.6 Ensure 'Allow iCloud Keychain' is set to 'Disabled'MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1MDM

CONFIGURATION MANAGEMENT

3.2.1.7 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1MDM

CONFIGURATION MANAGEMENT

3.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1MDM

ACCESS CONTROL

4.2 Include Cryptographic Key FilesCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

CONFIGURATION MANAGEMENT

4.3 Use Unique Keys for Each Pair of Hosts - unique keysCIS BIND DNS v3.0.1 Authoritative Name ServerUnix

CONFIGURATION MANAGEMENT

4.3 Use Unique Keys for Each Pair of Hosts - unique secretCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesAirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1MDM
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesAirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1MDM
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesMobileIron - CIS Apple iOS 10 v2.0.0 End User Owned L1MDM
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesMobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1MDM
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesAirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1MDM
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesMobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1MDM
5.5 Ensure sensitive host system directories are not mounted on containersCIS Docker Community Edition v1.1.0 L1 DockerUnix

CONFIGURATION MANAGEMENT

5.17 Ensure host devices are not directly exposed to containersCIS Docker Community Edition v1.1.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION