Item Search

NameAudit NamePluginCategory
1.1.6 Ensure that the --secure-port argument is not set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.7 Ensure that the --secure-port argument is not set to 0CIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.20 Ensure that the --kubelet-https argument is set to trueCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.29 Ensure that the --client-ca-file argument is set as appropriateCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.1.31 Ensure that the --etcd-cafile argument is set as appropriateCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.5.1 Ensure that the --cert-file and --key-file arguments are set as appropriate - key-fileCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.5.1 Ensure that the --cert-file and --key-file arguments are set as appropriate - key-fileCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - CertificatesCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - CertificatesCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - CertificatesCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - CertificatesCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect GatewaysCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect GatewaysCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect GatewaysCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect GatewaysCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect PortalsCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect PortalsCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect PortalsCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect PortalsCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.4 Ensure that the --client-ca-file argument is set as appropriateCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

2.1.12 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-cert-fileCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

2.1.13 Ensure that the --rotate-certificates argument is not set to falseCIS Kubernetes 1.11 Benchmark v1.3.0 L1Unix

CONFIGURATION MANAGEMENT

2.5.1 Ensure 'VPN' is 'Configured'AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1MDM
2.5.1 Ensure 'VPN' is 'Configured'AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1MDM
2.5.1 Ensure 'VPN' is 'Configured'AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1MDM
2.5.1 Ensure 'VPN' is 'Configured'MobileIron - CIS Apple iOS 10 v2.0.0 End User Owned L1MDM

ACCESS CONTROL

2.5.1 Ensure 'VPN' is 'Configured'MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1MDM

ACCESS CONTROL

2.5.1 Ensure 'VPN' is 'Configured'MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1MDM

ACCESS CONTROL

3.1.6 Ensure that the --secure-port argument is not set to 0CIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.19 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-private-key-fileCIS Kubernetes 1.8 Benchmark v1.2.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

3.5.1 Ensure 'VPN' is 'Configured'AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1MDM
3.5.1 Ensure 'VPN' is 'Configured'AirWatch - CIS Apple iOS 10 v2.0.0 Institution Owned L1MDM
3.5.1 Ensure 'VPN' is 'Configured'AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1MDM
3.5.1 Ensure 'VPN' is 'Configured'MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1MDM

ACCESS CONTROL

3.5.1 Ensure 'VPN' is 'Configured'MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1MDM

ACCESS CONTROL

3.5.1 Ensure 'VPN' is 'Configured'MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1MDM

ACCESS CONTROL

4.1 Ensure TLS or SSL protects all network communicationsCIS MongoDB 3.4 L1 Windows Audit v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

4.1 Ensure TLS or SSL protects all network communicationsCIS MongoDB 3.2 L1 Windows Audit v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

4.1 Use TSIG Keys 256 Bits in LengthCIS BIND DNS v3.0.1 Authoritative Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1 Use TSIG Keys 256 Bits in LengthCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

4.5 Protect TSIG Key Files During DeploymentCIS BIND DNS v3.0.1 Authoritative Name ServerUnix
6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabledCIS PostgreSQL 10 OS v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - openssl versionCIS PostgreSQL 10 OS v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure data exchanged between containers are encrypted on different nodes on the overlay networkCIS Docker Community Edition v1.1.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

7.6 Ensure swarm manager is run in auto-lock modeCIS Docker Community Edition v1.1.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Ensure swarm manager auto-lock key is rotated periodicallyCIS Docker Community Edition v1.1.0 L1 DockerUnix
7.8 Ensure node certificates are rotated as appropriateCIS Docker Community Edition v1.1.0 L2 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

7.9 Ensure CA certificates are rotated as appropriateCIS Docker Community Edition v1.1.0 L2 DockerUnix

IDENTIFICATION AND AUTHENTICATION

7.11 Ensure HTTP Strict Transport Security Is Enabled - 'httpd.conf Strict-Transport-Security 'max-age=480'CIS Apache HTTP Server 2.2 L2 v3.6.0 MiddlewareUnix
7.11 Ensure HTTP Strict Transport Security Is Enabled - 'httpd.conf Strict-Transport-Security configuration'CIS Apache HTTP Server 2.2 L2 v3.6.0 MiddlewareUnix