800-53|SA-15

Title

DEVELOPMENT PROCESS, STANDARDS, AND TOOLS

Description

The organization:

Supplemental

Development tools include, for example, programming languages and computer-aided design (CAD) systems. Reviews of development processes can include, for example, the use of maturity models to determine the potential effectiveness of such processes. Maintaining the integrity of changes to tools and processes enables accurate supply chain risk assessment and mitigation, and requires robust configuration control throughout the life cycle (including design, development, transport, delivery, integration, and maintenance) to track authorized changes and prevent unauthorized changes.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SA-3,SA-8

Category: SYSTEM AND SERVICES ACQUISITION

Family: SYSTEM AND SERVICES ACQUISITION

Priority: P2

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificate	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificate	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificate	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - key	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - key	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - key	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - key	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriate	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.5 Ensure that the kubelet uses certificates to authenticate - ConfigMaps	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.5 Ensure that the kubelet uses certificates to authenticate - Secrets	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.6 Verify that the kubelet certificate authority is set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Unix	CIS Kubernetes Benchmark v1.8.0 L2 Master
1.2.14 Ensure that the admission control plugin SecurityContextConstraint is set	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.15 Ensure that the admission control plugin NodeRestriction is set	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.15 Ensure that the admission control plugin PodSecurityPolicy is set	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.16 Ensure that the --insecure-bind-address argument is not set - feature-gates	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.16 Ensure that the --insecure-bind-address argument is not set - openshift-apiserver	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.16 Ensure that the --insecure-bind-address argument is not set - openshift-kube-apiserver	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.17 Ensure that the --insecure-port argument is set to 0	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On'	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L2
2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On'	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L2
2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L2
2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L2
2.1.6 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L2
2.1.9 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L2
2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L2
2.10 Ensure Only Approved Ciphers are Used	MySQLDB	CIS MySQL 5.6 Community Database L2 v2.0.0
2.10 Ensure Only Approved Ciphers are Used	MySQLDB	CIS MySQL 5.6 Enterprise Database L2 v2.0.0
2.10 Limit Accepted Transport Layer Security (TLS) Versions	MySQLDB	CIS MariaDB 10.6 Database L2 v1.0.0
2.10 Limit Accepted Transport Layer Security (TLS) Versions	Unix	CIS MariaDB 10.6 on Linux L2 v1.0.0
2.12 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly	MySQLDB	CIS MySQL 8.0 Enterprise Database L2 v1.3.0
2.12 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly	MySQLDB	CIS MySQL 8.0 Community Database L2 v1.0.0
2.12 Ensure Only Approved Ciphers are Used	MySQLDB	CIS MariaDB 10.6 Database L2 v1.0.0
2.12 Ensure Only Approved Ciphers are Used	Unix	CIS MariaDB 10.6 on Linux L2 v1.0.0
2.12 Limit Accepted Transport Layer Security (TLS) Versions	MySQLDB	CIS MySQL 5.7 Enterprise Database L2 v2.0.0
2.12 Limit Accepted Transport Layer Security (TLS) Versions	MySQLDB	CIS MySQL 5.7 Community Database L2 v2.0.0
2.14 Ensure Only Approved Ciphers are Used - ssl_cipher	MySQLDB	CIS MySQL 5.7 Community Database L2 v2.0.0
2.14 Ensure Only Approved Ciphers are Used - ssl_cipher	MySQLDB	CIS MySQL 5.7 Enterprise Database L2 v2.0.0
2.14 Ensure Only Approved Ciphers are Used - tls_ciphersuites	MySQLDB	CIS MySQL 5.7 Community Database L2 v2.0.0

Detections

Analytics