800-53|SA-15

Title

DEVELOPMENT PROCESS, STANDARDS, AND TOOLS

Description

The organization:

Supplemental

Development tools include, for example, programming languages and computer-aided design (CAD) systems. Reviews of development processes can include, for example, the use of maturity models to determine the potential effectiveness of such processes. Maintaining the integrity of changes to tools and processes enables accurate supply chain risk assessment and mitigation, and requires robust configuration control throughout the life cycle (including design, development, transport, delivery, integration, and maintenance) to track authorized changes and prevent unauthorized changes.

Reference Item Details

Related: SA-3,SA-8

Category: SYSTEM AND SERVICES ACQUISITION

Family: SYSTEM AND SERVICES ACQUISITION

Priority: P2

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriateUnixCIS Kubernetes Benchmark v1.9.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes Benchmark v1.9.0 L1 Master
1.2.5 Ensure that the kubelet uses certificates to authenticate - ConfigMapsOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.5 Ensure that the kubelet uses certificates to authenticate - SecretsOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.6 Verify that the kubelet certificate authority is set as appropriateOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.9 Ensure that the admission control plugin EventRateLimit is setUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is setUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is setUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is setUnixCIS Kubernetes Benchmark v1.9.0 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not usedUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not usedUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not usedUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.14 Ensure that the admission control plugin SecurityContextConstraint is setOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.15 Ensure that the admission control plugin NodeRestriction is setOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.15 Ensure that the admission control plugin PodSecurityPolicy is setUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.16 Ensure that the --insecure-bind-address argument is not set - feature-gatesOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.16 Ensure that the --insecure-bind-address argument is not set - openshift-apiserverOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.16 Ensure that the --insecure-bind-address argument is not set - openshift-kube-apiserverOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.17 Ensure that the --insecure-port argument is set to 0OpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L2
2.1.3 Ensure That Microsoft Defender for (Managed Instance) Azure SQL Databases Is Set To 'On'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L2
2.1.4 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L2
2.1.5 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L2
2.1.6 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L2
2.1.20 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selectedmicrosoft_azureCIS Microsoft Azure Foundations v2.1.0 L2
2.10 Ensure Only Approved Ciphers are UsedMySQLDBCIS MySQL 5.6 Community Database L2 v2.0.0
2.10 Ensure Only Approved Ciphers are UsedMySQLDBCIS MySQL 5.6 Enterprise Database L2 v2.0.0
2.10 Limit Accepted Transport Layer Security (TLS) VersionsMySQLDBCIS MariaDB 10.6 Database L2 v1.1.0
2.10 Limit Accepted Transport Layer Security (TLS) VersionsUnixCIS MariaDB 10.6 on Linux L2 v1.1.0
2.12 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured CorrectlyMySQLDBCIS MySQL 8.0 Enterprise Database L2 v1.3.0
2.12 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured CorrectlyMySQLDBCIS MySQL 8.0 Community Database L2 v1.0.0
2.12 Ensure Only Approved Ciphers are UsedUnixCIS MariaDB 10.6 on Linux L2 v1.1.0
2.12 Ensure Only Approved Ciphers are UsedMySQLDBCIS MariaDB 10.6 Database L2 v1.1.0
2.12 Limit Accepted Transport Layer Security (TLS) VersionsMySQLDBCIS MySQL 5.7 Community Database L2 v2.0.0
2.12 Limit Accepted Transport Layer Security (TLS) VersionsMySQLDBCIS MySQL 5.7 Enterprise Database L2 v2.0.0
2.14 Ensure Only Approved Ciphers are Used - ssl_cipherMySQLDBCIS MySQL 5.7 Community Database L2 v2.0.0
2.14 Ensure Only Approved Ciphers are Used - ssl_cipherMySQLDBCIS MySQL 5.7 Enterprise Database L2 v2.0.0
2.14 Ensure Only Approved Ciphers are Used - tls_ciphersuitesMySQLDBCIS MySQL 5.7 Community Database L2 v2.0.0
2.15 Limit Accepted Transport Layer Security (TLS) VersionsMySQLDBCIS MySQL 8.0 Enterprise Database L2 v1.3.0
2.15 Limit Accepted Transport Layer Security (TLS) VersionsMySQLDBCIS MySQL 8.0 Community Database L2 v1.0.0
2.17 Ensure Only Approved Ciphers are UsedMySQLDBCIS MySQL 8.0 Enterprise Database L2 v1.3.0