CSCv6|12

Title

Boundary Defense

Description

Boundary Defense

Reference Item Details

Category: Boundary Defense

Family: Network

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Use a Split-Horizon ArchitectureUnixCIS BIND DNS v3.0.1 Authoritative Name Server
1.1 Use a Split-Horizon ArchitectureUnixCIS BIND DNS v3.0.1 Caching Only Name Server
1.1 Use a Split-Horizon ArchitectureUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
1.1 Use a Split-Horizon ArchitectureUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
1.2.1.2 Configure 'Minimize the number of simultaneous connections to the Internet or a Windows DomainWindowsCIS Windows 8 L1 v1.0.0
1.2.1.3 Configure 'Prohibit connection to non-domain networks when connected to domain authenticated network'WindowsCIS Windows 8 L1 v1.0.0
1.4 Use Secure Upstream Caching DNS ServersUnixCIS BIND DNS v1.0.0 L2 Caching Only Name Server
1.4 Use Secure Upstream Caching DNS ServersUnixCIS BIND DNS v3.0.1 Caching Only Name Server
1.6.7 Configure Network policies as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.6.7 Configure Network policies as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L2
1.6.8 Configure Network policies as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L2
1.6.8 Configure Network policies as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L2
3.9 Ensure that SharePoint application servers are protected by a reverse proxyWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
3.9 Ensure that SharePoint application servers are protected by a reverse proxyWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.11 Ensure that the SharePoint Central Administration interface is not hosted in the DMZ.WindowsCIS Microsoft SharePoint 2016 OS v1.1.0
3.11 Ensure that the SharePoint Central Administration interface is not hosted in the DMZ.WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
4.1 Ensure 'Antivirus Update Schedule' is set to download and install updates hourlyPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
5.7 Ensure 'WildFire Update Schedule' is set to download and install updates every 15 minutesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.7 Ensure 'WildFire Update Schedule' is set to download and install updates every 15 minutesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
5.7 Ensure 'WildFire Update Schedule' is set to download and install updates every minutePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
5.9 Ensure that the host's network namespace is not sharedUnixCIS Docker v1.3.1 L1 Docker Linux
5.9 Ensure the host's network namespace is not sharedUnixCIS Docker Community Edition v1.1.0 L1 Docker
5.30 Ensure that the host's user namespaces are not sharedUnixCIS Docker v1.3.1 L1 Docker Linux
5.30 Ensure the host's user namespaces is not sharedUnixCIS Docker Community Edition v1.1.0 L1 Docker
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - Invalid CategoriesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - PoliciesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
18.5.21.1 (L1) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.5.21.1 (L1) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections'WindowsCIS Windows Server 2012 MS L1 v2.2.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections'WindowsCIS Windows Server 2012 DC L1 v2.2.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections' - is set to Enabled: 1 = Minimize simultaneous connectionsWindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections' - EnabledWindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 3 = Prevent Wi-Fi when on Ethernet'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 3 = Prevent Wi-Fi when on Ethernet'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 3 = Prevent Wi-Fi when on Ethernet'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 3 = Prevent Wi-Fi when on Ethernet'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
18.5.21.2 (L1) Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.5.21.2 (L1) Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.5.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.5.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
18.5.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.5.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
18.5.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' (MS only)WindowsCIS Windows Server 2012 MS L2 v2.2.0
18.5.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' (MS only)WindowsCIS Windows Server 2012 R2 MS L2 v2.5.0
18.5.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' (MS only) - EnabledWindowsCIS Microsoft Windows Server 2016 MS L2 v1.3.0
Prohibit connection to non-domain networks when connected to domain authenticated networkWindowsMSCT Windows 10 1903 v1.19.9