CSCv6|14

Title

Controlled Access Based on the Need to Know

Description

Controlled Access Based on the Need to Know

Reference Item Details

Category: Controlled Access Based on the Need to Know

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure a separate partition for containers has been createdUnixCIS Docker Community Edition v1.1.0 L1 Linux Host OS
1.1.1 Ensure a separate partition for containers has been createdUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.1 Ensure that the --anonymous-auth argument is set to falseUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.1 Ensure that the --anonymous-auth argument is set to falseUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.1 Ensure that the --anonymous-auth argument is set to falseUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.2 Ensure that the --anonymous-auth argument is set to falseUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.3.8.4 Set 'Microsoft network server: Server SPN target name validation level' to 'Accept if provided by client'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.10.1 Set 'Network access: Let Everyone permissions apply to anonymous users' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.10.5 Set 'Network access: Restrict anonymous access to Named Pipes and Shares' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.10.6 Set 'Network access: Sharing and security model for local accounts' to 'Classic - local users authenticate as themselves'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.10.7 Set 'Network access: Remotely accessible registry paths and sub-paths' to the following listWindowsCIS Windows 8 L1 v1.0.0
1.1.3.10.10 Set 'Network access: Remotely accessible registry paths' to the following listWindowsCIS Windows 8 L1 v1.0.0
1.1.3.11.3 Configure Network access: Shares that can be accessed anonymouslyWindowsCIS Windows 8 L1 v1.0.0
1.1.3.11.3 Set 'Network security: Allow Local System to use computer identity for NTLM' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.11.4 Set 'Network security: Allow LocalSystem NULL session fallback' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.7 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.8 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.8 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.8 Ensure that the --repair-malformed-updates argument is set to falseUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.9 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.9 Ensure that the --repair-malformed-updates argument is set to falseUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.9 Ensure that the --repair-malformed-updates argument is set to falseUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.9 Ensure that the admission control policy is not set to AlwaysAdmitUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.10 Ensure that the --repair-malformed-updates argument is set to falseUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.10 Ensure that the admission control plugin AlwaysAdmit is not setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.10 Ensure that the admission control plugin AlwaysAdmit is not setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.11 Ensure that the admission control policy is not set to AlwaysAdmitUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.11 Ensure that the admission control policy is set to DenyEscalatingExecUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.1.12 Ensure that the admission control plugin DenyEscalatingExec is setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.1.13 Ensure that the admission control policy is set to DenyEscalatingExecUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.13 Ensure that the admission control policy is set to NamespaceLifecycleUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.14 Ensure that the admission control plugin NamespaceLifecycle is setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.14 Ensure that the admission control plugin NamespaceLifecycle is setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.15 Ensure that the admission control policy is set to NamespaceLifecycleUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.24 Ensure that the admission control plugin PodSecurityPolicy is setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.24 Ensure that the admission control plugin PodSecurityPolicy is setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.24 Ensure that the admission control policy is set to PodSecurityPolicyUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.25 Ensure that the admission control policy is set to PodSecurityPolicyUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.32 Ensure that the admission control policy is set to NodeRestrictionUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.33 Ensure that the admission control plugin NodeRestriction is setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.33 Ensure that the admission control plugin NodeRestriction is setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.33 Ensure that the admission control policy is set to NodeRestrictionUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.1 Ensure that the --anonymous-auth argument is set to falseUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.1 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.1 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.2.1 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.1 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.2.11 Ensure that the admission control plugin AlwaysAdmit is not setUnixCIS Kubernetes Benchmark v1.6.1 L1 Master