CSCv6|14.2

Title

All communication of sensitive information over less-trusted networks should be encrypted.

Description

All communication of sensitive information over less-trusted networks should be encrypted. Whenever information flows over a network with a lower trust level, the information should be encrypted.

Reference Item Details

Category: Controlled Access Based on the Need to Know

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.4 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.4 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.5 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.6 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.7 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.7 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.8 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.20 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-cert-fileUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-cert-fileUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-private-key-fileUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-private-key-fileUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.29 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.29 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.29 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-cert-fileUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-private-key-fileUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.30 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.30 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.31 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.31 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.31 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPSWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPSWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443WindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the Management InterfacePalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the Management InterfacePalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interfacePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.4 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - CertificatesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - CertificatesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - CertificatesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.20 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.30 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.30 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.31 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.32 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.3.5 Ensure that the --root-ca-file argument is set as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.3.5 Ensure that the --root-ca-file argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.3.5 Ensure that the --root-ca-file argument is set as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.3.5 Ensure that the --root-ca-file argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1