Detections
Analytics

CSCv6|14.2

Title

All communication of sensitive information over less-trusted networks should be encrypted.

Description

All communication of sensitive information over less-trusted networks should be encrypted. Whenever information flows over a network with a lower trust level, the information should be encrypted.

Reference Item Details

Category: Controlled Access Based on the Need to Know

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.2 SNMPv3 traps should be configured - configurationPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
1.1.1.2 SNMPv3 traps should be configured - hip matchPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
1.1.1.2 SNMPv3 traps should be configured - hostPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
1.1.1.2 SNMPv3 traps should be configured - ip-tagPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
1.1.1.2 SNMPv3 traps should be configured - user-idPalo_AltoCIS Palo Alto Firewall 9 Benchmark L2 v1.0.0
1.1.4 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.4 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.4 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.5 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.6 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.7 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.7 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.7 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.8 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.20 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-cert-fileUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-cert-fileUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-private-key-fileUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-private-key-fileUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.29 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.29 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.29 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.29 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-cert-fileUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-private-key-fileUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.30 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.30 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.31 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.31 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.31 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.31 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPSWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPSWindowsCIS Microsoft SharePoint 2016 OS v1.0.0
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPSWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443WindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443WindowsCIS Microsoft SharePoint 2016 OS v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the Management InterfacePalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the Management InterfacePalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interfacePalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interfacePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.19 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.20 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes Benchmark v1.5.1 L1
1.2.20 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master