CSCv6|14.4

Title

All information stored on systems shall be protected with file system, network share, claims, application, or database specific access control lists.

Description

All information stored on systems shall be protected with file system, network share, claims, application, or database specific access control lists. These controls will enforce the principal that only authorized individuals should have access to the information based on their need to access the information as a part of their responsibilities.

Reference Item Details

Category: Controlled Access Based on the Need to Know

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.15.1 Set 'System objects: Strengthen default permissions of internal system objects (e'g' Symbolic Links)' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.10 Ensure that the admission control policy is set to AlwaysPullImagesUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.11 Ensure that the admission control plugin AlwaysPullImages is setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.11 Ensure that the admission control plugin AlwaysPullImages is setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.12 Ensure that the admission control policy is set to AlwaysPullImagesUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPSWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443WindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.5 Ensure Data Cluster Initialized SuccessfullyPostgreSQLDBCIS PostgreSQL 9.6 DB v1.0.0
1.5 Ensure Data Cluster Initialized SuccessfullyUnixCIS PostgreSQL 9.5 OS v1.1.0
1.5 Ensure Data Cluster Initialized SuccessfullyUnixCIS PostgreSQL 11 OS v1.0.0
1.5 Ensure Data Cluster Initialized SuccessfullyUnixCIS PostgreSQL 10 OS v1.0.0
1.5.5 Ensure that the --peer-client-cert-auth argument is set to trueUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.5.5 Ensure that the --peer-client-cert-auth argument is set to trueUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.5.5 Ensure that the --peer-client-cert-auth argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.5.5 Ensure that the --peer-client-cert-auth argument is set to trueUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.6.1.1 Ensure SELinux is not disabled in bootloader configurationUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configurationUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - 'enforcing'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - 'enforcing'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing = 0UnixCIS Debian 8 Server L2 v2.0.2
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing = 0UnixCIS Debian 8 Workstation L2 v2.0.2
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing = 0UnixCIS Amazon Linux v2.1.0 L2
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - selinux = 0UnixCIS Debian 8 Server L2 v2.0.2
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - selinux = 0UnixCIS Debian 8 Workstation L2 v2.0.2
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - selinux = 0UnixCIS Amazon Linux v2.1.0 L2
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration -'selinux'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration -'selinux'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.6.1.1 Ensure SELinux or AppArmor are installedUnixCIS Distribution Independent Linux Server L2 v2.0.0
1.6.1.1 Ensure SELinux or AppArmor are installedUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
1.6.1.2 Ensure all AppArmor Profiles are in enforce or complain mode - loadedUnixCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
1.6.1.2 Ensure all AppArmor Profiles are in enforce or complain mode - unconfinedUnixCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
1.6.1.2 Ensure AppArmor is enabled in the bootloader configuration - apparmorUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.6.1.2 Ensure AppArmor is enabled in the bootloader configuration - apparmorUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.6.1.2 Ensure AppArmor is enabled in the bootloader configuration - securityUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.6.1.2 Ensure AppArmor is enabled in the bootloader configuration - securityUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration - enforcing=0UnixCIS CentOS 6 Workstation L1 v3.0.0
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration - enforcing=0UnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration - enforcing=0UnixCIS Red Hat 6 Workstation L1 v3.0.0
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration - enforcing=0UnixCIS Red Hat 6 Server L1 v3.0.0
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration - enforcing=0UnixCIS Oracle Linux 6 Server L1 v2.0.0
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration - enforcing=0UnixCIS CentOS 6 Server L1 v3.0.0
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration - selinux=0UnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration - selinux=0UnixCIS CentOS 6 Workstation L1 v3.0.0
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration - selinux=0UnixCIS Red Hat 6 Workstation L1 v3.0.0
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration - selinux=0UnixCIS Oracle Linux 6 Server L1 v2.0.0
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration - selinux=0UnixCIS Red Hat 6 Server L1 v3.0.0
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration - selinux=0UnixCIS CentOS 6 Server L1 v3.0.0
1.6.1.2 Ensure the SELinux state is enforcingUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.26 Review app permissions periodicallyMDMAirWatch - CIS Google Android v1.3.0 L1
1.26 Review app permissions periodicallyMDMMobileIron - CIS Google Android v1.3.0 L1