CSCv6|14.4

Title

All information stored on systems shall be protected with file system, network share, claims, application, or database specific access control lists.

Description

All information stored on systems shall be protected with file system, network share, claims, application, or database specific access control lists. These controls will enforce the principal that only authorized individuals should have access to the information based on their need to access the information as a part of their responsibilities.

Reference Item Details

Category: Controlled Access Based on the Need to Know

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.15.1 Set 'System objects: Strengthen default permissions of internal system objects (e'g' Symbolic Links)' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.10 Ensure that the admission control policy is set to AlwaysPullImagesUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.11 Ensure that the admission control plugin AlwaysPullImages is setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.11 Ensure that the admission control plugin AlwaysPullImages is setUnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.11 Ensure that the admission control plugin AlwaysPullImages is setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.12 Ensure that the admission control policy is set to AlwaysPullImagesUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPSWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443WindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.2.11 Ensure that the admission control plugin AlwaysPullImages is setUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.12 Ensure that the admission control plugin AlwaysPullImages is setUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.12 Ensure that the admission control plugin AlwaysPullImages is setUnixCIS Kubernetes Benchmark v1.5.1 L1
1.3 Ensure Data Cluster Initialized SuccessfullyUnixCIS PostgreSQL 13 OS v1.0.0
1.3 Ensure Data Cluster Initialized SuccessfullyUnixCIS PostgreSQL 14 OS v1.0.0
1.5 Ensure Data Cluster Initialized SuccessfullyUnixCIS PostgreSQL 9.5 OS v1.1.0
1.5 Ensure Data Cluster Initialized SuccessfullyPostgreSQLDBCIS PostgreSQL 9.6 DB v1.0.0
1.5 Ensure Data Cluster Initialized SuccessfullyUnixCIS PostgreSQL 10 OS v1.0.0
1.5 Ensure Data Cluster Initialized SuccessfullyUnixCIS PostgreSQL 11 OS v1.0.0
1.5 Ensure Data Cluster Initialized SuccessfullyUnixCIS PostgreSQL 12 OS v1.0.0
1.5.5 Ensure that the --peer-client-cert-auth argument is set to trueUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.5.5 Ensure that the --peer-client-cert-auth argument is set to trueUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.5.5 Ensure that the --peer-client-cert-auth argument is set to trueUnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.5.5 Ensure that the --peer-client-cert-auth argument is set to trueUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.5.5 Ensure that the --peer-client-cert-auth argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.6.1.1 Ensure SELinux is not disabled in bootloader configurationUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configurationUnixCIS Distribution Independent Linux Workstation L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configurationUnixHuawei EulerOS 2 Server L2 v1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configurationUnixHuawei EulerOS 2 Workstation L2 v1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configurationUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configurationUnixCIS Distribution Independent Linux Server L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - 'enforcing'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - 'enforcing'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/grub.cfg selinux=0UnixCIS Distribution Independent Linux Workstation L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/grub.cfg selinux=0UnixCIS Distribution Independent Linux Server L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/grub.conf enforcing=0UnixCIS Distribution Independent Linux Workstation L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/grub.conf enforcing=0UnixCIS Distribution Independent Linux Server L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/grub.conf selinux=0UnixCIS Distribution Independent Linux Workstation L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/grub.conf selinux=0UnixCIS Distribution Independent Linux Server L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/menu.lst enforcing=0UnixCIS Distribution Independent Linux Workstation L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/menu.lst enforcing=0UnixCIS Distribution Independent Linux Server L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/menu.lst selinux=0UnixCIS Distribution Independent Linux Server L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/menu.lst selinux=0UnixCIS Distribution Independent Linux Workstation L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub2/grub.cfg enforcing=0UnixCIS Distribution Independent Linux Workstation L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub2/grub.cfg enforcing=0UnixCIS Distribution Independent Linux Server L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub2/grub.cfg selinux=0UnixCIS Distribution Independent Linux Workstation L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub2/grub.cfg selinux=0UnixCIS Distribution Independent Linux Server L2 v1.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub2/grub.conf enforcing=0UnixCIS Distribution Independent Linux Workstation L2 v1.1.0
1.26 Review app permissions periodicallyMDMAirWatch - CIS Google Android v1.3.0 L1
1.26 Review app permissions periodicallyMDMMobileIron - CIS Google Android v1.3.0 L1
1.26 Review app permissions periodicallyMDMAirWatch - CIS Google Android v1.2.0 L1
1.26 Review app permissions periodicallyMDMMobileIron - CIS Google Android v1.2.0 L1