CSCv6|14.6

Title

Enforce detailed audit logging for access to nonpublic data and special authentication for sensitive data.

Description

Enforce detailed audit logging for access to nonpublic data and special authentication for sensitive data.

Reference Item Details

Category: Controlled Access Based on the Need to Know

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/dockerUnixCIS Docker v1.3.1 L2 Linux Host OS
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/dockerUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.7 Ensure auditing is configured for Docker files and directories - docker.serviceUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.9 Ensure auditing is configured for Docker files and directories - docker.socketUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/dockerUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.jsonUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/dockerUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerdUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runcUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.36 Ensure that the AdvancedAuditing argument is not set to false - AdvancedAuditingUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.36 Ensure that the AdvancedAuditing argument is not set to false - audit-policy-file contentsUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.36 Ensure that the AdvancedAuditing argument is not set to false - audit-policy-file parameterUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.37 Ensure that the --request-timeout argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - @[email protected]UnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - AdvancedAuditingUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - AdvancedAuditingUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - audit-policy-fileUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - audit-policy-file contentsUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - audit-policy-file parameterUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.38 Ensure that the --request-timeout argument is set as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.38 Ensure that the --request-timeout argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.26 Ensure that the --request-timeout argument is set as appropriateUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.6 Ensure auditing is configured for Docker files and directories - /var/lib/dockerUnixCIS Docker Community Edition v1.1.0 L1 Linux Host OS
1.7 Ensure auditing is configured for Docker files and directories - /etc/dockerUnixCIS Docker Community Edition v1.1.0 L1 Linux Host OS
1.8 Ensure auditing is configured for Docker files and directories - docker.serviceUnixCIS Docker Community Edition v1.1.0 L1 Linux Host OS
1.9 Ensure auditing is configured for Docker files and directories - docker.socketUnixCIS Docker Community Edition v1.1.0 L1 Linux Host OS
1.10 Ensure auditing is configured for Docker files and directories - /etc/default/dockerUnixCIS Docker Community Edition v1.1.0 L1 Linux Host OS
1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.jsonUnixCIS Docker Community Edition v1.1.0 L1 Linux Host OS
1.12 Ensure auditing is configured for Docker files and directories - /usr/bin/docker-containerdUnixCIS Docker Community Edition v1.1.0 L1 Linux Host OS
1.13 Ensure auditing is configured for Docker files and directories - /usr/bin/docker-runcUnixCIS Docker Community Edition v1.1.0 L1 Linux Host OS
2.2.2 Ensure that the audit policy covers key security concernsGCPCIS Google Kubernetes Engine (GKE) v1.1.0 L2 Master
2.3.10.8 Configure 'Network access: Remotely accessible registry paths'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
2.3.10.8 Configure 'Network access: Remotely accessible registry paths'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
2.3.10.8 Configure 'Network access: Remotely accessible registry paths'WindowsCIS Windows Server 2012 MS L1 v2.2.0
2.3.10.8 Configure 'Network access: Remotely accessible registry paths'WindowsCIS Windows Server 2012 DC L1 v2.2.0
2.3.10.8 Configure 'Network access: Remotely accessible registry paths' is configuredWindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
2.3.10.8 Configure 'Network access: Remotely accessible registry paths' is configuredWindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
2.3.10.8 Configure 'Network access: Remotely accessible registry paths' is configured - Network access: Remotely accessible registry pathsWindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
2.3.10.8 Configure 'Network access: Remotely accessible registry paths' is configured - Network access: Remotely accessible registry pathsWindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
3.2.2 Ensure that the audit policy covers key security concernsUnixCIS Kubernetes Benchmark v1.6.1 L2 Master
3.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessibleamazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCESUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCESUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCESUnixCIS Ubuntu Linux 20.04 LTS Workstation L2 v1.1.0
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCESUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCESUnixCIS Ubuntu Linux 20.04 LTS Server L2 v1.1.0
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCESUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES (64-bit)UnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES (64-bit)UnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES (64-bit)UnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0