CSCv6|18

Title

Application Software Security

Description

Application Software Security

Reference Item Details

Reference: CIS Critical Security Controls v6

Category: Application Software Security

Family: Application

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4 Ensure Service Runlevel Is Registered And Set Correctly	Unix	CIS PostgreSQL 9.6 OS v1.0.0
1.4 Ensure Service Runlevel Is Registered And Set Correctly	Unix	CIS PostgreSQL 9.5 OS v1.1.0
1.4 Ensure systemd Service Files Are Enabled	Unix	CIS PostgreSQL 11 OS v1.0.0
1.4 Ensure systemd Service Files Are Enabled	Unix	CIS PostgreSQL 10 OS v1.0.0
1.6.6 Configure Image Provenance using ImagePolicyWebhook admission controller	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L2
1.6.6 Configure Image Provenance using ImagePolicyWebhook admission controller	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.6.7 Configure Image Provenance using ImagePolicyWebhook admission controller	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L2
1.6.7 Configure Image Provenance using ImagePolicyWebhook admission controller	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L2
1.27 Ensure 'Instant apps' is set to 'Disabled'	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.27 Ensure 'Instant apps' is set to 'Disabled'	MDM	AirWatch - CIS Google Android v1.3.0 L1
2.2.6 Ensure 'REMOTE_LISTENER' Is Empty	OracleDB	CIS Oracle Server 12c DB Unified Auditing v3.0.0
2.2.6 Ensure 'REMOTE_LISTENER' Is Empty	OracleDB	CIS Oracle Server 12c DB Traditional Auditing v3.0.0
2.2.10 Ensure 'UTL_FILE_DIR' Is Empty	OracleDB	CIS Oracle Server 12c DB Traditional Auditing v3.0.0
2.2.10 Ensure 'UTL_FILE_DIR' Is Empty	OracleDB	CIS Oracle Server 12c DB Unified Auditing v3.0.0
2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)'	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.1.0
2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)'	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.1.0
2.2.13 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to 'DROP,3'	OracleDB	CIS Oracle Server 12c DB Traditional Auditing v3.0.0
2.2.13 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to 'DROP,3'	OracleDB	CIS Oracle Server 12c DB Unified Auditing v3.0.0
2.2.14 Ensure 'SQL92_SECURITY' Is Set to 'TRUE'	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.1.0
2.2.14 Ensure 'SQL92_SECURITY' Is Set to 'TRUE'	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.1.0
2.2.16 Ensure 'SQL92_SECURITY' Is Set to 'TRUE'	OracleDB	CIS Oracle Server 12c DB Traditional Auditing v3.0.0
2.2.16 Ensure 'SQL92_SECURITY' Is Set to 'TRUE'	OracleDB	CIS Oracle Server 12c DB Unified Auditing v3.0.0
2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0'	MS_SQLDB	CIS SQL Server 2012 Database L1 AWS RDS v1.6.0
2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0'	MS_SQLDB	CIS SQL Server 2014 Database L1 AWS RDS v1.5.0
2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0'	MS_SQLDB	CIS SQL Server 2014 Database L1 DB v1.5.0
2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0'	MS_SQLDB	CIS SQL Server 2012 Database L1 DB v1.6.0
2.5 Ensure 'Ole Automation Procedures' Server Configuration Option is set to '0'	MS_SQLDB	CIS SQL Server 2012 Database L1 DB v1.6.0
2.5 Ensure 'Ole Automation Procedures' Server Configuration Option is set to '0'	MS_SQLDB	CIS SQL Server 2012 Database L1 AWS RDS v1.6.0
2.5 Ensure 'Ole Automation Procedures' Server Configuration Option is set to '0'	MS_SQLDB	CIS SQL Server 2014 Database L1 AWS RDS v1.5.0
2.5 Ensure 'Ole Automation Procedures' Server Configuration Option is set to '0'	MS_SQLDB	CIS SQL Server 2014 Database L1 DB v1.5.0
2.5 Ensure aufs storage driver is not used	Unix	CIS Docker Community Edition v1.1.0 L1 Docker
2.5 Ensure the Autoindex Module Is Disabled	Unix	CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
2.5 Ensure the Autoindex Module Is Disabled	Unix	CIS Apache HTTP Server 2.2 L2 v3.6.0
2.5 Ensure the Autoindex Module Is Disabled	Unix	CIS Apache HTTP Server 2.2 L1 v3.6.0
2.7 Ensure the User Directories Module Is Disabled	Unix	CIS Apache HTTP Server 2.2 L2 v3.6.0
2.10 Ensure base device size is not changed until needed	Unix	CIS Docker Community Edition v1.1.0 L2 Docker
2.13 Ensure operations on legacy registry (v1) are Disabled	Unix	CIS Docker Community Edition v1.1.0 L1 Docker
2.14 Ensure live restore is Enabled	Unix	CIS Docker Community Edition v1.1.0 L1 Docker
2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0'	MS_SQLDB	CIS SQL Server 2014 Database L1 AWS RDS v1.5.0
2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0'	MS_SQLDB	CIS SQL Server 2014 Database L1 DB v1.5.0
2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0'	MS_SQLDB	CIS SQL Server 2012 Database L1 AWS RDS v1.6.0
2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0'	MS_SQLDB	CIS SQL Server 2012 Database L1 DB v1.6.0
2.16 Ensure 'AUTO_CLOSE' is set to 'OFF' on contained databases	MS_SQLDB	CIS SQL Server 2012 Database L1 AWS RDS v1.6.0
2.16 Ensure 'AUTO_CLOSE' is set to 'OFF' on contained databases	MS_SQLDB	CIS SQL Server 2014 Database L1 DB v1.5.0
2.16 Ensure 'AUTO_CLOSE' is set to 'OFF' on contained databases	MS_SQLDB	CIS SQL Server 2012 Database L1 DB v1.6.0
2.16 Ensure 'AUTO_CLOSE' is set to 'OFF' on contained databases	MS_SQLDB	CIS SQL Server 2014 Database L1 AWS RDS v1.5.0
2.16 Ensure daemon-wide custom seccomp profile is applied, if needed	Unix	CIS Docker Community Edition v1.1.0 L2 Docker
2.17 Ensure experimental features are avoided in production	Unix	CIS Docker Community Edition v1.1.0 L1 Docker
11.4 Ensure Only the Necessary SELinux Booleans Are Enabled	Unix	CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
11.4 Ensure Only the Necessary SELinux Booleans Are Enabled	Unix	CIS Apache HTTP Server 2.2 L2 v3.6.0

Detections

Analytics

CSCv6|18

Title

Description

Reference Item Details

Audit Items