CSCv6|3.4

Title

Perform all remote administration of servers, workstation, network devices, and similar equipment over secure channels.

Description

Perform all remote administration of servers, workstation, network devices, and similar equipment over secure channels. Protocols such as telnet, VNC, RDP, or others that do not actively support strong encryption should only be used if they are performed over a secondary encryption channel, such as SSL, TLS or IPSEC.

Reference Item Details

Category: Secure Configurations for Hardware and Software

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.21 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.21 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.21 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.22 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-certificateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-certificateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-keyUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-keyUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.23 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-certificateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.23 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-keyUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.30 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.30 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.39 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the Management InterfacePalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the Management InterfacePalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interfacePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - CertificatesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - CertificatesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.4.5.3 Set 'Encryption Level' to 'Enabled:High Level'WindowsCIS Windows 8 L1 v1.0.0
1.2.5 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.5 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - CertificatesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.6 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.35 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.5.1 Ensure 'V3' is selected for SNMP pollingPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.5.1 Ensure 'V3' is selected for SNMP pollingPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.5.1 Ensure 'V3' is selected for SNMP pollingPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
18.9.59.3.9.2 (L1) Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.59.3.9.2 (L1) Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.9.59.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Windows Server 2012 DC L1 v2.2.0
18.9.59.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Windows Server 2012 MS L1 v2.2.0
18.9.59.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
18.9.59.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
18.9.59.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
18.9.59.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.59.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
18.9.59.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.59.3.9.3 Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'WindowsCIS Windows Server 2012 MS L1 v2.2.0
18.9.59.3.9.3 Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
18.9.59.3.9.3 Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'WindowsCIS Windows Server 2012 DC L1 v2.2.0
18.9.59.3.9.3 Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
18.9.59.3.9.3 Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0