CSCv6|3.4

Title

Perform all remote administration of servers, workstation, network devices, and similar equipment over secure channels.

Description

Perform all remote administration of servers, workstation, network devices, and similar equipment over secure channels. Protocols such as telnet, VNC, RDP, or others that do not actively support strong encryption should only be used if they are performed over a secondary encryption channel, such as SSL, TLS or IPSEC.

Reference Item Details

Category: Secure Configurations for Hardware and Software

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.21 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.21 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.21 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.22 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-certificateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-certificateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-keyUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-keyUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.23 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-certificateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.23 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-keyUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.30 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.30 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.39 Ensure that the API Server only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the Management InterfacePalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the Management InterfacePalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interfacePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - CertificatesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - CertificatesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4.5.3 Set 'Encryption Level' to 'Enabled:High Level'WindowsCIS Windows 8 L1 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - CertificatesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.5.1 Ensure 'V3' is selected for SNMP pollingPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.5.1 Ensure 'V3' is selected for SNMP pollingPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.5.1 Ensure 'V3' is selected for SNMP pollingPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
2.1.1 Ensure 'SECURE_CONTROL_' Is Set In 'listener.ora'WindowsCIS Oracle Server 12c Windows v3.0.0
2.1.1 Ensure 'SECURE_CONTROL_' Is Set In 'listener.ora'UnixCIS Oracle Server 12c Linux v3.0.0
2.1.6 Ensure rsh server is not enabled - 'exec'UnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
2.1.6 Ensure rsh server is not enabled - 'exec'UnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
2.1.6 Ensure rsh server is not enabled - 'login'UnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
2.1.14 Ensure that the Kubelet only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
2.1.15 Ensure that the Kubelet only makes use of Strong Cryptographic CiphersUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
18.9.59.3.9.2 (L1) Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.59.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.59.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.59.3.9.5 (L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.59.3.9.5 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.59.3.9.5 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.65.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
18.9.65.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
18.9.97.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.9.97.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.9.98.1 (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.9.98.1 (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker