CSCv6|5

Title

Controlled Use of Administrative Privileges

Description

Controlled Use of Administrative Privileges

Reference Item Details

Category: Controlled Use of Administrative Privileges

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 Ensure that the --allow-privileged argument is set to falseUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.7 Set 'aaa accounting' to log all privileged use commands using 'commands 15'CiscoCIS Cisco IOS 17 L2 v1.0.0
1.1.7 Set 'aaa accounting' to log all privileged use commands using 'commands 15'CiscoCIS Cisco IOS 16 L2 v1.1.2
1.3.1 Ensure 'Minimum Password Complexity' is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.3 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwordsPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.3 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwordsPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.4 Ensure 'Required Password Change Period' is less than or equal to 90 daysPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.4 Ensure 'Required Password Change Period' is less than or equal to 90 daysPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.5 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.5 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.6 Ensure 'Minimum Special Characters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.6 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.6 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.7 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.7 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 daysPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.8 Ensure 'Minimum Numeric Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.8 Ensure 'Minimum Numeric Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.9 Ensure 'Minimum Special Characters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.9 Ensure 'Minimum Special Characters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.9 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwordsPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.11 Ensure 'New Password Differs By Characters' is greater than or equal to 3Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.11 Ensure 'New Password Differs by Characters' is greater than or equal to 3Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.6.4 Ensure that the seccomp profile is set to docker/default in your pod definitionsUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L2
1.6.4 Ensure that the seccomp profile is set to docker/default in your pod definitionsUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.6.5 Ensure that the seccomp profile is set to docker/default in your pod definitionsUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L2
1.6.5 Ensure that the seccomp profile is set to docker/default in your pod definitionsUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L2
1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - clusterrolebindingUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - clusterrolebindingUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L2
1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - pspUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L2
1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - pspUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - rolebindingUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - rolebindingUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L2
1.6.9 Place compensating controls in the form of PSP and RBAC for privileged containers usage - clusterrolebindingUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L2
1.6.9 Place compensating controls in the form of PSP and RBAC for privileged containers usage - pspUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L2
1.6.9 Place compensating controls in the form of PSP and RBAC for privileged containers usage - rolebindingUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L2
18.8.28.1 (L1) Ensure 'Do not display network selection UI' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.8.28.1 (L1) Ensure 'Do not display network selection UI' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.28.1 Ensure 'Do not display network selection UI' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
18.8.28.1 Ensure 'Do not display network selection UI' is set to 'Enabled'WindowsCIS Windows Server 2012 MS L1 v2.2.0
18.8.28.1 Ensure 'Do not display network selection UI' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
18.8.28.1 Ensure 'Do not display network selection UI' is set to 'Enabled'WindowsCIS Windows Server 2012 DC L1 v2.2.0
18.8.28.2 Ensure 'Do not display network selection UI' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.8.28.2 Ensure 'Do not display network selection UI' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
18.8.28.2 Ensure 'Do not display network selection UI' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0