CSCv6|5.1

Title

Minimize administrative privileges and only use administrative accounts when they are required.

Description

Minimize administrative privileges and only use administrative accounts when they are required. Implement focused auditing on the use of administrative privileged functions and monitor for anomalous behavior.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure a separate user and group exist for Cassandra - groupUnixCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - groupUnixCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - passwdUnixCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - passwdUnixCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - user exists in groupUnixCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - user exists in groupUnixCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1 Ensure access to SharePointEmailws.asmx is limited to only the server farm accountWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.1 Ensure access to SharePointEmailws.asmx is limited to only the server farm accountWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
1.1.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictiveUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.1.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.2 Ensure only trusted users are allowed to control Docker daemonUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.2 Ensure that the API server pod specification file ownership is set to root:rootUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.1.2 Ensure that the API server pod specification file ownership is set to root:rootUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.2.1 Set 'Audit Policy: Privilege Use: Sensitive Privilege Use' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.3 Ensure that the controller manager pod specification file permissions are set to 644 or more restrictiveUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.1.3 Ensure that the controller manager pod specification file permissions are set to 644 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.3.1.3 Set 'Accounts: Administrator account status' to 'Disabled'.WindowsCIS Windows 8 L1 v1.0.0
1.1.3.1.4 Configure 'Accounts: Rename administrator account'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.4.5 Configure 'Devices: Prevent users from installing printer drivers'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.1 Set 'User Account Control: Admin Approval Mode for the Built-in Administrator account' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.2 Set 'User Account Control: Detect application installations and prompt for elevation' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.3 Set 'User Account Control: Behavior of the elevation prompt for standard users' to 'Automatically deny elevation requests'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.4 Set 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' to 'Prompt for consent'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.5 Set 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.7 Set 'User Account Control: Switch to the secure desktop when prompting for elevation' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.10 Set 'User Account Control: Run all administrators in Admin Approval Mode' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.10 Ensure that the Container Network Interface file ownership is set to root:rootUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.1.10 Ensure that the Container Network Interface file ownership is set to root:rootUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.12 Ensure that the admission control policy is set to SecurityContextDenyUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.13 Ensure that the admin.conf file permissions are set to 644 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.13 Ensure that the admin.conf file permissions are set to 644 or more restrictiveUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.1.13 Ensure that the admission control plugin SecurityContextDeny is setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.13 Ensure that the admission control plugin SecurityContextDeny is setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.14 Ensure that the admin.conf file ownership is set to root:rootUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.14 Ensure that the admin.conf file ownership is set to root:rootUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.1.14 Ensure that the admission control policy is set to SecurityContextDenyUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.15 Ensure that the scheduler.conf file permissions are set to 644 or more restrictiveUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.1.15 Ensure that the scheduler.conf file permissions are set to 644 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:rootUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:rootUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictiveUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:rootUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:rootUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:rootUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:rootUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictiveUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600UnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600UnixCIS Kubernetes Benchmark v1.6.1 L1 Master