CSCv6|9

Title

Limitation and Control of Network Ports

Description

Limitation and Control of Network Ports

Reference Item Details

Category: Limitation and Control of Network Ports

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.9.5 Set 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' to 'Highest protection'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.7 Configure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.8 Configure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.10 Configure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.11 Configure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 default)'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.12 Configure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.15 Set 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' to 'Highest'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.16 Configure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.7 Set 'Access this computer from the network' to 'Users, Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfileUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfileUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-keyfileUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-keyfileUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.27 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfileUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.27 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-keyfileUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.1.1 Configure 'Set IP Stateless Autoconfiguration Limits State'WindowsCIS Windows 8 L1 v1.0.0
1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.3 Dedicated Name Server RoleUnixCIS BIND DNS v3.0.1 Caching Only Name Server
1.3 Dedicated Name Server RoleUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
1.3 Dedicated Name Server RoleUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
1.3 Dedicated Name Server RoleUnixCIS BIND DNS v3.0.1 Authoritative Name Server
1.5.7 Ensure that a unique Certificate Authority is used for etcdUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.5.7 Ensure that a unique Certificate Authority is used for etcdUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L2
1.5.9 Ensure that a unique Certificate Authority is used for etcdUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L2
1.5.9 Ensure that a unique Certificate Authority is used for etcdUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L2
10.1 Ensure the LimitRequestLine directive is Set to 512 or lessUnixCIS Apache HTTP Server 2.4 L2 v2.0.0
10.1 Ensure the LimitRequestLine directive is Set to 512 or lessUnixCIS Apache HTTP Server 2.4 L2 v2.0.0 Middleware
10.1 Ensure the LimitRequestLine directive is Set to 512 or lessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
10.1 Ensure the LimitRequestLine directive is Set to 512 or lessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
10.2 Ensure the LimitRequestFields Directive is Set to 100 or LessUnixCIS Apache HTTP Server 2.4 L2 v2.0.0
10.2 Ensure the LimitRequestFields Directive is Set to 100 or LessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
10.2 Ensure the LimitRequestFields Directive is Set to 100 or LessUnixCIS Apache HTTP Server 2.4 L2 v2.0.0 Middleware
10.2 Ensure the LimitRequestFields Directive is Set to 100 or LessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or LessUnixCIS Apache HTTP Server 2.4 L2 v2.0.0
10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or LessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or LessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or LessUnixCIS Apache HTTP Server 2.4 L2 v2.0.0 Middleware
10.4 Ensure the LimitRequestBody Directive is Set to 102400 or LessUnixCIS Apache HTTP Server 2.4 L2 v2.0.0
10.4 Ensure the LimitRequestBody Directive is Set to 102400 or LessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
10.4 Ensure the LimitRequestBody Directive is Set to 102400 or LessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
10.4 Ensure the LimitRequestBody Directive is Set to 102400 or LessUnixCIS Apache HTTP Server 2.4 L2 v2.0.0 Middleware
18.3.5 (L1) Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.3.5 (L1) Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.3.5 Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.3.5 Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0