CSCv7|1.8

Title

Utilize Client Certificates to Authenticate Hardware Assets

Description

Use client certificates to authenticate hardware assets connecting to the organization's trusted network.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Inventory and Control of Hardware Assets

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.5 Ensure that the kubelet uses certificates to authenticate	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.6 Verify that the kubelet certificate authority is set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.32 Ensure that the API Server only makes use of Strong Cryptographic Ciphers	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
2.3 Ensure authentication is enabled in the sharded cluster	Unix	CIS MongoDB 3.6 L2 Unix Audit v1.1.0
2.3 Ensure authentication is enabled in the sharded cluster	Windows	CIS MongoDB 6 v1.2.0 L2 MongoDB
2.3 Ensure authentication is enabled in the sharded cluster	Windows	CIS MongoDB 7 v1.1.0 L2 MongoDB
2.3 Ensure authentication is enabled in the sharded cluster	Windows	CIS MongoDB 3.6 L2 Windows Audit v1.1.0
2.3 Ensure authentication is enabled in the sharded cluster	Unix	CIS MongoDB 6 v1.2.0 L2 MongoDB
2.3 Ensure authentication is enabled in the sharded cluster	Unix	CIS MongoDB 7 v1.1.0 L2 MongoDB
2.3 Ensure authentication is enabled in the sharded cluster - authenticationMechanisms	Unix	CIS MongoDB 5 L2 OS Linux v1.2.0
2.3 Ensure authentication is enabled in the sharded cluster - authenticationMechanisms	Windows	CIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - authenticationMechanisms	Windows	CIS MongoDB 5 L2 OS Windows v1.2.0
2.3 Ensure authentication is enabled in the sharded cluster - authenticationMechanisms	Unix	CIS MongoDB 4 L1 OS Linux v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - CAFile	Windows	CIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - CAFile	Unix	CIS MongoDB 4 L1 OS Linux v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - CAFile	Unix	CIS MongoDB 5 L2 OS Linux v1.2.0
2.3 Ensure authentication is enabled in the sharded cluster - CAFile	Windows	CIS MongoDB 5 L2 OS Windows v1.2.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterAuthMode	Unix	CIS MongoDB 4 L1 OS Linux v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterAuthMode	Windows	CIS MongoDB 5 L2 OS Windows v1.2.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterAuthMode	Windows	CIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterAuthMode	Unix	CIS MongoDB 5 L2 OS Linux v1.2.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterFile	Windows	CIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterFile	Unix	CIS MongoDB 5 L2 OS Linux v1.2.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterFile	Windows	CIS MongoDB 5 L2 OS Windows v1.2.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterFile	Unix	CIS MongoDB 4 L1 OS Linux v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - PEMKeyFile	Unix	CIS MongoDB 4 L1 OS Linux v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - PEMKeyFile	Windows	CIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - PEMKeyFile	Windows	CIS MongoDB 5 L2 OS Windows v1.2.0
2.3 Ensure authentication is enabled in the sharded cluster - PEMKeyFile	Unix	CIS MongoDB 5 L2 OS Linux v1.2.0
2.4 (L2) Ensure default self-signed certificate for ESXi communication is not used	Unix	CIS VMware ESXi 7.0 v1.4.0 L2 Bare Metal
2.4 Ensure default self-signed certificate for ESXi communication is not used	Unix	CIS VMware ESXi 6.7 v1.3.0 Level 2 Bare Metal
3.10.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Intune for Windows 11 v3.0.1 L2
3.10.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Intune for Windows 10 v3.0.1 L2
4.10 (L1) Host must verify certificates for TLS remote logging endpoints	VMware	CIS VMware ESXi 8.0 v1.1.0 L1
4.11 (L1) Host must use strict x509 verification for TLS-enabled remote logging endpoints	VMware	CIS VMware ESXi 8.0 v1.1.0 L1
18.9.11.2.2 (BL) Ensure 'Allow Secure Boot for integrity validation' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.9.11.2.2 (BL) Ensure 'Allow Secure Boot for integrity validation' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.23.1 (L1) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L2
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NG
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L2 BL
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + NG
18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker

Detections

Analytics

CSCv7|1.8

Title

Description

Reference Item Details

Audit Items