CSCv7|12.9

Title

Deploy Application Layer Filtering Proxy Server

Description

Ensure that all network traffic to or from the Internet passes through an authenticated application layer proxy that is configured to filter unauthorized connections.

Reference Item Details

Category: Boundary Defense

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.15 Ensure that the admission control plugin NodeRestriction is setUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.15 Ensure that the admission control plugin NodeRestriction is setUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.15 Ensure that the admission control plugin NodeRestriction is setUnixCIS Kubernetes Benchmark v1.8.0 L2 Master
1.2.16 Ensure that the admission control plugin NodeRestriction is setUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
2.16 Ensure 'Proxy settings' is set to 'Enabled' and does not contain 'ProxyMode': 'auto_detect'WindowsCIS Google Chrome L1 v2.1.0
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
5.2.2 Minimize the admission of containers wishing to share the host process ID namespaceUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.2.3 Minimize the admission of containers wishing to share the host IPC namespaceOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
5.2.3 Minimize the admission of containers wishing to share the host process ID namespaceUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
5.2.3 Minimize the admission of containers wishing to share the host process ID namespaceUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.2.3 Minimize the admission of containers wishing to share the host process ID namespaceUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.3 Ensure forwarding of decrypted content to WildFire is enabledPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
5.4 Ensure forwarding of decrypted content to WildFire is enabledPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
5.4 Ensure forwarding of decrypted content to WildFire is enabledPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
5.4 Ensure forwarding of decrypted content to WildFire is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configuredPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - Invalid CategoriesPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - Invalid CategoriesPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - Invalid CategoriesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - PoliciesPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - PoliciesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - PoliciesPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLSPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
8.3 Ensure that the Certificate used for Decryption is TrustedPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L2
8.3 Ensure that the Certificate used for Decryption is TrustedPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
8.3 Ensure that the Certificate used for Decryption is TrustedPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L2
8.3 Ensure that the Certificate used for Decryption is TrustedPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L2
8.3 Ensure that the Certificate used for Decryption is TrustedPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
8.3 Ensure that the Certificate used for Decryption is TrustedPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
8.3 Ensure that the Certificate used for Decryption is TrustedPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
8.3 Ensure that the Certificate used for Decryption is TrustedPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0