CSCv7|14

Title

Controlled Access Based on the Need to Know

Reference Item Details

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Create a separate partition for containersUnixCIS Docker 1.11.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containersUnixCIS Docker 1.12.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containersUnixCIS Docker 1.13.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containersUnixCIS Docker 1.6 v1.0.0 L1 Linux
1.1 Ensure 'Web content' is on non-system partitionWindowsCIS IIS 10 v1.2.1 Level 1
1.1 Ensure a separate partition for containers has been createdUnixCIS Docker Community Edition v1.1.0 L1 Linux Host OS
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceUnixCIS Oracle MySQL Community Server 8.4 v1.0.0 L1 OS Linux on Linux
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceUnixCIS MySQL 8.0 Community Linux OS L1 v1.1.0
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceUnixCIS MySQL 8.0 Enterprise Linux OS L1 v1.4.0
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceUnixCIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L1 MySQL OS Linux
1.3 Ensure device is physically securedJuniperCIS Juniper OS Benchmark v2.1.0 L1
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MDMAirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MDMAirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MDMMobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MDMMobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zonesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zonesPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
3.4 Ensure that Cassandra is run using a non-privileged, dedicated service accountUnixCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
3.4 Ensure that Cassandra is run using a non-privileged, dedicated service accountUnixCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
4.2.6 Ensure that the --make-iptables-util-chains argument is set to trueUnixCIS Kubernetes v1.11.1 L1 Worker Node
4.2.7 Ensure that the --make-iptables-util-chains argument is set to trueUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker
4.2.7 Ensure that the --make-iptables-util-chains argument is set to trueUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker
4.2.7 Ensure that the --make-iptables-util-chains argument is set to trueUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesMDMMobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesMDMMobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesMDMAirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devicesMDMAirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1
5.1.2 Minimize access to secretsUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.1.2 Minimize access to secretsUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.1.2 Minimize access to secretsUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.1.2 Minimize access to secretsUnixCIS Kubernetes v1.11.1 L1 Master Node
5.1.3 Minimize wildcard use in Roles and ClusterRolesUnixCIS Kubernetes v1.11.1 L1 Worker Node
5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterrolesUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker
5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterrolesUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker
5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterrolesUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker
5.1.3 Minimize wildcard use in Roles and ClusterRoles - rolesUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker
5.1.3 Minimize wildcard use in Roles and ClusterRoles - rolesUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker
5.1.3 Minimize wildcard use in Roles and ClusterRoles - rolesUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker
5.1.4 Minimize access to create podsUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.1.4 Minimize access to create podsUnixCIS Kubernetes v1.11.1 L1 Master Node
5.1.4 Minimize access to create podsUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.1.4 Minimize access to create podsUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.1.9 Minimize access to create persistent volumesUnixCIS Kubernetes v1.11.1 L1 Master Node
5.1.10 Minimize access to the proxy sub-resource of nodesUnixCIS Kubernetes v1.11.1 L1 Master Node
5.1.11 Minimize access to the approval sub-resource of certificatesigningrequests objectsUnixCIS Kubernetes v1.11.1 L1 Master Node
5.1.12 Minimize access to webhook configuration objectsUnixCIS Kubernetes v1.11.1 L1 Master Node
5.1.13 Minimize access to the service account token creationUnixCIS Kubernetes v1.11.1 L1 Master Node
6.1.10 Ensure no world writable files existUnixCIS Debian 9 Workstation L1 v1.0.1
6.1.10 Ensure no world writable files existUnixCIS Debian 9 Server L1 v1.0.1