CSCv7|14

Title

Controlled Access Based on the Need to Know

Reference Item Details

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Create a separate partition for containersUnixCIS Docker 1.12.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containersUnixCIS Docker 1.11.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containersUnixCIS Docker 1.13.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containersUnixCIS Docker 1.6 v1.0.0 L1 Linux
1.1 Ensure 'Web content' is on non-system partitionWindowsCIS IIS 10 v1.2.1 Level 1
1.1 Ensure 'Web content' is on non-system partitionWindowsCIS IIS 10 v1.2.0 Level 1
1.1 Ensure a separate partition for containers has been createdUnixCIS Docker Community Edition v1.1.0 L1 Linux Host OS
1.1 Ensure web content is on non-system partitionWindowsCIS IIS 10 v1.1.0 Level 1
1.1 Ensure web content is on non-system partitionWindowsCIS IIS 10 v1.1.1 Level 1
1.1.1 Ensure a separate partition for containers has been createdUnixCIS Docker v1.5.0 L1 Linux Host OS
1.1.1 Ensure a separate partition for containers has been createdUnixCIS Docker v1.6.0 L1 Docker Linux
1.1.1 Ensure a separate partition for containers has been createdUnixCIS Docker v1.3.1 L1 Linux Host OS
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceUnixCIS MySQL 8.0 Enterprise Linux OS L1 v1.2.1
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceUnixCIS MySQL 8.0 Enterprise Linux OS L1 v1.3.0
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceUnixCIS MySQL 8.0 Community Linux OS L1 v1.0.0
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceUnixCIS MySQL 8.0 Enterprise Linux OS L1 v1.0.0
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/ServiceUnixCIS MySQL 8.0 Enterprise Linux OS L1 v1.1.0
1.2.1 Ensure that the --anonymous-auth argument is set to falseUnixCIS Kubernetes Benchmark v1.5.1 L1
1.2.1 Ensure that the --anonymous-auth argument is set to falseUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.10 Ensure that the admission control plugin AlwaysAdmit is not setUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.11 Ensure that the admission control plugin AlwaysAdmit is not setUnixCIS Kubernetes Benchmark v1.5.1 L1
1.2.11 Ensure that the admission control plugin AlwaysAdmit is not setUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.20 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.21 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes Benchmark v1.5.1 L1
1.2.21 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.3 Ensure device is physically securedJuniperCIS Juniper OS Benchmark v2.0.0 L1
1.3 Ensure device is physically securedJuniperCIS Juniper OS Benchmark v2.1.0 L1
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.13 Ensure that 'Members can invite' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.14 Ensure that 'Guests can invite' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L1
1.17 Ensure a support role has been created to manage incidents with AWS Supportamazon_awsCIS Amazon Web Services Foundations L1 1.4.0
1.17 Ensure a support role has been created to manage incidents with AWS Supportamazon_awsCIS Amazon Web Services Foundations L1 2.0.0
1.17 Ensure a support role has been created to manage incidents with AWS Supportamazon_awsCIS Amazon Web Services Foundations L1 1.3.0
1.17 Ensure a support role has been created to manage incidents with AWS Supportamazon_awsCIS Amazon Web Services Foundations L1 1.5.0
1.17 Ensure a support role has been created to manage incidents with AWS Supportamazon_awsCIS Amazon Web Services Foundations L1 3.0.0
1.20 Ensure that IAM Access analyzer is enabled for all regionsamazon_awsCIS Amazon Web Services Foundations L1 1.4.0
1.20 Ensure that IAM Access analyzer is enabled for all regionsamazon_awsCIS Amazon Web Services Foundations L1 3.0.0
1.20 Ensure that IAM Access analyzer is enabled for all regionsamazon_awsCIS Amazon Web Services Foundations L1 2.0.0
1.20 Ensure that IAM Access analyzer is enabled for all regionsamazon_awsCIS Amazon Web Services Foundations L1 1.5.0
1.21 Ensure that IAM Access analyzer is enabledamazon_awsCIS Amazon Web Services Foundations L1 1.3.0
1.22 Ensure access to AWSCloudShellFullAccess is restrictedamazon_awsCIS Amazon Web Services Foundations L1 3.0.0
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MDMAirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MDMAirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MDMMobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1
2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'MDMMobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1
2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zonesPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zonesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zonesPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zonesPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1