CSCv7|14.1

Title

Segment the Network Based on Sensitivity

Description

Segment the network based on the label or classification level of the information stored on the servers, locate all sensitive information on separated Virtual Local Area Networks (VLANs).

Reference Item Details

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.6.3 Create network segmentation using Network PoliciesUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.16 Ensure a support role has been created to manage incidents with AWS Supportamazon_awsCIS Amazon Web Services Foundations v5.0.0 L1
1.17 Ensure IAM instance roles are used for AWS resource access from instancesamazon_awsCIS Amazon Web Services Foundations v5.0.0 L2
1.21 Ensure access to AWSCloudShellFullAccess is restrictedamazon_awsCIS Amazon Web Services Foundations v5.0.0 L1
2.2.2.1 Ensure Private Endpoints are used to access {service}microsoft_azureCIS Microsoft Azure Foundations v4.0.0 L2
2.3.10.6 (L1) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.3.10.6 Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
3.1.1 Ensure that Azure Databricks is deployed in a customer-managed virtual network (VNet)microsoft_azureCIS Microsoft Azure Foundations v4.0.0 L1
4.3.1 Ensure that all Namespaces have Network Policies definedGCPCIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2
4.3.2 Ensure that all Namespaces have Network Policies definedGCPCIS Google Kubernetes Engine (GKE) v1.7.0 L2
5.2.3 Minimize the admission of containers wishing to share the host IPC namespaceUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.2.4 Minimize the admission of containers wishing to share the host IPC namespaceUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.2.4 Minimize the admission of containers wishing to share the host IPC namespaceUnixCIS Kubernetes v1.10.0 L1 Master
5.2.4 Minimize the admission of containers wishing to share the host IPC namespaceUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.2.4 Minimize the admission of containers wishing to share the host network namespaceUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.2.4 Minimize the admission of containers wishing to share the host network namespaceOpenShiftCIS Red Hat OpenShift Container Platform v1.7.0 L1
5.2.5 Minimize the admission of containers wishing to share the host network namespaceUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.2.5 Minimize the admission of containers wishing to share the host network namespaceUnixCIS Kubernetes v1.10.0 L1 Master
5.2.5 Minimize the admission of containers wishing to share the host network namespaceUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.6.2 Ensure use of VPC-native clustersGCPCIS Google Kubernetes Engine (GKE) v1.7.0 L1
5.16 Ensure that the host's process namespace is not sharedUnixCIS Docker v1.7.0 L1 Docker - Linux
5.17 Ensure that the host's IPC namespace is not sharedUnixCIS Docker v1.7.0 L1 Docker - Linux
5.21 Ensure that the host's UTS namespace is not sharedUnixCIS Docker v1.7.0 L1 Docker - Linux
5.31 Ensure that the host's user namespaces are not sharedUnixCIS Docker v1.7.0 L1 Docker - Linux
6.2.1 (L1) Host must isolate storage communicationsVMwareCIS VMware ESXi 8.0 v1.2.0 L1
6.3 (L1) Ensure storage area network (SAN) resources are segregated properlyVMwareCIS VMware ESXi 7.0 v1.4.0 L1
6.3 Ensure storage area network (SAN) resources are segregated properlyVMwareCIS VMware ESXi 6.7 v1.3.0 Level 1
6.3 Ensure storage area network (SAN) resources are segregated properlyVMwareCIS VMware ESXi 6.5 v1.0.0 Level 1
7.9 Ensure that management plane traffic is separated from data plane trafficUnixCIS Docker v1.7.0 L1 Docker Swarm
9.3.8 Ensure that Private Endpoints are Used for Azure Key Vaultmicrosoft_azureCIS Microsoft Azure Foundations v4.0.0 L2
10.3.2.1 Ensure Private Endpoints are used to access Storage Accountsmicrosoft_azureCIS Microsoft Azure Foundations v4.0.0 L2
18.9.35.1 (L1) Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.35.1 Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1