Detections
Analytics

CSCv7|14.1

Title

Segment the Network Based on Sensitivity

Description

Segment the network based on the label or classification level of the information stored on the servers, locate all sensitive information on separated Virtual Local Area Networks (VLANs).

Reference Item Details

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.6.3 Create network segmentation using Network PoliciesUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.17 Ensure a support role has been created to manage incidents with AWS Supportamazon_awsCIS Amazon Web Services Foundations v4.0.1 L1
1.18 Ensure IAM instance roles are used for AWS resource access from instancesamazon_awsCIS Amazon Web Services Foundations v4.0.1 L2
1.22 Ensure access to AWSCloudShellFullAccess is restrictedamazon_awsCIS Amazon Web Services Foundations v4.0.1 L1
2.3.10.6 (L1) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.3.10.6 Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
3.3.7 Ensure that Private Endpoints are Used for Azure Key Vaultmicrosoft_azureCIS Microsoft Azure Foundations v3.0.0 L2
4.3.1 Ensure that all Namespaces have Network Policies definedGCPCIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2
4.3.2 Ensure that all Namespaces have Network Policies definedGCPCIS Google Kubernetes Engine (GKE) v1.7.0 L2
4.9 Ensure Private Endpoints are used to access Storage Accountsmicrosoft_azureCIS Microsoft Azure Foundations v3.0.0 L2
5.2.3 Minimize the admission of containers wishing to share the host IPC namespaceUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.2.4 Minimize the admission of containers wishing to share the host IPC namespaceUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.2.4 Minimize the admission of containers wishing to share the host IPC namespaceUnixCIS Kubernetes v1.10.0 L1 Master
5.2.4 Minimize the admission of containers wishing to share the host IPC namespaceUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.2.4 Minimize the admission of containers wishing to share the host network namespaceUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
5.2.4 Minimize the admission of containers wishing to share the host network namespaceOpenShiftCIS RedHat OpenShift Container Platform v1.6.0 L1
5.2.5 Minimize the admission of containers wishing to share the host network namespaceUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.2.5 Minimize the admission of containers wishing to share the host network namespaceUnixCIS Kubernetes v1.10.0 L1 Master
5.2.5 Minimize the admission of containers wishing to share the host network namespaceUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
5.4.1 Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networksmicrosoft_azureCIS Microsoft Azure Foundations v3.0.0 L2
5.4.2 Ensure That Private Endpoints Are Used Where Possiblemicrosoft_azureCIS Microsoft Azure Foundations v3.0.0 L2
5.6.2 Ensure use of VPC-native clustersGCPCIS Google Kubernetes Engine (GKE) v1.7.0 L1
5.16 Ensure that the host's process namespace is not sharedUnixCIS Docker v1.7.0 L1 Docker - Linux
5.17 Ensure that the host's IPC namespace is not sharedUnixCIS Docker v1.7.0 L1 Docker - Linux
5.21 Ensure that the host's UTS namespace is not sharedUnixCIS Docker v1.7.0 L1 Docker - Linux
5.31 Ensure that the host's user namespaces are not sharedUnixCIS Docker v1.7.0 L1 Docker - Linux
6.2.1 (L1) Host must isolate storage communicationsVMwareCIS VMware ESXi 8.0 v1.1.0 L1
6.3 (L1) Ensure storage area network (SAN) resources are segregated properlyVMwareCIS VMware ESXi 7.0 v1.4.0 L1
6.3 Ensure storage area network (SAN) resources are segregated properlyVMwareCIS VMware ESXi 6.7 v1.3.0 Level 1
6.3 Ensure storage area network (SAN) resources are segregated properlyVMwareCIS VMware ESXi 6.5 v1.0.0 Level 1
7.9 Ensure that management plane traffic is separated from data plane trafficUnixCIS Docker v1.7.0 L1 Docker Swarm
18.9.35.1 (L1) Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.35.1 Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1