CSCv7|14.4

Title

Encrypt All Sensitive Information in Transit

Description

Encrypt all sensitive information in transit.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.4 Ensure that the --kubelet-https argument is set to true	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.7 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.29 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.31 Ensure that the --etcd-cafile argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.37 (L1) Ensure 'Maximum SSL version enabled' is set to 'Enabled: TLS 1.3'	Windows	CIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.38 (L1) Ensure 'Minimum SSL version enabled' is set to 'Enabled: TLS 1.2'	Windows	CIS Mozilla Firefox ESR GPO v1.0.0 L1
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPS	Windows	CIS Microsoft SharePoint 2019 OS v1.0.0
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443	Windows	CIS Microsoft SharePoint 2019 OS v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 11 v1.1.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 10 v1.2.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.3 Ensure that the --kubelet-https argument is set to true	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles	Palo_Alto	CIS Palo Alto Firewall 11 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles	Palo_Alto	CIS Palo Alto Firewall 10 v1.2.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - Telnet	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Use https for kubelet connections	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.5 Ensure valid certificate is set for browser-based administrator interface	Palo_Alto	CIS Palo Alto Firewall 11 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface	Palo_Alto	CIS Palo Alto Firewall 10 v1.2.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.2.16 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.16 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.18 Ensure that the --secure-port argument is not set to 0	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.19 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.24 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate	Unix	CIS Kubernetes v1.10.0 L1 Master
1.2.25 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes v1.10.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.27 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.29 Ensure that the --client-ca-file argument is set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.30 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.30 Ensure that the --etcd-cafile argument is set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS CentOS Linux 8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Fedora 28 Family Linux Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS CentOS Linux 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Fedora 28 Family Linux Workstation L1 v2.0.0
1.10.1 (L1) Ensure 'Allow Basic authentication for HTTP' is set to 'Disabled'	Windows	CIS Microsoft Edge v3.0.0 L1
1.10.3 (L2) Ensure 'Supported authentication schemes' is set to 'Enabled: ntlm, negotiate'	Windows	CIS Microsoft Edge v3.0.0 L2
1.12 Ensure 'Internet-facing receive connectors' is set to 'Tls, BasicAuth, BasicAuthRequireTLS'	Windows	CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0

Detections

Analytics

CSCv7|14.4

Title

Description

Reference Item Details

Audit Items