CSCv7|14.4

Title

Encrypt All Sensitive Information in Transit

Description

Encrypt all sensitive information in transit.

Reference Item Details

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.4 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.7 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.29 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.31 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPSWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interfacePalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interfacePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interfacePalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.2.3 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTPPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTPPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - TelnetPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - TelnetPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.2.4 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.5 Ensure valid certificate is set for browser-based administrator interfacePalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.16 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.16 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.19 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.20 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.30 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.30 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.30 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.31 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.32 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.10 Ensure system-wide crypto policy is not legacyUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Rocky Linux 8 Server L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Fedora 28 Family Linux Server L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Rocky Linux 8 Workstation L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Fedora 28 Family Linux Workstation L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Red Hat EL8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Red Hat EL8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Oracle Linux 8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Oracle Linux 8 Workstation L1 v2.0.0
1.11 Ensure system-wide crypto policy is FUTURE or FIPSUnixCIS Fedora 28 Family Linux Workstation L2 v1.0.0
1.11 Ensure system-wide crypto policy is FUTURE or FIPSUnixCIS Fedora 28 Family Linux Server L2 v1.0.0