CSCv7|14.4

Title

Encrypt All Sensitive Information in Transit

Description

Encrypt all sensitive information in transit.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.4 Ensure that the --kubelet-https argument is set to true	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.7 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.29 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.31 Ensure that the --etcd-cafile argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - HTTPS	Windows	CIS Microsoft SharePoint 2019 OS v1.0.0
1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443	Windows	CIS Microsoft SharePoint 2019 OS v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.2.3 Ensure that the --kubelet-https argument is set to true	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.16 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.16 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.16 Ensure that the --secure-port argument is not set to 0 - NoteThis recommendation is obsolete and will be deleted per the consensus process.	Unix	CIS Kubernetes Benchmark v1.8.0 L2 Master
1.2.18 Ensure that the --secure-port argument is not set to 0 - KubeApiServers	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.18 Ensure that the --secure-port argument is not set to 0 - Pods	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.19 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.25 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.25 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.26 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.27 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.29 Ensure that the --client-ca-file argument is set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.30 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.30 Ensure that the --etcd-cafile argument is set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS AlmaLinux OS 9 Workstation L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Fedora 28 Family Linux Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Oracle Linux 9 Workstation L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Rocky Linux 9 Workstation L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Oracle Linux 9 Server L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Rocky Linux 9 Server L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS AlmaLinux OS 9 Server L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS CentOS Linux 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS CentOS Linux 8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Red Hat EL9 Workstation L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Fedora 28 Family Linux Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Red Hat EL9 Server L1 v1.0.0
1.12 Ensure 'Internet-facing receive connectors' is set to 'Tls, BasicAuth, BasicAuthRequireTLS'	Windows	CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0

Detections

Analytics

CSCv7|14.4

Title

Description

Reference Item Details

Audit Items