CSCv7|14.7

Title

Enforce Access Control to Data through Automated Tools

Description

Use an automated tool, such as host-based Data Loss Prevention, to enforce access controls to data even when data is copied off a system.

Reference Item Details

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.15 Ensure that the admission control plugin PodSecurityPolicy is setUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.25 Ensure that the --service-account-lookup argument is set to trueOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
2.1 Ensure that authentication is enabled for Cassandra databasesUnixCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
2.1 Ensure that authentication is enabled for Cassandra databasesUnixCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
2.2 Ensure that authorization is enabled for Cassandra databasesUnixCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
2.2 Ensure that authorization is enabled for Cassandra databasesUnixCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
3.2.1 Ensure DLP policies are enabledmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.0.0
3.2.2 Ensure DLP policies are enabled for Microsoft Teamsmicrosoft_azureCIS Microsoft 365 Foundations E5 L1 v3.0.0
3.3 Restrict Query OriginsUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
3.3 Restrict Query OriginsUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
4.1.6 Ensure that Service Account Tokens are only mounted where necessaryGCPCIS Google Kubernetes Engine (GKE) v1.5.0 L1
4.2.7 Ensure that the --make-iptables-util-chains argument is set to trueOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
4.8 Make use of default rolesPostgreSQLDBCIS PostgreSQL 10 DB v1.0.0
6.2.2 (L1) Host must ensure all datastores have unique namesVMwareCIS VMware ESXi 8.0 v1.1.0 L1
7.6 (L1) Virtual machines must limit console sharing.VMwareCIS VMware ESXi 8.0 v1.1.0 L1
8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly'UnixCIS Apache HTTP Server 2.4 L1 v2.1.0 Middleware
8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly'UnixCIS Apache HTTP Server 2.4 L1 v2.1.0
8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly'UnixCIS Apache HTTP Server 2.2 L2 v3.6.0
8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly'UnixCIS Apache HTTP Server 2.2 L1 v3.6.0
8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly'UnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
8.1.1 (L2) Ensure only one remote console connection is permitted to a VM at any timeVMwareCIS VMware ESXi 7.0 v1.4.0 L2
8.1.1 Ensure external file sharing in Teams is enabled for only approved cloud storage servicesmicrosoft_azureCIS Microsoft 365 Foundations E3 L2 v3.0.0
8.1.2 Ensure only one remote console connection is permitted to a VM at any timeVMwareCIS VMware ESXi 6.7 v1.3.0 Level 2
10.1 Ensure SELinux Is Enabled in Enforcing Mode - config fileUnixCIS BIND DNS v1.0.0 L2 Caching Only Name Server
10.1 Ensure SELinux Is Enabled in Enforcing Mode - config fileUnixCIS BIND DNS v1.0.0 L2 Authoritative Name Server
10.1 Ensure SELinux Is Enabled in Enforcing Mode - current modeUnixCIS BIND DNS v1.0.0 L2 Caching Only Name Server
10.1 Ensure SELinux Is Enabled in Enforcing Mode - current modeUnixCIS BIND DNS v1.0.0 L2 Authoritative Name Server
11.1 Ensure SELinux Is Enabled in Enforcing ModeUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
11.1 Ensure SELinux Is Enabled in Enforcing ModeUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
11.1 Ensure SELinux Is Enabled in Enforcing Mode - configUnixCIS Apache HTTP Server 2.4 L2 v2.1.0
11.1 Ensure SELinux Is Enabled in Enforcing Mode - configUnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
11.1 Ensure SELinux Is Enabled in Enforcing Mode - currentUnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
11.1 Ensure SELinux Is Enabled in Enforcing Mode - currentUnixCIS Apache HTTP Server 2.4 L2 v2.1.0