Detections
Analytics

CSCv7|14.8

Title

Encrypt Sensitive Information at Rest

Description

Encrypt all sensitive information at rest using a tool that requires a secondary authentication mechanism not integrated into the operating system, in order to access the information.

Reference Item Details

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.1 Ensure all information at rest is encryptedUnixCIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG
1.1.34 Ensure that the --encryption-provider-config argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.35 Ensure that the encryption provider is set to aescbcUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.23 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriateUnixCIS Kubernetes v1.12.0 L1 Master Node
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriateOpenShiftCIS Red Hat OpenShift Container Platform v1.8.0 L1 OpenShift
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes v1.12.0 L1 Master Node
1.2.27 Ensure that the --encryption-provider-config argument is set as appropriateUnixCIS Kubernetes v1.12.0 L1 Master Node
1.2.28 Ensure that encryption providers are appropriately configuredUnixCIS Kubernetes v1.12.0 L1 Master Node
1.2.28 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.28 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that encryption providers are appropriately configuredOpenShiftCIS Red Hat OpenShift Container Platform v1.8.0 L1 OpenShift
1.2.29 Ensure that the --encryption-provider-config argument is set as appropriateUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that the --encryption-provider-config argument is set as appropriateUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.30 Ensure that encryption providers are appropriately configuredUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.30 Ensure that encryption providers are appropriately configuredUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.31 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.32 Ensure that the --encryption-provider-config argument is set as appropriateUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.33 Ensure that encryption providers are appropriately configuredUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.4.2 Configure Password EncryptionCiscoCIS Cisco NX-OS v1.2.0 L2
1.10 Ensure KMS Encryption Keys Are Rotated Within a Period of 90 DaysGCPCIS Google Cloud Platform Foundation v4.0.0 L1
1.16 UBTU-22-231010UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.17 Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret ManagerGCPCIS Google Cloud Platform Foundation v4.0.0 L1
1.104 UBTU-24-600090UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
10.19 Ensure Manager Application Passwords are EncryptedUnixCIS Apache Tomcat 11 v1.0.0 L1
10.19 Ensure Manager Application Passwords are EncryptedUnixCIS Apache Tomcat 9 L1 v1.2.0
10.19 Ensure Manager Application Passwords are EncryptedUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.19 Ensure Manager Application Passwords are EncryptedUnixCIS Apache Tomcat 10.1 v1.1.0 L1
10.19 Ensure Manager Application Passwords are EncryptedUnixCIS Apache Tomcat 10 L1 v1.1.0
10.19 Ensure Manager Application Passwords are EncryptedUnixCIS Apache Tomcat 10 L1 v1.1.0 Middleware
18.10.58.5 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.59.2 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Windows Server 2012 DC L1 v3.0.0
18.10.59.2 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
18.10.59.2 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Windows Server 2012 MS L1 v3.0.0
18.10.59.2 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
18.10.59.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 v4.0.0 L1 DC
18.10.59.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v4.0.0 L1 DC
18.10.59.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v4.0.0 L1 MS
18.10.59.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 v4.0.0 L1 DC
18.10.59.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2025 v1.0.0 L1 DC
18.10.59.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 v4.0.0 L1 MS
18.10.59.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L1 MS
18.10.59.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS
18.10.59.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS
18.10.59.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 v4.0.0 L1 MS