CSCv7|14.8

Title

Encrypt Sensitive Information at Rest

Description

Encrypt all sensitive information at rest using a tool that requires a secondary authentication mechanism not integrated into the operating system, in order to access the information.

Reference Item Details

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.35 Ensure that the encryption provider is set to aescbcUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.27 Ensure that the --encryption-provider-config argument is set as appropriateUnixCIS Kubernetes v1.10.0 L1 Master
1.2.28 Ensure that encryption providers are appropriately configuredUnixCIS Kubernetes v1.10.0 L1 Master
1.2.30 Ensure that encryption providers are appropriately configuredUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.30 Ensure that encryption providers are appropriately configuredUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.31 Ensure that encryption providers are appropriately configuredOpenShiftCIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.33 Ensure that encryption providers are appropriately configuredUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.4.2 Configure Password EncryptionCiscoCIS Cisco NX-OS L2 v1.1.0
2.2 Ensure that the --client-cert-auth argument is set to trueUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
2.2 Ensure that the --client-cert-auth argument is set to trueUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
2.2 Ensure that the --client-cert-auth argument is set to trueUnixCIS Kubernetes v1.10.0 L1 Master
2.2 Ensure that the --client-cert-auth argument is set to trueOpenShiftCIS RedHat OpenShift Container Platform v1.6.0 L1
2.2 Ensure that the --client-cert-auth argument is set to trueUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
2.5.1.2 Ensure all user storage APFS volumes are encryptedUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.5.1.2 Ensure all user storage APFS volumes are encryptedUnixCIS Apple macOS 10.14 v2.0.0 L1
2.5.1.2 Ensure all user storage APFS volumes are encryptedUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
2.5.1.3 Ensure all user storage CoreStorage volumes are encryptedUnixCIS Apple macOS 10.14 v2.0.0 L1
2.5.1.3 Ensure all user storage CoreStorage volumes are encryptedUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
2.5.1.3 Ensure all user storage CoreStorage volumes are encryptedUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.7 Ensure that a unique Certificate Authority is used for etcdOpenShiftCIS RedHat OpenShift Container Platform v1.6.0 L2
2.8 (L1) Host must require TPM-based configuration encryptionVMwareCIS VMware ESXi 8.0 v1.1.0 L1
3.26 (L1) Host must enable the highest version of TLS supportedVMwareCIS VMware ESXi 8.0 v1.1.0 L1
4.1 Ensure yearly rekeying is enabled for a Snowflake accountSnowflakeCIS Snowflake Foundations v1.0.0 L2
4.2 Ensure AES encryption key size used to encrypt files stored in internal stages is set to 256 bitsSnowflakeCIS Snowflake Foundations v1.0.0 L1
4.2.4 Ensure that the --client-ca-file argument is set as appropriateOpenShiftCIS RedHat OpenShift Container Platform v1.6.0 L1
5.1.3 Ensure Signed System Volume (SSV) Is EnabledUnixCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1
5.1.4 Ensure Sealed System Volume (SSV) Is EnabledUnixCIS Apple macOS 12.0 Monterey v3.1.0 L1
5.1.4 Ensure Sealed System Volume (SSV) Is EnabledUnixCIS Apple macOS 13.0 Ventura v3.0.0 L1
5.1.4 Ensure Sealed System Volume (SSV) Is EnabledUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
5.1.4 Ensure Signed System Volume (SSV) Is EnabledUnixCIS Apple macOS 15.0 Sequoia v1.0.0 L1
5.1.4 Ensure Signed System Volume (SSV) Is EnabledUnixCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1
5.1.4 Ensure Signed System Volume (SSV) Is EnabledUnixCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1
5.1.4 Ensure Signed System Volume (SSV) Is EnabledUnixCIS Apple macOS 14.0 Sonoma v2.0.0 L1
6.2 Ensured 'HashPassword' is set in UsernameToken WS-Security policyUnixCIS IBM WebSphere Liberty v1.0.0 L1
6.6 Ensure Binary and Relay Logs are EncryptedUnixCIS MariaDB 10.6 on Linux L2 v1.1.0
6.6 Ensure Binary and Relay Logs are EncryptedMySQLDBCIS MariaDB 10.6 Database L2 v1.1.0
7.4 Ensure Network Encryption is Configured and EnabledMS_SQLDBCIS SQL Server 2022 Database L2 DB v1.1.0
7.5 Ensure Databases are Encrypted with TDEMS_SQLDBCIS SQL Server 2016 Database L2 DB v1.4.0
7.5 Ensure Databases are Encrypted with TDEMS_SQLDBCIS SQL Server 2022 Database L2 DB v1.1.0
7.5 Ensure Databases are Encrypted with TDEMS_SQLDBCIS SQL Server 2017 Database L2 DB v1.3.0
60.2 (L1) Ensure 'Allow Indexing Encrypted Stores Or Items' is set to 'Block'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
60.2 (L1) Ensure 'Allow Indexing Encrypted Stores Or Items' is set to 'Block'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1