CSCv7|14.8

Title

Encrypt Sensitive Information at Rest

Description

Encrypt all sensitive information at rest using a tool that requires a secondary authentication mechanism not integrated into the operating system, in order to access the information.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.34 Ensure that the --encryption-provider-config argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.35 Ensure that the encryption provider is set to aescbc	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.23 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate	Unix	CIS Kubernetes v1.10.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfile	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfile	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfile	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfile	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --etcd-cafile argument is set as appropriate	Unix	CIS Kubernetes v1.10.0 L1 Master
1.2.27 Ensure that the --encryption-provider-config argument is set as appropriate	Unix	CIS Kubernetes v1.10.0 L1 Master
1.2.27 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.28 Ensure that encryption providers are appropriately configured	Unix	CIS Kubernetes v1.10.0 L1 Master
1.2.28 Ensure that the --etcd-cafile argument is set as appropriate	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.28 Ensure that the --etcd-cafile argument is set as appropriate	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfile	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfile	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that the --encryption-provider-config argument is set as appropriate	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that the --encryption-provider-config argument is set as appropriate	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.30 Ensure that encryption providers are appropriately configured	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.30 Ensure that encryption providers are appropriately configured	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.31 Ensure that encryption providers are appropriately configured	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.31 Ensure that the --etcd-cafile argument is set as appropriate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.32 Ensure that the --encryption-provider-config argument is set as appropriate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.33 Ensure that encryption providers are appropriately configured	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.4.2 Configure Password Encryption	Cisco	CIS Cisco NX-OS L2 v1.1.0
1.10 Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days	GCP	CIS Google Cloud Platform v3.0.0 L1
1.17 Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager	GCP	CIS Google Cloud Platform v3.0.0 L1
10.19 Ensure Manager Application Passwords are Encrypted	Unix	CIS Apache Tomcat 11 v1.0.0 L1
10.19 Ensure Manager Application Passwords are Encrypted	Unix	CIS Apache Tomcat 9 L1 v1.2.0
10.19 Ensure Manager Application Passwords are Encrypted	Unix	CIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.19 Ensure Manager Application Passwords are Encrypted	Unix	CIS Apache Tomcat 10.1 v1.1.0 L1
10.19 Ensure Manager Application Passwords are Encrypted	Unix	CIS Apache Tomcat 10 L1 v1.1.0
10.19 Ensure Manager Application Passwords are Encrypted	Unix	CIS Apache Tomcat 10 L1 v1.1.0 Middleware
18.10.58.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.10.58.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.10.58.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.10.58.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.10.58.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.10.58.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.10.58.3 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.10.58.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS
18.10.58.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server
18.10.58.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC
18.10.58.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS
18.10.58.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
18.10.58.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC
18.10.58.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller
18.10.58.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS
18.10.58.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
18.10.58.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
18.10.58.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS

Detections

Analytics

CSCv7|14.8

Title

Description

Reference Item Details

Audit Items