CSCv7|14.8

Title

Encrypt Sensitive Information at Rest

Description

Encrypt all sensitive information at rest using a tool that requires a secondary authentication mechanism not integrated into the operating system, in order to access the information.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.34 Ensure that the --encryption-provider-config argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.35 Ensure that the encryption provider is set to aescbc	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.24 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfile	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.24 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfile	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfile	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfile	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfile	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfile	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --etcd-cafile argument is set as appropriate	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.27 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.28 Ensure that the --encryption-provider-config argument is set as appropriate	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.28 Ensure that the --etcd-cafile argument is set as appropriate	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.28 Ensure that the --etcd-cafile argument is set as appropriate	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfile	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfile	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that encryption providers are appropriately configured	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.29 Ensure that the --encryption-provider-config argument is set as appropriate	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that the --encryption-provider-config argument is set as appropriate	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.30 Ensure that encryption providers are appropriately configured	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.30 Ensure that encryption providers are appropriately configured	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.31 Ensure that encryption providers are appropriately configured	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.31 Ensure that the --etcd-cafile argument is set as appropriate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.32 Ensure that the --encryption-provider-config argument is set as appropriate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.33 Ensure that encryption providers are appropriately configured	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.10 Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days	GCP	CIS Google Cloud Platform v2.0.0 L1
1.17 Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key	GCP	CIS Google Cloud Platform v2.0.0 L2
1.18 Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager	GCP	CIS Google Cloud Platform v2.0.0 L1
10.19 Ensure Manager Application Passwords are Encrypted	Unix	CIS Apache Tomcat 10 L1 v1.1.0
10.19 Ensure Manager Application Passwords are Encrypted	Unix	CIS Apache Tomcat 9 L1 v1.2.0
10.19 Ensure Manager Application Passwords are Encrypted	Unix	CIS Apache Tomcat 10 L1 v1.1.0 Middleware
10.19 Ensure Manager Application Passwords are Encrypted	Unix	CIS Apache Tomcat 9 L1 v1.2.0 Middleware
18.10.59.2 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Windows Server 2012 DC L1 v3.0.0
18.10.59.2 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
18.10.59.2 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
18.10.59.2 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
18.10.59.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 MS
18.10.59.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows Server 2016 MS L1 v2.0.0
18.10.59.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows Server 2019 Standalone DC L1 vCIS Microsoft Windows Server 2019 Standalone DC L1 v1.0.0
18.10.59.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows Server 2019 MS L1 v2.0.0
18.10.59.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows Server 2016 DC L1 v2.0.0
18.10.59.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows Server 2019 DC L1 v2.0.0
18.10.59.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 DC
18.10.59.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows Server 2019 MS Standalone L1 v1.0.0
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL

Detections

Analytics

CSCv7|14.8

Title

Description

Reference Item Details

Audit Items