CSCv7|14.8

Title

Encrypt Sensitive Information at Rest

Description

Encrypt all sensitive information at rest using a tool that requires a secondary authentication mechanism not integrated into the operating system, in order to access the information.

Reference Item Details

Category: Controlled Access Based on the Need to Know

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.34 Ensure that the --encryption-provider-config argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.35 Ensure that the encryption provider is set to aescbcUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.24 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.24 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.27 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriateOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.28 Ensure that the --encryption-provider-config argument is set as appropriateUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.28 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.28 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that encryption providers are appropriately configuredUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.29 Ensure that the --encryption-provider-config argument is set as appropriateUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that the --encryption-provider-config argument is set as appropriateUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.30 Ensure that encryption providers are appropriately configuredUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.30 Ensure that encryption providers are appropriately configuredUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.31 Ensure that encryption providers are appropriately configuredOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.31 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.32 Ensure that the --encryption-provider-config argument is set as appropriateUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.33 Ensure that encryption providers are appropriately configuredUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.10 Ensure KMS Encryption Keys Are Rotated Within a Period of 90 DaysGCPCIS Google Cloud Platform v2.0.0 L1
1.17 Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption KeyGCPCIS Google Cloud Platform v2.0.0 L2
1.18 Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret ManagerGCPCIS Google Cloud Platform v2.0.0 L1
10.19 Ensure Manager Application Passwords are EncryptedUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.19 Ensure Manager Application Passwords are EncryptedUnixCIS Apache Tomcat 9 L1 v1.2.0
10.19 Ensure Manager Application Passwords are EncryptedUnixCIS Apache Tomcat 10 L1 v1.1.0 Middleware
10.19 Ensure Manager Application Passwords are EncryptedUnixCIS Apache Tomcat 10 L1 v1.1.0
18.10.59.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 MS
18.10.59.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows Server 2016 DC L1 v2.0.0
18.10.59.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows Server 2019 MS L1 v2.0.0
18.10.59.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows Server 2016 MS L1 v2.0.0
18.10.59.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 DC
18.10.59.3 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows Server 2019 DC L1 v2.0.0
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + NG
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1
18.10.59.5 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG