CSCv7|16

Title

Account Monitoring and Control

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Account Monitoring and Control

Audit Items

Name	Plugin	Audit Name
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.22 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.23 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.23 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.3 Ensure security questions are registered in the AWS account	amazon_aws	CIS Amazon Web Services Foundations L1 2.0.0
1.3.1 Ensure 'Minimum Password Complexity' is enabled	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.6 Ensure 'Minimum Special Characters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.6 Ensure 'Minimum Special Characters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.6 Ensure 'Minimum Special Characters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.6 Ensure 'Minimum Special Characters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.9 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.9 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.9 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.9 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Failed Attempts	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Failed Attempts	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Failed Attempts	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Lockout Time	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.11 Do not setup access keys during initial user setup for all IAM users that have a console password	amazon_aws	CIS Amazon Web Services Foundations L1 2.0.0
1.14 Ensure access keys are rotated every 90 days or less	amazon_aws	CIS Amazon Web Services Foundations L1 2.0.0
1.15 Ensure IAM Users Receive Permissions Only Through Groups	amazon_aws	CIS Amazon Web Services Foundations L1 2.0.0

Detections

Analytics

CSCv7|16

Title

Reference Item Details

Audit Items