CSCv7|16

Title

Account Monitoring and Control

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Account Monitoring and Control

Audit Items

Name	Plugin	Audit Name
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd	Unix	CIS Kubernetes Benchmark v1.7.1 L1 Master
1.2.23 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.23 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.23 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes Benchmark v1.7.1 L1 Master
1.2.26 Ensure that the --service-account-lookup argument is set to true	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.3 Ensure security questions are registered in the AWS account	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
1.3.1 Ensure 'Minimum Password Complexity' is enabled	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.6 Ensure 'Minimum Special Characters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.6 Ensure 'Minimum Special Characters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.6 Ensure 'Minimum Special Characters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.9 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.9 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.9 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Failed Attempts	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Failed Attempts	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Failed Attempts	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Lockout Time	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Lockout Time	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Lockout Time	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.8 Ensure IAM password policy requires minimum length of 14 or greater	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
1.11 Do not setup access keys during initial user setup for all IAM users that have a console password	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
1.12 Ensure API Keys Are Not Created for a Project	GCP	CIS Google Cloud Platform v1.3.0 L2
1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps	GCP	CIS Google Cloud Platform v1.3.0 L1
1.14 Ensure access keys are rotated every 90 days or less	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
1.14 Ensure API Keys Are Restricted to Only APIs That Application Needs Access	GCP	CIS Google Cloud Platform v1.3.0 L1
1.15 Ensure API Keys Are Rotated Every 90 Days	GCP	CIS Google Cloud Platform v1.3.0 L1
1.15 Ensure IAM Users Receive Permissions Only Through Groups	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
2.1 Ensure that IP addresses are mapped to usernames - User ID Agents	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - User ID Agents	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2

Detections

Analytics

CSCv7|16

Title

Reference Item Details

Audit Items