CSCv7|16

Title

Account Monitoring and Control

Reference Item Details

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdUnixCIS Kubernetes Benchmark v1.7.1 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdUnixCIS Kubernetes Benchmark v1.9.0 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.13 Ensure that the admission control plugin ServiceAccount is setUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.14 Ensure that the admission control plugin ServiceAccount is setUnixCIS Kubernetes Benchmark v1.5.1 L1
1.2.14 Ensure that the admission control plugin ServiceAccount is setUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.21 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes Benchmark v1.9.0 L1 Master
1.2.22 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes Benchmark v1.7.1 L1 Master
1.2.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes Benchmark v1.5.1 L1
1.10 Ensure KMS encryption keys are rotated within a period of 90 daysGCPCIS Google Cloud Platform v1.1.0 L1
1.11 Do not setup access keys during initial user setup for all IAM users that have a console passwordamazon_awsCIS Amazon Web Services Foundations L1 1.3.0
1.11 Do not setup access keys during initial user setup for all IAM users that have a console passwordamazon_awsCIS Amazon Web Services Foundations L1 2.0.0
1.11 Do not setup access keys during initial user setup for all IAM users that have a console passwordamazon_awsCIS Amazon Web Services Foundations L1 3.0.0
1.11 Do not setup access keys during initial user setup for all IAM users that have a console passwordamazon_awsCIS Amazon Web Services Foundations L1 1.5.0
1.11 Do not setup access keys during initial user setup for all IAM users that have a console passwordamazon_awsCIS Amazon Web Services Foundations L1 1.4.0
1.11 Ensure that Separation of duties is enforced while assigning KMS related roles to usersGCPCIS Google Cloud Platform v1.1.0 L2
1.12 Ensure API Keys Are Not Created for a ProjectGCPCIS Google Cloud Platform v1.3.0 L2
1.12 Ensure API keys are not created for a projectGCPCIS Google Cloud Platform v1.1.0 L2
1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and AppsGCPCIS Google Cloud Platform v1.3.0 L1
1.13 Ensure API keys are restricted to use by only specified Hosts and AppsGCPCIS Google Cloud Platform v1.1.0 L1
1.13 Ensure that 'Members can invite' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.14 Ensure access keys are rotated every 90 days or lessamazon_awsCIS Amazon Web Services Foundations L1 1.5.0
1.14 Ensure access keys are rotated every 90 days or lessamazon_awsCIS Amazon Web Services Foundations L1 1.4.0
1.14 Ensure access keys are rotated every 90 days or lessamazon_awsCIS Amazon Web Services Foundations L1 2.0.0
1.14 Ensure access keys are rotated every 90 days or lessamazon_awsCIS Amazon Web Services Foundations L1 3.0.0
1.14 Ensure access keys are rotated every 90 days or lessamazon_awsCIS Amazon Web Services Foundations L1 1.3.0
1.14 Ensure API Keys Are Restricted to Only APIs That Application Needs AccessGCPCIS Google Cloud Platform v1.3.0 L1
1.14 Ensure API keys are restricted to only APIs that application needs accessGCPCIS Google Cloud Platform v1.1.0 L1
1.14 Ensure that 'Guests can invite' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.15 Ensure API Keys Are Rotated Every 90 DaysGCPCIS Google Cloud Platform v1.3.0 L1
1.15 Ensure API keys are rotated every 90 daysGCPCIS Google Cloud Platform v1.1.0 L1
1.15 Ensure IAM Users Receive Permissions Only Through Groupsamazon_awsCIS Amazon Web Services Foundations L1 3.0.0
1.15 Ensure IAM Users Receive Permissions Only Through Groupsamazon_awsCIS Amazon Web Services Foundations L1 1.4.0
1.15 Ensure IAM Users Receive Permissions Only Through Groupsamazon_awsCIS Amazon Web Services Foundations L1 1.5.0
1.15 Ensure IAM Users Receive Permissions Only Through Groupsamazon_awsCIS Amazon Web Services Foundations L1 2.0.0
1.15 Ensure IAM Users Receive Permissions Only Through Groupsamazon_awsCIS Amazon Web Services Foundations L1 1.3.0
1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2