CSCv7|16

Title

Account Monitoring and Control

Reference Item Details

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.14 Ensure that the admission control plugin ServiceAccount is setUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.23 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --service-account-lookup argument is set to trueUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.3 Ensure security questions are registered in the AWS accountamazon_awsCIS Amazon Web Services Foundations L1 1.4.0
1.3.1 Ensure 'Minimum Password Complexity' is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.3.6 Ensure 'Minimum Special Characters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.6 Ensure 'Minimum Special Characters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.3.6 Ensure 'Minimum Special Characters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 daysPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 daysPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 daysPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3Palo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3Palo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.9 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwordsPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.10 Ensure KMS encryption keys are rotated within a period of 90 daysGCPCIS Google Cloud Platform v1.1.0 L1
1.11 Do not setup access keys during initial user setup for all IAM users that have a console passwordamazon_awsCIS Amazon Web Services Foundations L1 1.4.0
1.11 Ensure that Separation of duties is enforced while assigning KMS related roles to usersGCPCIS Google Cloud Platform v1.1.0 L2
1.12 Ensure API keys are not created for a projectGCPCIS Google Cloud Platform v1.1.0 L2
1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.13 Ensure API keys are restricted to use by only specified Hosts and AppsGCPCIS Google Cloud Platform v1.1.0 L1
1.13 Ensure that 'Members can invite' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.14 Ensure access keys are rotated every 90 days or lessamazon_awsCIS Amazon Web Services Foundations L1 1.4.0
1.14 Ensure API keys are restricted to only APIs that application needs accessGCPCIS Google Cloud Platform v1.1.0 L1
1.14 Ensure that 'Guests can invite' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.15 Ensure API keys are rotated every 90 daysGCPCIS Google Cloud Platform v1.1.0 L1
1.15 Ensure IAM Users Receive Permissions Only Through Groupsamazon_awsCIS Amazon Web Services Foundations L1 1.4.0
1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.21 Ensure that no custom subscription owner roles are created - Action Typesmicrosoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.21 Ensure that no custom subscription owner roles are created - Assignable Scopemicrosoft_azureCIS Microsoft Azure Foundations v1.3.1 L2