CSCv7|18.11

Title

Use Standard Hardening Configuration Templates for Databases

Description

For applications that rely on a database, use standard hardening configuration templates. All systems that are part of critical business processes should also be tested.

Reference Item Details

Category: Application Software Security

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure the Pre-Installation Planning Checklist Has Been ImplementedUnixCIS Apache HTTP Server 2.4 L1 v2.1.0 Middleware
1.1 Ensure the Pre-Installation Planning Checklist Has Been ImplementedUnixCIS Apache HTTP Server 2.4 L1 v2.1.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2008 R2 DB Engine L1 v1.7.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2012 Database L1 DB v1.6.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2019 Database L1 DB v1.3.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2016 Database L1 AWS RDS v1.4.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2017 Database L1 DB v1.3.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2022 Database L1 AWS RDS v1.0.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2012 Database L1 AWS RDS v1.6.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2019 Database L1 AWS RDS v1.3.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2014 Database L1 AWS RDS v1.5.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2014 Database L1 DB v1.5.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2016 Database L1 DB v1.4.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2017 Database L1 AWS RDS v1.3.0
2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'MS_SQLDBCIS SQL Server 2022 Database L1 DB v1.0.0
2.17 Ensure 'clr strict security' Server Configuration Option is set to '1'MS_SQLDBCIS SQL Server 2022 Database L1 AWS RDS v1.0.0
2.17 Ensure 'clr strict security' Server Configuration Option is set to '1'MS_SQLDBCIS SQL Server 2019 Database L1 AWS RDS v1.3.0
2.17 Ensure 'clr strict security' Server Configuration Option is set to '1'MS_SQLDBCIS SQL Server 2022 Database L1 DB v1.0.0
2.17 Ensure 'clr strict security' Server Configuration Option is set to '1'MS_SQLDBCIS SQL Server 2019 Database L1 DB v1.3.0
2.18 Ensure 'clr strict security' Server Configuration Option is set to '1'MS_SQLDBCIS SQL Server 2017 Database L1 AWS RDS v1.3.0
2.18 Ensure 'clr strict security' Server Configuration Option is set to '1'MS_SQLDBCIS SQL Server 2017 Database L1 DB v1.3.0
4.1 Ensure legacy TLS protocols are disabledUnixCIS MongoDB 5 L2 OS Linux v1.2.0
4.1 Ensure legacy TLS protocols are disabledWindowsCIS MongoDB 5 L2 OS Windows v1.2.0
4.1 Ensure legacy TLS protocols are disabledWindowsCIS MongoDB 4 L2 OS Windows v1.0.0
4.1 Ensure legacy TLS protocols are disabledUnixCIS MongoDB 4 L2 OS Linux v1.0.0
4.1 Ensure legacy TLS protocols are disabledWindowsCIS MongoDB 6 L2 OS Windows v1.1.0
4.1 Ensure legacy TLS protocols are disabledUnixCIS MongoDB 6 L2 OS Linux v1.1.0
4.1 Ensure legacy TLS protocols are disabledUnixCIS MongoDB 7 L2 OS Linux v1.0.0
4.1 Ensure legacy TLS protocols are disabledWindowsCIS MongoDB 7 L2 OS Windows v1.0.0
5.5.5 Ensure Shielded GKE Nodes are EnabledGCPCIS Google Kubernetes Engine (GKE) v1.5.0 L1
6.1 Ensure 'Attack Vectors' Runtime Parameters are ConfiguredPostgreSQLDBCIS PostgreSQL 11 DB v1.0.0
6.1 Ensure 'Attack Vectors' Runtime Parameters are ConfiguredPostgreSQLDBCIS PostgreSQL 10 DB v1.0.0
6.1 Ensure 'Attack Vectors' Runtime Parameters are ConfiguredPostgreSQLDBCIS PostgreSQL 9.6 DB v1.0.0
6.1 Understanding attack vectors and runtime parametersPostgreSQLDBCIS PostgreSQL 16 DB v1.0.0
6.1 Understanding attack vectors and runtime parametersPostgreSQLDBCIS PostgreSQL 15 DB v1.1.0
6.1 Understanding attack vectors and runtime parametersPostgreSQLDBCIS PostgreSQL 13 DB v1.1.0
6.1 Understanding attack vectors and runtime parametersPostgreSQLDBCIS PostgreSQL 14 DB v1.1.0
6.1 Understanding attack vectors and runtime parametersPostgreSQLDBCIS PostgreSQL 12 DB v1.1.0
6.2 Ensure 'backend' runtime parameters are configured correctlyPostgreSQLDBCIS PostgreSQL 11 DB v1.0.0
6.2 Ensure 'backend' runtime parameters are configured correctlyPostgreSQLDBCIS PostgreSQL 10 DB v1.0.0
6.2 Ensure 'backend' runtime parameters are configured correctlyPostgreSQLDBCIS PostgreSQL 9.5 DB v1.1.0
6.2 Ensure 'backend' runtime parameters are configured correctlyPostgreSQLDBCIS PostgreSQL 12 DB v1.1.0
6.2 Ensure 'backend' runtime parameters are configured correctlyPostgreSQLDBCIS PostgreSQL 9.6 DB v1.0.0
6.2 Ensure 'backend' runtime parameters are configured correctlyPostgreSQLDBCIS PostgreSQL 15 DB v1.1.0
6.2 Ensure 'backend' runtime parameters are configured correctlyPostgreSQLDBCIS PostgreSQL 16 DB v1.0.0
6.2 Ensure 'backend' runtime parameters are configured correctly - ignore_system_indexesPostgreSQLDBCIS PostgreSQL 13 DB v1.1.0
6.2 Ensure 'backend' runtime parameters are configured correctly - ignore_system_indexesPostgreSQLDBCIS PostgreSQL 14 DB v1.1.0
6.2 Ensure 'backend' runtime parameters are configured correctly - jit_debugging_supportPostgreSQLDBCIS PostgreSQL 14 DB v1.1.0
6.2 Ensure 'backend' runtime parameters are configured correctly - jit_debugging_supportPostgreSQLDBCIS PostgreSQL 13 DB v1.1.0
6.2 Ensure 'backend' runtime parameters are configured correctly - jit_profiling_supportPostgreSQLDBCIS PostgreSQL 14 DB v1.1.0