CSCv7|4

Title

Controlled Use of Administrative Privileges

Reference Item Details

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure a separate user and group exist for Cassandra - groupUnixCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - groupUnixCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - passwdUnixCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - passwdUnixCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - user exists in groupUnixCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - user exists in groupUnixCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1.2 Ensure only trusted users are allowed to control Docker daemonUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.2 Ensure that the API server pod specification file ownership is set to root:rootUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.2 Ensure that the API server pod specification file ownership is set to root:rootUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.2 Ensure that the API server pod specification file ownership is set to root:rootUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:rootUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:rootUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:rootUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:rootUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:rootUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:rootUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.8 Ensure that the etcd pod specification file ownership is set to root:rootUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.8 Ensure that the etcd pod specification file ownership is set to root:rootUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.8 Ensure that the etcd pod specification file ownership is set to root:rootUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.10 Ensure that the Container Network Interface file ownership is set to root:rootUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.10 Ensure that the Container Network Interface file ownership is set to root:rootUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.10 Ensure that the Container Network Interface file ownership is set to root:rootUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.14 Ensure that the admin.conf file ownership is set to root:rootUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.14 Ensure that the admin.conf file ownership is set to root:rootUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.14 Ensure that the admin.conf file ownership is set to root:rootUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:rootUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:rootUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:rootUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:rootUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:rootUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:rootUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictiveUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictiveUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictiveUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.1 Set 'privilege 1' for local users - 'All users have encrypted passwords'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.2.1 Set 'privilege 1' for local users - 'No users with privileges 2-15'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.2.15 Ensure that the admission control plugin NamespaceLifecycle is setUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.16 Ensure that the admission control plugin PodSecurityPolicy is setUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.17 Ensure that the admission control plugin NodeRestriction is setUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.3.1 Ensure sudo is installedUnixCIS SUSE Linux Enterprise Workstation 12 L1 v3.1.0
1.3.1 Ensure sudo is installedUnixCIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.3.1 Ensure sudo is installedUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.3.1 Ensure sudo is installedUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
1.3.1 Ensure sudo is installedUnixCIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
1.11 Ensure that Separation of duties is enforced while assigning KMS related roles to usersGCPCIS Google Cloud Platform v1.1.0 L2
1.13 Ensure there is only one active access key available for any single IAM useramazon_awsCIS Amazon Web Services Foundations L1 1.4.0
1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L1
1.16 Ensure IAM policies that allow full '*:*' administrative privileges are not attached - *:* administrative privileges are not attachedamazon_awsCIS Amazon Web Services Foundations L1 1.4.0
1.21 Ensure that no custom subscription owner roles are created - Action Typesmicrosoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.21 Ensure that no custom subscription owner roles are created - Assignable Scopemicrosoft_azureCIS Microsoft Azure Foundations v1.3.1 L2