CSCv7|4

Title

Controlled Use of Administrative Privileges

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Controlled Use of Administrative Privileges

Audit Items

Name	Plugin	Audit Name
1.1 Ensure a separate user and group exist for Cassandra - group	Unix	CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - group	Unix	CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - passwd	Unix	CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - passwd	Unix	CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - user exists in group	Unix	CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - user exists in group	Unix	CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1.2 Ensure only trusted users are allowed to control Docker daemon	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.2 Ensure that the API server pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.2 Ensure that the API server pod specification file ownership is set to root:root	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.1.2 Ensure that the API server pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.2 Ensure that the API server pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:root	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:root	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.8 Ensure that the etcd pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.8 Ensure that the etcd pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.8 Ensure that the etcd pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.8 Ensure that the etcd pod specification file ownership is set to root:root	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.1.10 Ensure that the Container Network Interface file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.10 Ensure that the Container Network Interface file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.10 Ensure that the Container Network Interface file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.10 Ensure that the Container Network Interface file ownership is set to root:root	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.1.14 Ensure that the admin.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.14 Ensure that the admin.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.14 Ensure that the admin.conf file ownership is set to root:root	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.1.14 Ensure that the admin.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:root	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictive	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictive	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictive	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictive	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.1 Set 'privilege 1' for local users - 'All users have encrypted passwords'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.2.1 Set 'privilege 1' for local users - 'No users with privileges 2-15'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.3.1 Ensure sudo is installed	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v3.1.0
1.3.1 Ensure sudo is installed	Unix	CIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.3.1 Ensure sudo is installed	Unix	CIS SUSE Linux Enterprise Server 12 L1 v3.1.0
1.13 Ensure there is only one active access key available for any single IAM user	amazon_aws	CIS Amazon Web Services Foundations L1 2.0.0
1.16 Ensure IAM policies that allow full ':' administrative privileges are not attached	amazon_aws	CIS Amazon Web Services Foundations L1 2.0.0

Detections

Analytics

CSCv7|4

Title

Reference Item Details

Audit Items