CSCv7|4.3

Title

Ensure the Use of Dedicated Administrative Accounts

Description

Ensure that all users with administrative account access use a dedicated or secondary account for elevated activities. This account should only be used for administrative activities and not internet browsing, email, or similar activities.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2 Ensure that the API server pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.1.2 Ensure that the API server pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.1.2 Ensure that the API server pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.1.2 Ensure that the API server pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.1.8 Ensure that the etcd pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.1.8 Ensure that the etcd pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.1.8 Ensure that the etcd pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.1.8 Ensure that the etcd pod specification file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.1.10 Ensure that the Container Network Interface file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.1.10 Ensure that the Container Network Interface file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.1.10 Ensure that the Container Network Interface file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.1.10 Ensure that the Container Network Interface file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.1.14 Ensure that the admin.conf file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.1.14 Ensure that the admin.conf file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.1.14 Ensure that the kubeconfig file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.1.14 Ensure that the kubeconfig file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.1.16 Ensure that the Scheduler kubeconfig file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.1.16 Ensure that the Scheduler kubeconfig file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.1.16 Ensure that the scheduler.conf file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.1.16 Ensure that the scheduler.conf file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.1.18 Ensure that the Controller Manager kubeconfig file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.1.18 Ensure that the Controller Manager kubeconfig file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.1.19 Ensure that the OpenShift PKI directory and file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.1.19 Ensure that the OpenShift PKI directory and file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.1.19 Ensure that the OpenShift PKI directory and file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.1.19 Ensure that the OpenShift PKI directory and file ownership is set to root:rootOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.3.1 Ensure sudo is installedUnixCIS CentOS Linux 8 Workstation L1 v1.0.1
1.3.1 Ensure sudo is installedUnixCIS Oracle Linux 8 Server L1 v1.0.1
1.3.1 Ensure sudo is installedUnixCIS Red Hat EL8 Server L1 v1.0.1
1.3.1 Ensure sudo is installedUnixCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
1.16 Ensure That 'Restrict access to Microsoft Entra admin center' is Set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L1
1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v1.5.0 L1
1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
1.24 Ensure That 'Subscription leaving Microsoft Entra ID directory' and 'Subscription entering Microsoft Entra ID directory' Is Set To 'Permit No One'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L2
1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'microsoft_azureCIS Microsoft Azure Foundations v2.0.0 L2
1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'microsoft_azureCIS Microsoft Azure Foundations v1.5.0 L2