CSCv7|4.7

Title

Limit Access to Script Tools

Description

Limit access to scripting tools (such as Microsoft PowerShell and Python) to only administrative or development users with the need to access those capabilities.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.2 Give the BIND User Account an Invalid ShellUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
2.2 Give the BIND User Account an Invalid ShellUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
2.3.5.1 Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only)WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
2.3.5.1 Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only)WindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 8 L1 v1.1.0
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 10 L1 v1.0.0
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 10 L1 v1.0.0 Middleware
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 9 L1 v1.2.0
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 8 L1 v1.1.0 Middleware
4.1 Ensure That Instances Are Not Configured To Use the Default Service AccountGCPCIS Google Cloud Platform v1.3.0 L1
4.1.4 Minimize access to create podsGCPCIS Google Kubernetes Engine (GKE) v1.3.0 L1
4.2 Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIsGCPCIS Google Cloud Platform v1.3.0 L1
5.5 Ensure the Default CGI Content printenv Script Is RemovedUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
5.5 Ensure the Default CGI Content printenv Script Is RemovedUnixCIS Apache HTTP Server 2.4 L1 v2.0.0
5.5 Ensure the Default CGI Content printenv Script Is RemovedUnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
5.5 Ensure the Default CGI Content printenv Script Is RemovedUnixCIS Apache HTTP Server 2.4 L1 v2.0.0 Middleware
5.5 Ensure the Default CGI Content printenv Script Is RemovedUnixCIS Apache HTTP Server 2.2 L1 v3.6.0
5.6 Ensure the Default CGI Content test-cgi Script Is RemovedUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
5.6 Ensure the Default CGI Content test-cgi Script Is RemovedUnixCIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware
5.6 Ensure the Default CGI Content test-cgi Script Is RemovedUnixCIS Apache HTTP Server 2.2 L1 v3.6.0
5.6 Ensure the Default CGI Content test-cgi Script Is RemovedUnixCIS Apache HTTP Server 2.4 L1 v2.0.0
5.6 Ensure the Default CGI Content test-cgi Script Is RemovedUnixCIS Apache HTTP Server 2.4 L1 v2.0.0 Middleware
6.6.5 Ensure all Custom Login Classes Forbid Shell AccessJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.3.2 Ensure XNM-SSL Connection Limit is SetJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.3.3 Ensure XNM-SSL Rate Limit is SetJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.4.1 Ensure NETCONF Rate Limit is SetJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.4.2 Ensure NETCONF Connection Limit is SetJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.5.9 Ensure REST Connection Limit is SetJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.5.10 Ensure REST Service Address is SetJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.5.11 Ensure REST Service Address is Set to OOB Management OnlyJuniperCIS Juniper OS Benchmark v2.1.0 L2
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 8 L2 v1.1.0 Middleware
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 9 L1 v1.2.0
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 8 L2 v1.1.0
10.3 Restrict manager applicationUnixCIS Apache Tomcat 8 L2 v1.1.0
10.3 Restrict manager applicationUnixCIS Apache Tomcat 9 L2 v1.2.0
10.3 Restrict manager applicationUnixCIS Apache Tomcat 9 L2 v1.2.0 Middleware
10.3 Restrict manager applicationUnixCIS Apache Tomcat 8 L2 v1.1.0 Middleware
10.13 Do not run applications as privilegedUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.13 Do not run applications as privilegedUnixCIS Apache Tomcat 9 L1 v1.2.0
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 9 L1 v1.2.0
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 10 L1 v1.0.0
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 10 L1 v1.0.0 Middleware
10.14 Do not run applications as privilegedUnixCIS Apache Tomcat 8 L1 v1.1.0
10.14 Do not run applications as privilegedUnixCIS Apache Tomcat 8 L1 v1.1.0 Middleware
10.15 Do not allow cross context requestsUnixCIS Apache Tomcat 8 L1 v1.1.0 Middleware
10.15 Do not allow cross context requestsUnixCIS Apache Tomcat 8 L1 v1.1.0