CSCv7|4.7

Title

Limit Access to Script Tools

Description

Limit access to scripting tools (such as Microsoft PowerShell and Python) to only administrative or development users with the need to access those capabilities.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.2 Give the BIND User Account an Invalid ShellUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
2.2 Give the BIND User Account an Invalid ShellUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
2.2.10 Ensure 'UTL_FILE_DIR' Is EmptyOracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
2.2.10 Ensure 'UTL_FILE_DIR' Is EmptyOracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
2.3.5.1 Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only)WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
2.3.5.1 Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only)WindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 8 L1 v1.1.0
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 10 L1 v1.1.0 Middleware
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 10 L1 v1.1.0
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 8 L1 v1.1.0 Middleware
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 9 L1 v1.2.0
4.1 Ensure That Instances Are Not Configured To Use the Default Service AccountGCPCIS Google Cloud Platform v2.0.0 L1
4.1.4 Minimize access to create podsGCPCIS Google Kubernetes Engine (GKE) v1.5.0 L1
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 19c DB Unified Auditing v1.1.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 19c DB Traditional Auditing v1.1.0
4.2 Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIsGCPCIS Google Cloud Platform v2.0.0 L1
4.4 Ensure 'local_infile' Is DisabledMySQLDBCIS MySQL 5.6 Enterprise Database L1 v2.0.0
4.4 Ensure 'local_infile' Is DisabledMySQLDBCIS MySQL 5.6 Community Database L1 v2.0.0
4.4 Harden Usage for 'local_infile' on MariaDB ClientsUnixCIS MariaDB 10.6 on Linux L1 v1.0.0
4.4 Harden Usage for 'local_infile' on MariaDB ClientsMySQLDBCIS MariaDB 10.6 Database L1 v1.0.0
4.4 Harden Usage for 'local_infile' on MySQL ClientsMySQLDBCIS MySQL 5.7 Community Database L1 v2.0.0
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 8 L2 v1.1.0 Middleware
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 9 L1 v1.2.0
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 10 L1 v1.1.0 Middleware
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 10 L1 v1.1.0
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 8 L2 v1.1.0
10.3 Restrict manager applicationUnixCIS Apache Tomcat 8 L2 v1.1.0
10.3 Restrict manager applicationUnixCIS Apache Tomcat 9 L2 v1.2.0
10.3 Restrict manager applicationUnixCIS Apache Tomcat 8 L2 v1.1.0 Middleware
10.3 Restrict manager applicationUnixCIS Apache Tomcat 9 L2 v1.2.0 Middleware
10.3 Restrict manager applicationUnixCIS Apache Tomcat 10 L2 v1.1.0 Middleware
10.3 Restrict manager applicationUnixCIS Apache Tomcat 10 L2 v1.1.0
10.13 Do not run applications as privilegedUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.13 Do not run applications as privilegedUnixCIS Apache Tomcat 10 L1 v1.1.0 Middleware
10.13 Do not run applications as privilegedUnixCIS Apache Tomcat 10 L1 v1.1.0
10.13 Do not run applications as privilegedUnixCIS Apache Tomcat 9 L1 v1.2.0
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 9 L1 v1.2.0
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 10 L1 v1.1.0 Middleware
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 10 L1 v1.1.0
10.14 Do not run applications as privilegedUnixCIS Apache Tomcat 8 L1 v1.1.0 Middleware
10.14 Do not run applications as privilegedUnixCIS Apache Tomcat 8 L1 v1.1.0
10.15 Do not allow cross context requestsUnixCIS Apache Tomcat 8 L1 v1.1.0 Middleware
10.15 Do not allow cross context requestsUnixCIS Apache Tomcat 8 L1 v1.1.0