CSCv7|4.7

Title

Limit Access to Script Tools

Description

Limit access to scripting tools (such as Microsoft PowerShell and Python) to only administrative or development users with the need to access those capabilities.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.2 Give the BIND User Account an Invalid ShellUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
2.2 Give the BIND User Account an Invalid ShellUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
2.2.10 Ensure 'UTL_FILE_DIR' Is EmptyOracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
2.2.10 Ensure 'UTL_FILE_DIR' Is EmptyOracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 10 L1 v1.1.0
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 8 L1 v1.1.0
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 9 L1 v1.2.0
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 10 L1 v1.1.0 Middleware
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
3.1 Set a nondeterministic Shutdown command valueUnixCIS Apache Tomcat 8 L1 v1.1.0 Middleware
4.1 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
4.1 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
4.1 Ensure That Instances Are Not Configured To Use the Default Service AccountGCPCIS Google Cloud Platform v3.0.0 L1
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
4.2 Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIsGCPCIS Google Cloud Platform v3.0.0 L1
4.4 Ensure 'local_infile' Is DisabledMySQLDBCIS MySQL 5.6 Enterprise Database L1 v2.0.0
4.4 Ensure 'local_infile' Is DisabledMySQLDBCIS MySQL 5.6 Community Database L1 v2.0.0
4.4 Harden Usage for 'local_infile' on MariaDB ClientsMySQLDBCIS MariaDB 10.6 Database L1 v1.1.0
4.4 Harden Usage for 'local_infile' on MariaDB ClientsUnixCIS MariaDB 10.6 on Linux L1 v1.1.0
4.4 Harden Usage for 'local_infile' on MySQL ClientsUnixCIS MySQL 8.0 Community Linux OS L1 v1.0.0
4.4 Harden Usage for 'local_infile' on MySQL ClientsMySQLDBCIS MySQL 5.7 Community Database L1 v2.0.0
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 8 L2 v1.1.0
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 10 L1 v1.1.0
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 10 L1 v1.1.0 Middleware
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 8 L2 v1.1.0 Middleware
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 9 L1 v1.2.0
10.2 Restrict access to the web administration applicationUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.3 Restrict manager applicationUnixCIS Apache Tomcat 10 L2 v1.1.0 Middleware
10.3 Restrict manager applicationUnixCIS Apache Tomcat 9 L2 v1.2.0 Middleware
10.3 Restrict manager applicationUnixCIS Apache Tomcat 10 L2 v1.1.0
10.3 Restrict manager applicationUnixCIS Apache Tomcat 8 L2 v1.1.0 Middleware
10.3 Restrict manager applicationUnixCIS Apache Tomcat 8 L2 v1.1.0
10.3 Restrict manager applicationUnixCIS Apache Tomcat 9 L2 v1.2.0
10.13 Do not run applications as privilegedUnixCIS Apache Tomcat 10 L1 v1.1.0
10.13 Do not run applications as privilegedUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.13 Do not run applications as privilegedUnixCIS Apache Tomcat 10 L1 v1.1.0 Middleware
10.13 Do not run applications as privilegedUnixCIS Apache Tomcat 9 L1 v1.2.0
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 10 L1 v1.1.0
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 10 L1 v1.1.0 Middleware
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 9 L1 v1.2.0
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.14 Do not run applications as privilegedUnixCIS Apache Tomcat 8 L1 v1.1.0 Middleware
10.14 Do not run applications as privilegedUnixCIS Apache Tomcat 8 L1 v1.1.0
10.15 Do not allow cross context requestsUnixCIS Apache Tomcat 8 L1 v1.1.0
10.15 Do not allow cross context requestsUnixCIS Apache Tomcat 8 L1 v1.1.0 Middleware