CSCv7|5.3

Title

Securely Store Master Images

Description

Store the master images and templates on securely configured servers, validated with integrity monitoring tools, to ensure that only authorized changes to the images are possible.

Reference Item Details

Category: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Aliyun Linux 2 L1 v1.0.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf/sysctl.dUnixCIS Aliyun Linux 2 L1 v1.0.0
2.4.2 Ensure 'Snapshot' is setCheckPointCIS Check Point Firewall L1 v1.1.0
2.4.3 Configuring Scheduled BackupsCheckPointCIS Check Point Firewall L1 v1.1.0
5.1.4 Ensure only trusted container images are usedGCPCIS Google Kubernetes Engine (GKE) v1.6.0 L2
5.1.4 Minimize Container Registries to only those approvedGCPCIS Google Kubernetes Engine (GKE) v1.1.0 L2 Master
5.1.4 Minimize Container Registries to only those approvedGCPCIS Google Kubernetes Engine (GKE) v1.3.0 L2
5.1.4 Minimize Container Registries to only those approvedGCPCIS Google Kubernetes Engine (GKE) v1.5.0 L1
5.1.4 Minimize Container Registries to only those approvedGCPCIS Google Kubernetes Engine (GKE) v1.4.0 L2
5.5.5 Ensure Shielded GKE Nodes are EnabledGCPCIS Google Kubernetes Engine (GKE) v1.4.0 L1
5.5.5 Ensure Shielded GKE Nodes are EnabledGCPCIS Google Kubernetes Engine (GKE) v1.6.0 L1
5.5.5 Ensure Shielded GKE Nodes are EnabledGCPCIS Google Kubernetes Engine (GKE) v1.5.0 L1
5.5.5 Ensure Shielded GKE Nodes are EnabledGCPCIS Google Kubernetes Engine (GKE) v1.3.0 L1
5.5.5 Ensure Shielded GKE Nodes are EnabledGCPCIS Google Kubernetes Engine (GKE) v1.1.0 L1 Master
5.5.6 Ensure Integrity Monitoring for Shielded GKE Nodes is EnabledGCPCIS Google Kubernetes Engine (GKE) v1.4.0 L1
5.5.6 Ensure Integrity Monitoring for Shielded GKE Nodes is EnabledGCPCIS Google Kubernetes Engine (GKE) v1.3.0 L1
5.5.6 Ensure Integrity Monitoring for Shielded GKE Nodes is EnabledGCPCIS Google Kubernetes Engine (GKE) v1.5.0 L1
5.5.6 Ensure Integrity Monitoring for Shielded GKE Nodes is EnabledGCPCIS Google Kubernetes Engine (GKE) v1.6.0 L1
5.5.6 Ensure Integrity Monitoring for Shielded GKE Nodes is EnabledGCPCIS Google Kubernetes Engine (GKE) v1.1.0 L1 Master
5.5.7 Ensure Secure Boot for Shielded GKE Nodes is EnabledGCPCIS Google Kubernetes Engine (GKE) v1.3.0 L2
5.5.7 Ensure Secure Boot for Shielded GKE Nodes is EnabledGCPCIS Google Kubernetes Engine (GKE) v1.4.0 L2
5.5.7 Ensure Secure Boot for Shielded GKE Nodes is EnabledGCPCIS Google Kubernetes Engine (GKE) v1.5.0 L2
5.5.7 Ensure Secure Boot for Shielded GKE Nodes is EnabledGCPCIS Google Kubernetes Engine (GKE) v1.1.0 L2 Master
5.5.7 Ensure Secure Boot for Shielded GKE Nodes is EnabledGCPCIS Google Kubernetes Engine (GKE) v1.6.0 L2
6.1 Ensure that image sprawl is avoidedUnixCIS Docker v1.6.0 L1 Docker Linux
6.1 Ensure that image sprawl is avoidedUnixCIS Docker v1.3.1 L1 Linux Host OS
6.1 Ensure that image sprawl is avoidedUnixCIS Docker v1.5.0 L1 Linux Host OS