• Tenable
  • Audits
  • Settings
    Links
    Tenable Cloud Tenable Community & Support Tenable University
    Theme
  • Tenable
  • Plugins
  • Overview
  • Plugins Pipeline
  • Newest
  • Updated
  • Search
  • Nessus Families
  • WAS Families
  • NNM Families
  • LCE Families
  • Tenable OT Security Families
  • About Plugin Families
  • Release Notes
  • Audits
  • Overview
  • Newest
  • Updated
  • Search Audit Files
  • Search Items
  • References
  • Authorities
  • Documentation
  • Download All Audit Files
  • Indicators
  • Overview
  • Search
  • Indicators of Attack
  • Indicators of Exposure
  • CVEs
  • Overview
  • Newest
  • Updated
  • Search
  • Attack Path Techniques
  • Overview
  • Search
    • Links
    • Tenable Cloud
    • Tenable Community & Support
    • Tenable University
    • Settings
    • Theme
Detections
  • Plugins
  • Overview
  • Plugins Pipeline
  • Release Notes
  • Newest
  • Updated
  • Search
  • Nessus Families
  • WAS Families
  • NNM Families
  • LCE Families
  • Tenable OT Security Families
  • About Plugin Families
  • Audits
  • Overview
  • Newest
  • Updated
  • Search Audit Files
  • Search Items
  • References
  • Authorities
  • Documentation
  • Download All Audit Files
  • Indicators
  • Overview
  • Search
  • Indicators of Attack
  • Indicators of Exposure
Analytics
  • CVEs
  • Overview
  • Newest
  • Updated
  • Search
  • Attack Path Techniques
  • Overview
  • Search
  1. Audits
  2. References
  3. CSCv7
  4. 5.3
  1. CSCv7

CSCv7|5.3

Title

Securely Store Master Images

Description

Store the master images and templates on securely configured servers, validated with integrity monitoring tools, to ensure that only authorized changes to the images are possible.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Aliyun Linux 2 L1 v1.0.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf/sysctl.dUnixCIS Aliyun Linux 2 L1 v1.0.0
2.4.2 Ensure 'Snapshot' is setCheckPointCIS Check Point Firewall L1 v1.1.0
2.4.3 Configuring Scheduled BackupsCheckPointCIS Check Point Firewall L1 v1.1.0
5.1.4 Ensure only trusted container images are usedGCPCIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2
5.1.4 Ensure only trusted container images are usedGCPCIS Google Kubernetes Engine (GKE) v1.7.0 L2
5.5.5 Ensure Shielded GKE Nodes are EnabledGCPCIS Google Kubernetes Engine (GKE) v1.7.0 L1
5.5.6 Ensure Integrity Monitoring for Shielded GKE Nodes is EnabledGCPCIS Google Kubernetes Engine (GKE) v1.7.0 L1
5.5.7 Ensure Secure Boot for Shielded GKE Nodes is EnabledGCPCIS Google Kubernetes Engine (GKE) v1.7.0 L2
6.1 Ensure that image sprawl is avoidedUnixCIS Docker v1.7.0 L1 Docker - Linux
  • Tenable.com
  • Community & Support
  • Documentation
  • Education
  • © 2025 Tenable®, Inc. All Rights Reserved
  • Privacy Policy
  • Legal
  • 508 Compliance