CSCv7|5.3

Title

Securely Store Master Images

Description

Store the master images and templates on securely configured servers, validated with integrity monitoring tools, to ensure that only authorized changes to the images are possible.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS Aliyun Linux 2 L1 v1.0.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf/sysctl.d	Unix	CIS Aliyun Linux 2 L1 v1.0.0
2.4.2 Ensure 'Snapshot' is set	CheckPoint	CIS Check Point Firewall L1 v1.1.0
2.4.3 Configuring Scheduled Backups	CheckPoint	CIS Check Point Firewall L1 v1.1.0
5.1.4 Ensure only trusted container images are used	GCP	CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2
5.1.4 Ensure only trusted container images are used	GCP	CIS Google Kubernetes Engine (GKE) v1.7.0 L2
5.5.5 Ensure Shielded GKE Nodes are Enabled	GCP	CIS Google Kubernetes Engine (GKE) v1.7.0 L1
5.5.6 Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled	GCP	CIS Google Kubernetes Engine (GKE) v1.7.0 L1
5.5.7 Ensure Secure Boot for Shielded GKE Nodes is Enabled	GCP	CIS Google Kubernetes Engine (GKE) v1.7.0 L2
6.1 Ensure that image sprawl is avoided	Unix	CIS Docker v1.7.0 L1 Docker - Linux

Detections

Analytics

CSCv7|5.3

Title

Description

Reference Item Details

Audit Items