CSCv7|8.3

Title

Enable Operating System Anti-Exploitation Features/ Deploy Anti-Exploit Technologies

Description

Enable anti-exploitation features such as Data Execution Prevention (DEP) or Address Space Layout Randomization (ASLR) that are available in an operating system or deploy appropriate toolkits that can be configured to apply protection to a broader set of applications and executables.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Malware Defenses

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.36 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.36 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes Benchmark v1.9.0 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes Benchmark v1.7.1 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.9 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.9 Ensure that the APIPriorityAndFairness feature gate is enabled	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.9 Ensure that the APIPriorityAndFairness feature gate is enabled - ConfigMaps	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.2.9 Ensure that the APIPriorityAndFairness feature gate is enabled - ConfigMaps	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.9 Ensure that the APIPriorityAndFairness feature gate is enabled - FeatureGates	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.9 Ensure that the APIPriorityAndFairness feature gate is enabled - FeatureGates	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.2.9 Ensure that the APIPriorityAndFairness feature gate is enabled - Overrides	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.2.9 Ensure that the APIPriorityAndFairness feature gate is enabled - Overrides	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.10 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes Benchmark v1.5.1 L1
1.2.10 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.10 Ensure that the APIPriorityAndFairness feature gate is enabled - ConfigMaps	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.10 Ensure that the APIPriorityAndFairness feature gate is enabled - ConfigMaps	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.10 Ensure that the APIPriorityAndFairness feature gate is enabled - FeatureGates	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.10 Ensure that the APIPriorityAndFairness feature gate is enabled - FeatureGates	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.10 Ensure that the APIPriorityAndFairness feature gate is enabled - Overrides	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.10 Ensure that the APIPriorityAndFairness feature gate is enabled - Overrides	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.4.1 Ensure address space layout randomization (ASLR) is enabled	Unix	CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server
1.4.1 Ensure address space layout randomization (ASLR) is enabled	Unix	CIS Amazon Linux 2 v3.0.0 L1
1.4.1 Ensure address space layout randomization (ASLR) is enabled	Unix	CIS CentOS Linux 7 v4.0.0 L1 Server
1.4.1 Ensure address space layout randomization (ASLR) is enabled	Unix	CIS Oracle Linux 7 v4.0.0 L1 Server
1.4.1 Ensure address space layout randomization (ASLR) is enabled	Unix	CIS AlmaLinux OS 8 Server L1 v3.0.0
1.4.1 Ensure address space layout randomization (ASLR) is enabled	Unix	CIS Red Hat EL8 Workstation L1 v3.0.0
1.4.1 Ensure address space layout randomization (ASLR) is enabled	Unix	CIS AlmaLinux OS 8 Workstation L1 v3.0.0
1.4.1 Ensure address space layout randomization (ASLR) is enabled	Unix	CIS Oracle Linux 8 Server L1 v3.0.0
1.20.1 Ensure 'Configure Microsoft Defender SmartScreen' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.1.0
1.20.1 Ensure 'Configure Microsoft Defender SmartScreen' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v2.0.0
1.20.2 Ensure 'Configure Microsoft Defender SmartScreen to block potentially unwanted apps' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.1.0
1.20.2 Ensure 'Configure Microsoft Defender SmartScreen to block potentially unwanted apps' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v2.0.0
1.20.3 Ensure 'Enable Microsoft Defender SmartScreen DNS requests' is set to 'Disabled'	Windows	CIS Microsoft Edge L1 v2.0.0
1.20.3 Ensure 'Enable Microsoft Defender SmartScreen DNS requests' is set to 'Disabled'	Windows	CIS Microsoft Edge L1 v1.1.0
1.20.4 Ensure 'Force Microsoft Defender SmartScreen checks on downloads from trusted sources' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.1.0
1.20.4 Ensure 'Force Microsoft Defender SmartScreen checks on downloads from trusted sources' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v2.0.0
1.20.5 Ensure 'Prevent bypassing Microsoft Defender SmartScreen prompts for sites' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.1.0
1.20.5 Ensure 'Prevent bypassing Microsoft Defender SmartScreen prompts for sites' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v2.0.0
1.20.6 Ensure 'Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.1.0
1.20.6 Ensure 'Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v2.0.0
1.22.1 Ensure 'Configure Edge TyposquattingChecker' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v1.1.0
1.22.1 Ensure 'Configure Edge TyposquattingChecker' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v2.0.0
1.23 Ensure 'Ads setting for sites with intrusive ads' is set to 'Enabled: Block ads on sites with intrusive ads'	Windows	CIS Microsoft Edge L1 v1.1.0
1.23 Ensure 'Ads setting for sites with intrusive ads' is set to 'Enabled: Block ads on sites with intrusive ads'	Windows	CIS Microsoft Edge L1 v2.0.0
1.24 Ensure 'Allow download restrictions' is set to 'Enabled: Block malicious downloads'	Windows	CIS Microsoft Edge L1 v2.0.0
1.24 Ensure 'Allow download restrictions' is set to 'Enabled: Block potentially dangerous downloads'	Windows	CIS Microsoft Edge L1 v1.1.0

Detections

Analytics

CSCv7|8.3

Title

Description

Reference Item Details

Audit Items