CSCv7|9

Title

Limitation and Control of Network Ports, Protocols, and Services

Reference Item Details

Category: Limitation and Control of Network Ports, Protocols, and Services

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2 Ensure 'Allow gnubby authentication for remote access hosts' is set to 'Disabled'.WindowsCIS Google Chrome L1 v2.0.0
1.2 Do Not Install a Multi-Use System - chkconfigUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
1.2 Do Not Install a Multi-Use System - chkconfigUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
1.2 Do Not Install a Multi-Use System - systemctlUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
1.2 Do Not Install a Multi-Use System - systemctlUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriateUnixCIS Kubernetes Benchmark v1.9.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes Benchmark v1.7.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificateUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes Benchmark v1.7.1 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.4 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - keyUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes Benchmark v1.7.1 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.5 Ensure that the --kubelet-certificate-authority argument is set as appropriateUnixCIS Kubernetes Benchmark v1.9.0 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not usedUnixCIS Kubernetes Benchmark v1.7.1 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not usedUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not usedUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not usedUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not usedUnixCIS Kubernetes Benchmark v1.8.0 L2 Master
1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes Benchmark v1.5.1 L1
1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes Benchmark v1.5.1 L1
1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.3 Dedicated Name Server RoleUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
1.3 Dedicated Name Server RoleUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
2.2 Ensure 'Protect RE' Firewall Filter includes explicit terms for all Management ServicesJuniperCIS Juniper OS Benchmark v2.1.0 L2
2.2 Ensure network traffic is restricted between containers on the default bridgeUnixCIS Docker v1.5.0 L1 Docker Linux
2.2 Ensure network traffic is restricted between containers on the default bridgeUnixCIS Docker v1.3.1 L1 Docker Linux
2.2 Ensure network traffic is restricted between containers on the default bridgeUnixCIS Docker v1.6.0 L1 Docker Linux
2.4 Ensure 'Protect RE' Firewall Filter includes explicit terms for all ProtocolsJuniperCIS Juniper OS Benchmark v2.1.0 L2
2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
2.7 Ensure that a unique Certificate Authority is used for etcdUnixCIS Kubernetes Benchmark v1.6.1 L2 Master
2.7 Ensure that a unique Certificate Authority is used for etcdUnixCIS Kubernetes Benchmark v1.5.1 L2