Detections
Analytics

CSCv7|9.5

Title

Implement Application Firewalls

Description

Place application firewalls in front of any critical servers to verify and validate the traffic going to the server. Any unauthorized traffic should be blocked and logged.

Reference Item Details

Category: Limitation and Control of Network Ports, Protocols, and Services

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 13.0 Ventura Cloud-tailored v1.0.0 L1
2.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1
2.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 13.0 Ventura v2.0.0 L1
2.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 14.0 Sonoma v1.0.0 L1
2.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 13.0 Ventura v1.0.0 L1
2.4.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 11.0 Big Sur v3.0.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 12.0 Monterey v2.1.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 10.15 v2.1.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 11 v2.1.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 12.0 Monterey v2.0.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 12.0 Monterey v3.0.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 12.0 Monterey v1.1.0 L1
2.5.2.2 Ensure Firewall Is EnabledUnixCIS Apple macOS 12.0 Monterey v1.0.0 L1
2.5.2.2 Ensure Firewall Is EnabledUnixCIS Apple macOS 10.15 v2.0.0 L1
2.5.2.2 Ensure Firewall Is EnabledUnixCIS Apple macOS 10.14 v2.0.0 L1
2.5.2.2 Ensure Firewall Is EnabledUnixCIS Apple macOS 11 v2.0.0 L1
4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabledmicrosoft_azureCIS Microsoft Azure Foundations v1.3.1 L1
4.4.4 Apply Application Control Security Profile to PoliciesFortiGateCIS Fortigate 7.0.x v1.3.0 L1
4.4.4 Apply Application Control Security Profile to PoliciesFortiGateCIS Fortigate 7.0.x Level 1 v1.2.0
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Concurrent RequestsWindowsCIS IIS 10 v1.1.0 Level 1
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Concurrent RequestsWindowsCIS IIS 10 v1.1.1 Level 1
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Concurrent RequestsWindowsCIS IIS 10 v1.2.0 Level 1
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Concurrent RequestsWindowsCIS IIS 10 v1.2.1 Level 1
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - maxConcurrentRequestsWindowsCIS IIS 10 v1.2.0 Level 1
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - maxConcurrentRequestsWindowsCIS IIS 10 v1.2.1 Level 1
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - maxConcurrentRequestsWindowsCIS IIS 10 v1.1.0 Level 1
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - maxConcurrentRequestsWindowsCIS IIS 10 v1.1.1 Level 1
5.1.1 Ensure allow and deny filters limit access to specific IP addressesUnixCIS NGINX Benchmark v2.0.0 L2 Proxy
5.1.1 Ensure allow and deny filters limit access to specific IP addressesUnixCIS NGINX Benchmark v2.0.1 L2 Webserver
5.1.1 Ensure allow and deny filters limit access to specific IP addressesUnixCIS NGINX Benchmark v2.0.0 L2 Loadbalancer
5.1.1 Ensure allow and deny filters limit access to specific IP addressesUnixCIS NGINX Benchmark v2.0.1 L2 Proxy
5.1.1 Ensure allow and deny filters limit access to specific IP addressesUnixCIS NGINX Benchmark v1.0.0 L2 Loadbalancer
5.1.1 Ensure allow and deny filters limit access to specific IP addressesUnixCIS NGINX Benchmark v1.0.0 L2 Webserver
5.1.1 Ensure allow and deny filters limit access to specific IP addressesUnixCIS NGINX Benchmark v1.0.0 L2 Proxy
5.1.1 Ensure allow and deny filters limit access to specific IP addressesUnixCIS NGINX Benchmark v2.0.0 L2 Webserver
5.1.1 Ensure allow and deny filters limit access to specific IP addressesUnixCIS NGINX Benchmark v2.0.1 L2 Loadbalancer
5.3.1 Ensure that the CNI in use supports Network PoliciesUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
5.3.1 Ensure that the CNI in use supports Network PoliciesUnixCIS Kubernetes Benchmark v1.9.0 L1 Master
5.3.1 Ensure that the CNI in use supports Network PoliciesOpenShiftCIS RedHat OpenShift Container Platform 4 v1.4.0 L1
5.3.1 Ensure that the CNI in use supports Network PoliciesOpenShiftCIS RedHat OpenShift Container Platform v1.6.0 L1
5.3.1 Ensure that the CNI in use supports Network PoliciesUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
5.3.1 Ensure that the CNI in use supports Network PoliciesOpenShiftCIS RedHat OpenShift Container Platform 4 v1.2.0 L1
5.3.1 Ensure that the CNI in use supports Network PoliciesOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
5.3.1 Ensure that the CNI in use supports Network PoliciesUnixCIS Kubernetes Benchmark v1.7.1 L1 Master
5.21 Ensure the default seccomp profile is not DisabledUnixCIS Docker v1.3.1 L1 Docker Linux
5.21 Ensure the default seccomp profile is not DisabledUnixCIS Docker v1.5.0 L1 Docker Linux
5.22 Ensure the default seccomp profile is not DisabledUnixCIS Docker v1.6.0 L1 Docker Linux