CIS OCI 1.2.0 | Lacework Documentation

📄️ 1.2

Give permissions on all resources only to the tenancy administrator group (Automated)

📄️ 1.3

Ensure Identity and Access Management (IAM) administrators cannot update tenancy Administrators group (Automated)

📄️ 1.7

Enable Multi-Factor Authentication (MFA) for all users with console password capability (Automated)

📄️ 1.8

Ensure user API keys rotate every 90 days (Automated)

📄️ 1.9

Ensure user customer secret keys rotate every 90 days (Automated)

📄️ 1.10

Ensure user auth tokens rotate within 90 days (Automated)

📄️ 1.11

Ensure API keys are not created for tenancy administrator users (Automated)

📄️ 2.1

Ensure no security lists allow ingress from 0.0.0.0/0 to port 22 (Automated)

📄️ 2.2

Ensure no security lists allow ingress from 0.0.0.0/0 to port 3389 (Automated)

📄️ 2.3

Ensure no network security groups allow ingress from 0.0.0.0/0 to port 22 (Automated)

📄️ 2.4

Ensure no network security groups allow ingress from 0.0.0.0/0 to port 3389 (Automated)

📄️ 2.5

Ensure the default security list of every Virtual Cloud Network (VCN) restricts all traffic except Internet Control Message Protocol (ICMP) (Automated)

📄️ 3.1

Set audit log retention period to 365 days (Manual)

📄️ 3.2

Use default tags on resources (Automated)

📄️ 4.1.1

Ensure no Object Storage buckets are publicly visible (Automated)

📄️ 4.1.2

Encrypt Object Storage Buckets with a Customer Managed Key (CMK) (Automated)

📄️ 4.1.3

Enable Versioning for Object Storage Buckets (Automated)

📄️ 4.2.1

Encrypt Block Volumes with Customer Managed Keys (CMK) (Automated)