This page provides a list of recommended secure configuration checks for Rubrik CDM, and is periodically updated. Rubrik CDM is a software platform that manages data for use cases such as backup, disaster recovery, archival, compliance, analytics, and copy data management.
Interested to learn about StorageGuard Benchmark Checks for Rubrik? |
||
|
|
ID | System | Category | Configuration check |
K1433I00P0100 | Rubrik CDM | Access Control | Banner status |
K0633I0MP0105 | Rubrik CDM | Access Control | Client pattern for managed volumes |
K1433I0MP0110 | Rubrik CDM | Access Control | Cross-origin resource sharing enabled |
K1433I0MP0115 | Rubrik CDM | Access Control | Emergency account |
K1433I00P0120 | Rubrik CDM | Access Control | File share IP access list |
K0233I0MP0125 | Rubrik CDM | Access Control | Idle session timeout |
K1433I0M00130 | Rubrik CDM | Access Control | IPMI ADMIN disabled |
K143300MP0135 | Rubrik CDM | Access Control | IPMI SMC RAKP enabled |
K1433I0MP0140 | Rubrik CDM | Access Control | IPMI virtual media port disabled |
K1433I00P0145 | Rubrik CDM | Access Control | Node connection via Proxy status |
K1433I00P0150 | Rubrik CDM | Access Control | Shared accounts |
K0733I00P0155 | Rubrik CDM | Access Control | Support data movement status |
K1433I0MP0160 | Rubrik CDM | Access Control | Support tunnel enabled on current node |
K1433I0M00165 | Rubrik CDM | Access Control | support tunnel service |
K1433I0MP0170 | Rubrik CDM | Access Control | support tunnel absolute timeout |
K1433I0MP0175 | Rubrik CDM | Access Control | support tunnel inactivity timeout |
K1433I0MP0180 | Rubrik CDM | Access Control | Unique user accounts |
K0133I0MP0185 | Rubrik CDM | Access Control | Max web sessions per user |
K143300MP0190 | Rubrik CDM | Access Control | Session timeout |
K1433I0MP0195 | Rubrik CDM | Audit | Centralized log server |
K1433I0MP0200 | Rubrik CDM | Audit | Centralized log server redundancy |
K1433I0MP0205 | Rubrik CDM | Audit | Event types enabled for audit logging |
K1433I0000210 | Rubrik CDM | Audit | Log Frequency status |
K1433I0MP0215 | Rubrik CDM | Audit | NTP server redundancy |
K1433I0MP0220 | Rubrik CDM | Audit | NTP server secure connection status |
K1433I0MP0225 | Rubrik CDM | Audit | NTP service status |
K1433I0MP0230 | Rubrik CDM | Audit | Syslog protocol |
K0833I0MP0235 | Rubrik CDM | Audit | UTC time |
K1433I0MP0240 | Rubrik CDM | Authentication | Account lockout threshold |
K1433I0MP0245 | Rubrik CDM | Authentication | API authentication method |
K1433I0MP0250 | Rubrik CDM | Authentication | Federated Login disabled |
K1433I0MP0255 | Rubrik CDM | Authentication | Identity Provider redundancy |
K1433I00P0260 | Rubrik CDM | Authentication | identity provider Status |
K1033I0MP0265 | Rubrik CDM | Authentication | IPMI default password |
K143300M00270 | Rubrik CDM | Authentication | LDAP server configuration |
K1433I0MP0275 | Rubrik CDM | Authentication | Minimum account lockout duration |
K1433I0MP0280 | Rubrik CDM | Authentication | Minimum password digits |
K1433I0MP0285 | Rubrik CDM | Authentication | Minimum password length |
K1433I0MP0290 | Rubrik CDM | Authentication | Minimum password lowercase |
K1433I0MP0295 | Rubrik CDM | Authentication | Minimum password special characters |
K1433I0MP0300 | Rubrik CDM | Authentication | Minimum password uppercase |
K1433I0MP0305 | Rubrik CDM | Authentication | Multi Factor Authentication/RSA server |
K0933I0MP0310 | Rubrik CDM | Authentication | Multi Factor Authentication/TOTP |
K1433I0MP0315 | Rubrik CDM | Authentication | NFS authentication |
K1433I0MP0320 | Rubrik CDM | Authentication | NFS kerberos configuration |
K1433I0MP0325 | Rubrik CDM | Authentication | Non-default local user accounts |
K1433I0MP0330 | Rubrik CDM | Authentication | Password rules status |
K1433I0000335 | Rubrik CDM | Authentication | Reuse of past passwords |
K1433I0MP0340 | Rubrik CDM | Authentication | SNMP community default string |
K1433I0MP0345 | Rubrik CDM | Authentication | SSO Disabled |
K1433I0MP0350 | Rubrik CDM | Authentication | Time-based one-time password status |
K0733I0MP0355 | Rubrik CDM | Authorization | Approved Admin user/group |
K0733I0MP0357 | Rubrik CDM | Authorization | Quorum authorization |
K1433I0MP0360 | Rubrik CDM | Backup and Recovery | Data retention mode |
K1433I0MP0365 | Rubrik CDM | Backup and Recovery | Local retention lock limit |
K1433I0MP0370 | Rubrik CDM | Backup and Recovery | Max retention lock |
K1433I0MP0375 | Rubrik CDM | Backup and Recovery | Remote replication |
K1433I0MP0380 | Rubrik CDM | Backup and Recovery | Retention lock enabled |
K143300MP0385 | Rubrik CDM | Backup and Recovery | Retention lock status |
K1433I00P0390 | Rubrik CDM | Backup and Recovery | SLA domain status |
K0933I0M00395 | Rubrik CDM | Backup and Recovery | WORM SLA domain status |
K0233I0MP0400 | Rubrik CDM | Configuration Management | DNS server redundancy |
K0233I0MP0405 | Rubrik CDM | Configuration Management | DNS service status |
K1433I0MP0410 | Rubrik CDM | Configuration Management | Exclude important file types from search results |
K1433I0MP0415 | Rubrik CDM | Configuration Management | IPv6 status |
K1433I0MP0420 | Rubrik CDM | Configuration Management | OS version check |
K1433I0MP0425 | Rubrik CDM | Configuration Management | Target BIOS version |
K1433I0MP0430 | Rubrik CDM | Configuration Management | Target BMC version |
K1433I0MP0435 | Rubrik CDM | Configuration Management | Target Rubrik CDM version |
K1433I0MP0440 | Rubrik CDM | Configuration Management | Target Rubrik edge version |
K1433I0MP0445 | Rubrik CDM | Configuration Management | TCP SACK status |
K1433I0MP0450 | Rubrik CDM | Encryption | Certificate algorithm |
K1433I0MP0455 | Rubrik CDM | Encryption | Certificate expiry dates |
K0433I0MP0460 | Rubrik CDM | Encryption | Data in Transit encryption |
K1433I0MP0465 | Rubrik CDM | Encryption | Disk encryption |
K1433I0MP0470 | Rubrik CDM | Encryption | Encryption cipher type |
K1433I00P0475 | Rubrik CDM | Encryption | Encryption status |
K1433I0M00480 | Rubrik CDM | Encryption | Hardware encryption disabled |
K1433I0MP0485 | Rubrik CDM | Encryption | IPMI security |
K1433I0MP0490 | Rubrik CDM | Encryption | IPMI self-signed certificates |
K143300MP0495 | Rubrik CDM | Encryption | KEK rotation |
K1433I0MP0500 | Rubrik CDM | Encryption | Key Recovery disabled |
K0533I0MP0505 | Rubrik CDM | Encryption | Key Rotation disabled |
K1433I0MP0510 | Rubrik CDM | Encryption | KMIP client authentication mode |
K1433I0MP0515 | Rubrik CDM | Encryption | KMIP server configuration |
K1433I0MP0520 | Rubrik CDM | Encryption | KMIP status |
K1433I0MP0525 | Rubrik CDM | Encryption | KMS Client Password |
K1433I0MP0530 | Rubrik CDM | Encryption | KMS server redundancy |
K1433I0MP0535 | Rubrik CDM | Encryption | KMS servers configured |
K1433I0MP0540 | Rubrik CDM | Encryption | LDAP SSL |
K0533I0MP0545 | Rubrik CDM | Encryption | Password based encryption at-rest disabled |
K1433I0MP0550 | Rubrik CDM | Encryption | Replication encryption |
K1433I0MP0555 | Rubrik CDM | Encryption | SAP Hana SSL connection Trust store status |
K1433I0MP0560 | Rubrik CDM | Encryption | SNMP message privacy |
K1433I00P0565 | Rubrik CDM | Encryption | Software Encryption |
K1433I0MP0570 | Rubrik CDM | Encryption | TLS level |
K1433I0MP0575 | Rubrik CDM | Encryption | Trusted Certificate Issuer |
K1433I0MP0580 | Rubrik CDM | Hardening | Management and Data network separation |
K0233I0M00585 | Rubrik CDM | Monitoring | Email Alerts |
K1433I0MP0590 | Rubrik CDM | Monitoring | Notification policies |
K1433I0MP0595 | Rubrik CDM | Monitoring | Periodic checks |
K143300MP0600 | Rubrik CDM | Monitoring | SMTP server configuration |
K1433I0MP0605 | Rubrik CDM | Services and Protocols | FTP access |
K1433I0MP0610 | Rubrik CDM | Services and Protocols | HTTP access |
K1433I0MP0615 | Rubrik CDM | Services and Protocols | IP access list |
K1433I0MP0620 | Rubrik CDM | Services and Protocols | IPMI status |
K1433I0MP0625 | Rubrik CDM | Services and Protocols | REST access |
K0233I0MP0630 | Rubrik CDM | Services and Protocols | Secure SMB |
K1433I00P0635 | Rubrik CDM | Services and Protocols | SNMP Agent Status |
K1433I0MP0640 | Rubrik CDM | Services and Protocols | SNMP status |
K1433I0MP0645 | Rubrik CDM | Services and Protocols | SNMP version enabled |
K1433I0MP0650 | Rubrik CDM | Services and Protocols | SSH access |
K1433I0MP0655 | Rubrik CDM | Services and Protocols | SSH status |
K143300MP0660 | Rubrik CDM | Services and Protocols | Telnet access |
... and more. |
NOTE: Additional security baseline checks should be performed against Rubrik Archival Storage locations, Rubrik Edge, Rubrik Cloud Cluster, Rubrik Polaris and other Rubrik software components.
Interested to learn about StorageGuard Security Posture Management for Rubrik?
|
||
|
|
Comments
0 comments
Please sign in to leave a comment.