This page provides a list of recommended secure configuration checks for Cohesity DataPlatform, and is periodically updated. Cohesity DataPlatform is a comprehensive data management solution that simplifies backup, recovery, and storage for businesses by consolidating and managing data across multiple sources and locations.
|
Interested to learn about StorageGuard Benchmark Checks for Cohesity? |
||
|
|
|
|
| ID | System | Category | Configuration check |
| K012BI0MP030 | Cohesity DataPlatform | Access Control | Absolute session timeout |
| K012BI0MP200 | Cohesity DataPlatform | Access Control | Approved administrative users / group |
| K012BI0MP290 | Cohesity DataPlatform | Access Control | Browsable shares |
| K012BI0MP120 | Cohesity DataPlatform | Access Control | File share client IP ACL |
| K012BI0MP485 | Cohesity DataPlatform | Access Control | Global allowlist |
| K012BI0MP235 | Cohesity DataPlatform | Access Control | Hardening status |
| K012BI0MP070 | Cohesity DataPlatform | Access Control | Helios access level |
| K012BI0MP065 | Cohesity DataPlatform | Access Control | Idle session timeout |
| K012BI0MP310 | Cohesity DataPlatform | Access Control | Non-default local users |
| K012BI0MP295 | Cohesity DataPlatform | Access Control | Remote access configuration |
| K012BI0MP025 | Cohesity DataPlatform | Access Control | Session limits |
| K012BI0MP490 | Cohesity DataPlatform | Access Control | Share allowlist |
| K012BI0MP260 | Cohesity DataPlatform | Access Control | SMB access based enumeration |
| K012BI0MP305 | Cohesity DataPlatform | Access Control | View allow list |
| K012BI0MP405 | Cohesity DataPlatform | Audit Log | Approved NTP Servers |
| K012BI0MP380 | Cohesity DataPlatform | Audit Log | Approved/Required syslog servers |
| K012BI0MP315 | Cohesity DataPlatform | Audit Log | Audit Log retention |
| K012BI0MP365 | Cohesity DataPlatform | Audit Log | Audit logging status |
| K012BI0MP375 | Cohesity DataPlatform | Audit Log | Centralized log server |
| K012BI0MP385 | Cohesity DataPlatform | Audit Log | Centralized log server redundancy |
| K012BI0MP360 | Cohesity DataPlatform | Audit Log | Event types enabled for audit logging |
| K012BI0MP395 | Cohesity DataPlatform | Audit Log | NTP server redundancy |
| K012BI0MP400 | Cohesity DataPlatform | Audit Log | NTP service status |
| K012BI0MP370 | Cohesity DataPlatform | Audit Log | SYSLOG protocol |
| K012BI0MP055 | Cohesity DataPlatform | Authentication | Account lockout duration |
| K012BI0MP060 | Cohesity DataPlatform | Authentication | Account lockout threshold |
| K012BI0MP450 | Cohesity DataPlatform | Authentication | AD domain configuration (if used) |
| K012BI0MP345 | Cohesity DataPlatform | Authentication | authentication server configuration (if used) |
| K012BI0MP340 | Cohesity DataPlatform | Authentication | Authentication server redundancy (if used) |
| K012BI0MP460 | Cohesity DataPlatform | Authentication | Certificate-based authentication |
| K012BI0MP425 | Cohesity DataPlatform | Authentication | Cohesity default administrative password |
| K012BI0MP445 | Cohesity DataPlatform | Authentication | Cohesity default console password |
| K012BI0MP440 | Cohesity DataPlatform | Authentication | Cohesity default support password |
| K012BI0MP245 | Cohesity DataPlatform | Authentication | Default local groups |
| K012BI0MP455 | Cohesity DataPlatform | Authentication | IdP configuration (if used) |
| K012BI0MP430 | Cohesity DataPlatform | Authentication | IPMI default password |
| K012BI0MP435 | Cohesity DataPlatform | Authentication | Linux default password |
| K012BI0MP045 | Cohesity DataPlatform | Authentication | Maximum password age |
| K012BI0MP465 | Cohesity DataPlatform | Authentication | MFA type |
| K012BI0MP040 | Cohesity DataPlatform | Authentication | Minimum password length |
| K012BI0MP250 | Cohesity DataPlatform | Authentication | Multifactor authentication |
| K012BI0MP035 | Cohesity DataPlatform | Authentication | Password complexity |
| K012BI0MP050 | Cohesity DataPlatform | Authentication | Password reuse policy |
| K012BI0MP080 | Cohesity DataPlatform | Authentication | SMTP authentication |
| K012BI0MP175 | Cohesity DataPlatform | Authentication | SNMP authentication protocol |
| K012BI0MP170 | Cohesity DataPlatform | Authentication | SNMP community default string |
| K012BI0MP160 | Cohesity DataPlatform | Authentication | SNMP user authentication |
| K012BI0MP240 | Cohesity DataPlatform | Authentication | Strong authentication method |
| K012BI0MP255 | Cohesity DataPlatform | Authorization | AD group mapping to role (if used) |
| K012BI0MP100 | Cohesity DataPlatform | Authorization | all_squash settings |
| K012BI0MP220 | Cohesity DataPlatform | Authorization | Anonymous user access configuration |
| K012BI0MP265 | Cohesity DataPlatform | Authorization | Client NFS All squash configuration |
| K012BI0MP275 | Cohesity DataPlatform | Authorization | Client NFS root squash configuration |
| K012BI0MP505 | Cohesity DataPlatform | Authorization | Dual authorization for system changes |
| K012BI0MP115 | Cohesity DataPlatform | Authorization | File share access rights |
| K012BI0MP110 | Cohesity DataPlatform | Authorization | NFS view permissions |
| K012BI0MP105 | Cohesity DataPlatform | Authorization | SMB view permissions |
| K012BI0MP150 | Cohesity DataPlatform | Authorization | User role configuration |
| K012BI0MP525 | Cohesity DataPlatform | Backup and Recovery | Backup interval |
| K012BI0MP520 | Cohesity DataPlatform | Backup and Recovery | Backup retention |
| K012BI0MP510 | Cohesity DataPlatform | Backup and Recovery | Data lock policy |
| K012BI0MP195 | Cohesity DataPlatform | Backup and Recovery | Data retention period |
| K012BI0MP530 | Cohesity DataPlatform | Backup and Recovery | DB log backup settings |
| K012BI0MP565 | Cohesity DataPlatform | Backup and Recovery | Enable ACL Backups |
| K012BI0MP515 | Cohesity DataPlatform | Backup and Recovery | Retention lock |
| K012BI0MP410 | Cohesity DataPlatform | Configuration Management | Approved DNS server |
| K012BI0MP480 | Cohesity DataPlatform | Configuration Management | Auto patch download |
| K012BI0MP210 | Cohesity DataPlatform | Configuration Management | Banner settings |
| K012BI0MP190 | Cohesity DataPlatform | Configuration Management | Cohesity version |
| K012BI0MP420 | Cohesity DataPlatform | Configuration Management | DNS server redundancy |
| K012BI0MP415 | Cohesity DataPlatform | Configuration Management | DNS service status |
| K012BI0MP095 | Cohesity DataPlatform | Configuration Management | Domain name configuration |
| K012BI0MP135 | Cohesity DataPlatform | Configuration Management | External Application enabled |
| K012BI0MP500 | Cohesity DataPlatform | Configuration Management | Non-vulnerable Cohesity version |
| K012BI0MP495 | Cohesity DataPlatform | Configuration Management | Support Channel settings |
| K012BI0MP470 | Cohesity DataPlatform | Configuration Management | Trusted certificate issuer |
| K012BI0MP475 | Cohesity DataPlatform | Configuration Management | Valid certificates used |
| K012BI0MP390 | Cohesity DataPlatform | Encryption | Cluster level encryption |
| K012BI0MP330 | Cohesity DataPlatform | Encryption | KMIP status |
| K012BI0MP205 | Cohesity DataPlatform | Encryption | KMS server configuration |
| K012BI0MP300 | Cohesity DataPlatform | Encryption | Replication link encryption |
| K012BI0MP320 | Cohesity DataPlatform | Encryption | Secure communication between Cohesity Clusters |
| K012BI0MP075 | Cohesity DataPlatform | Encryption | SMTP encryption |
| K012BI0MP165 | Cohesity DataPlatform | Encryption | SNMP message privacy |
| K012BI0MP145 | Cohesity DataPlatform | Encryption | SNMP privacy algorithm |
| K012BI0MP140 | Cohesity DataPlatform | Encryption | SSH ciphers and hash algorithm strength |
| K012BI0MP280 | Cohesity DataPlatform | Encryption | Storage domain encryption |
| K012BI0MP350 | Cohesity DataPlatform | Encryption | TLS level |
| K012BI0MP335 | Cohesity DataPlatform | Encryption | Use of secure LDAP |
| K012BI0MP325 | Cohesity DataPlatform | Encryption | Use of self-signed certificates |
| K012BI0MP010 | Cohesity DataPlatform | Encryption | Web SSL certificate |
| K012BI0MP230 | Cohesity DataPlatform | Malware Protection | Antivirus scan enabled |
| K012BI0MP225 | Cohesity DataPlatform | Malware Protection | Antivirus server redundancy |
| K012BI0MP535 | Cohesity DataPlatform | Malware Protection | Helios status |
| K012BI0MP125 | Cohesity DataPlatform | Malware Protection | Ransomware File Filtration |
| K012BI0MP130 | Cohesity DataPlatform | Malware Protection | Vulnerability scanning |
| K012BI0MP540 | Cohesity DataPlatform | Monitoring | Alert notification by email |
| K012BI0MP545 | Cohesity DataPlatform | Monitoring | Alerting status |
| K012BI0MP555 | Cohesity DataPlatform | Monitoring | Backup alerts |
| K012BI0MP015 | Cohesity DataPlatform | Monitoring | Email notification rules |
| K012BI0MP085 | Cohesity DataPlatform | Monitoring | Email server configuration |
| K012BI0MP560 | Cohesity DataPlatform | Monitoring | Ransomware (anomaly) alerts |
| K012BI0MP185 | Cohesity DataPlatform | Monitoring | Remote support status |
| K012BI0MP020 | Cohesity DataPlatform | Monitoring | SMTP recipients |
| K012BI0MP215 | Cohesity DataPlatform | Monitoring | SNMP alerts level |
| K012BI0MP090 | Cohesity DataPlatform | Monitoring | SNMP trap host configuration |
| K012BI0MP285 | Cohesity DataPlatform | Services and Protocols | Allowed access protocols |
| K012BI0MP270 | Cohesity DataPlatform | Services and Protocols | Client NFS access |
| K012BI0MP355 | Cohesity DataPlatform | Services and Protocols | HTTP service status |
| K012BI0MP180 | Cohesity DataPlatform | Services and Protocols | SNMP Agent Status |
| K012BI0MP155 | Cohesity DataPlatform | Services and Protocols | SNMP version enabled |
|
... and more. |
NOTE: Other than Cohesity DataPlatform, additional security baseline checks should be performed against Cohesity SmartFiles, DataProtect, Cisco UCS and other Cohesity components.
|
Interested to learn about StorageGuard Security Posture Management for Cohesity DataPlatform?
|
||
|
|
|
|
Comments
0 comments
Please sign in to leave a comment.