This page provides a list of recommended secure configuration checks for Cohesity DataPlatform, and is periodically updated. Cohesity DataPlatform is a comprehensive data management solution that simplifies backup, recovery, and storage for businesses by consolidating and managing data across multiple sources and locations.
Interested to learn about StorageGuard Benchmark Checks for Cohesity? |
||
|
|
ID | System | Category | Configuration check |
K012BI0MP030 | Cohesity DataPlatform | Access Control | Absolute session timeout |
K012BI0MP200 | Cohesity DataPlatform | Access Control | Approved administrative users / group |
K012BI0MP290 | Cohesity DataPlatform | Access Control | Browsable shares |
K012BI0MP120 | Cohesity DataPlatform | Access Control | File share client IP ACL |
K012BI0MP485 | Cohesity DataPlatform | Access Control | Global allowlist |
K012BI0MP235 | Cohesity DataPlatform | Access Control | Hardening status |
K012BI0MP070 | Cohesity DataPlatform | Access Control | Helios access level |
K012BI0MP065 | Cohesity DataPlatform | Access Control | Idle session timeout |
K012BI0MP310 | Cohesity DataPlatform | Access Control | Non-default local users |
K012BI0MP295 | Cohesity DataPlatform | Access Control | Remote access configuration |
K012BI0MP025 | Cohesity DataPlatform | Access Control | Session limits |
K012BI0MP490 | Cohesity DataPlatform | Access Control | Share allowlist |
K012BI0MP260 | Cohesity DataPlatform | Access Control | SMB access based enumeration |
K012BI0MP305 | Cohesity DataPlatform | Access Control | View allow list |
K012BI0MP405 | Cohesity DataPlatform | Audit Log | Approved NTP Servers |
K012BI0MP380 | Cohesity DataPlatform | Audit Log | Approved/Required syslog servers |
K012BI0MP315 | Cohesity DataPlatform | Audit Log | Audit Log retention |
K012BI0MP365 | Cohesity DataPlatform | Audit Log | Audit logging status |
K012BI0MP375 | Cohesity DataPlatform | Audit Log | Centralized log server |
K012BI0MP385 | Cohesity DataPlatform | Audit Log | Centralized log server redundancy |
K012BI0MP360 | Cohesity DataPlatform | Audit Log | Event types enabled for audit logging |
K012BI0MP395 | Cohesity DataPlatform | Audit Log | NTP server redundancy |
K012BI0MP400 | Cohesity DataPlatform | Audit Log | NTP service status |
K012BI0MP370 | Cohesity DataPlatform | Audit Log | SYSLOG protocol |
K012BI0MP055 | Cohesity DataPlatform | Authentication | Account lockout duration |
K012BI0MP060 | Cohesity DataPlatform | Authentication | Account lockout threshold |
K012BI0MP450 | Cohesity DataPlatform | Authentication | AD domain configuration (if used) |
K012BI0MP345 | Cohesity DataPlatform | Authentication | authentication server configuration (if used) |
K012BI0MP340 | Cohesity DataPlatform | Authentication | Authentication server redundancy (if used) |
K012BI0MP460 | Cohesity DataPlatform | Authentication | Certificate-based authentication |
K012BI0MP425 | Cohesity DataPlatform | Authentication | Cohesity default administrative password |
K012BI0MP445 | Cohesity DataPlatform | Authentication | Cohesity default console password |
K012BI0MP440 | Cohesity DataPlatform | Authentication | Cohesity default support password |
K012BI0MP245 | Cohesity DataPlatform | Authentication | Default local groups |
K012BI0MP455 | Cohesity DataPlatform | Authentication | IdP configuration (if used) |
K012BI0MP430 | Cohesity DataPlatform | Authentication | IPMI default password |
K012BI0MP435 | Cohesity DataPlatform | Authentication | Linux default password |
K012BI0MP045 | Cohesity DataPlatform | Authentication | Maximum password age |
K012BI0MP465 | Cohesity DataPlatform | Authentication | MFA type |
K012BI0MP040 | Cohesity DataPlatform | Authentication | Minimum password length |
K012BI0MP250 | Cohesity DataPlatform | Authentication | Multifactor authentication |
K012BI0MP035 | Cohesity DataPlatform | Authentication | Password complexity |
K012BI0MP050 | Cohesity DataPlatform | Authentication | Password reuse policy |
K012BI0MP080 | Cohesity DataPlatform | Authentication | SMTP authentication |
K012BI0MP175 | Cohesity DataPlatform | Authentication | SNMP authentication protocol |
K012BI0MP170 | Cohesity DataPlatform | Authentication | SNMP community default string |
K012BI0MP160 | Cohesity DataPlatform | Authentication | SNMP user authentication |
K012BI0MP240 | Cohesity DataPlatform | Authentication | Strong authentication method |
K012BI0MP255 | Cohesity DataPlatform | Authorization | AD group mapping to role (if used) |
K012BI0MP100 | Cohesity DataPlatform | Authorization | all_squash settings |
K012BI0MP220 | Cohesity DataPlatform | Authorization | Anonymous user access configuration |
K012BI0MP265 | Cohesity DataPlatform | Authorization | Client NFS All squash configuration |
K012BI0MP275 | Cohesity DataPlatform | Authorization | Client NFS root squash configuration |
K012BI0MP505 | Cohesity DataPlatform | Authorization | Dual authorization for system changes |
K012BI0MP115 | Cohesity DataPlatform | Authorization | File share access rights |
K012BI0MP110 | Cohesity DataPlatform | Authorization | NFS view permissions |
K012BI0MP105 | Cohesity DataPlatform | Authorization | SMB view permissions |
K012BI0MP150 | Cohesity DataPlatform | Authorization | User role configuration |
K012BI0MP525 | Cohesity DataPlatform | Backup and Recovery | Backup interval |
K012BI0MP520 | Cohesity DataPlatform | Backup and Recovery | Backup retention |
K012BI0MP510 | Cohesity DataPlatform | Backup and Recovery | Data lock policy |
K012BI0MP195 | Cohesity DataPlatform | Backup and Recovery | Data retention period |
K012BI0MP530 | Cohesity DataPlatform | Backup and Recovery | DB log backup settings |
K012BI0MP565 | Cohesity DataPlatform | Backup and Recovery | Enable ACL Backups |
K012BI0MP515 | Cohesity DataPlatform | Backup and Recovery | Retention lock |
K012BI0MP410 | Cohesity DataPlatform | Configuration Management | Approved DNS server |
K012BI0MP480 | Cohesity DataPlatform | Configuration Management | Auto patch download |
K012BI0MP210 | Cohesity DataPlatform | Configuration Management | Banner settings |
K012BI0MP190 | Cohesity DataPlatform | Configuration Management | Cohesity version |
K012BI0MP420 | Cohesity DataPlatform | Configuration Management | DNS server redundancy |
K012BI0MP415 | Cohesity DataPlatform | Configuration Management | DNS service status |
K012BI0MP095 | Cohesity DataPlatform | Configuration Management | Domain name configuration |
K012BI0MP135 | Cohesity DataPlatform | Configuration Management | External Application enabled |
K012BI0MP500 | Cohesity DataPlatform | Configuration Management | Non-vulnerable Cohesity version |
K012BI0MP495 | Cohesity DataPlatform | Configuration Management | Support Channel settings |
K012BI0MP470 | Cohesity DataPlatform | Configuration Management | Trusted certificate issuer |
K012BI0MP475 | Cohesity DataPlatform | Configuration Management | Valid certificates used |
K012BI0MP390 | Cohesity DataPlatform | Encryption | Cluster level encryption |
K012BI0MP330 | Cohesity DataPlatform | Encryption | KMIP status |
K012BI0MP205 | Cohesity DataPlatform | Encryption | KMS server configuration |
K012BI0MP300 | Cohesity DataPlatform | Encryption | Replication link encryption |
K012BI0MP320 | Cohesity DataPlatform | Encryption | Secure communication between Cohesity Clusters |
K012BI0MP075 | Cohesity DataPlatform | Encryption | SMTP encryption |
K012BI0MP165 | Cohesity DataPlatform | Encryption | SNMP message privacy |
K012BI0MP145 | Cohesity DataPlatform | Encryption | SNMP privacy algorithm |
K012BI0MP140 | Cohesity DataPlatform | Encryption | SSH ciphers and hash algorithm strength |
K012BI0MP280 | Cohesity DataPlatform | Encryption | Storage domain encryption |
K012BI0MP350 | Cohesity DataPlatform | Encryption | TLS level |
K012BI0MP335 | Cohesity DataPlatform | Encryption | Use of secure LDAP |
K012BI0MP325 | Cohesity DataPlatform | Encryption | Use of self-signed certificates |
K012BI0MP010 | Cohesity DataPlatform | Encryption | Web SSL certificate |
K012BI0MP230 | Cohesity DataPlatform | Malware Protection | Antivirus scan enabled |
K012BI0MP225 | Cohesity DataPlatform | Malware Protection | Antivirus server redundancy |
K012BI0MP535 | Cohesity DataPlatform | Malware Protection | Helios status |
K012BI0MP125 | Cohesity DataPlatform | Malware Protection | Ransomware File Filtration |
K012BI0MP130 | Cohesity DataPlatform | Malware Protection | Vulnerability scanning |
K012BI0MP540 | Cohesity DataPlatform | Monitoring | Alert notification by email |
K012BI0MP545 | Cohesity DataPlatform | Monitoring | Alerting status |
K012BI0MP555 | Cohesity DataPlatform | Monitoring | Backup alerts |
K012BI0MP015 | Cohesity DataPlatform | Monitoring | Email notification rules |
K012BI0MP085 | Cohesity DataPlatform | Monitoring | Email server configuration |
K012BI0MP560 | Cohesity DataPlatform | Monitoring | Ransomware (anomaly) alerts |
K012BI0MP185 | Cohesity DataPlatform | Monitoring | Remote support status |
K012BI0MP020 | Cohesity DataPlatform | Monitoring | SMTP recipients |
K012BI0MP215 | Cohesity DataPlatform | Monitoring | SNMP alerts level |
K012BI0MP090 | Cohesity DataPlatform | Monitoring | SNMP trap host configuration |
K012BI0MP285 | Cohesity DataPlatform | Services and Protocols | Allowed access protocols |
K012BI0MP270 | Cohesity DataPlatform | Services and Protocols | Client NFS access |
K012BI0MP355 | Cohesity DataPlatform | Services and Protocols | HTTP service status |
K012BI0MP180 | Cohesity DataPlatform | Services and Protocols | SNMP Agent Status |
K012BI0MP155 | Cohesity DataPlatform | Services and Protocols | SNMP version enabled |
... and more. |
NOTE: Other than Cohesity DataPlatform, additional security baseline checks should be performed against Cohesity SmartFiles, DataProtect, Cisco UCS and other Cohesity components.
Interested to learn about StorageGuard Security Posture Management for Cohesity DataPlatform?
|
||
|
|
Comments
0 comments
Please sign in to leave a comment.