cassandra-hardened
CIS Cassandra
CIS Cassandra Compliance
Scan Date
Image Tag
Checks
CIS Apache Cassandra 5.0 Benchmark v1.1.0
Ensure a separate user and group exist for Cassandra
Ensure the latest version of Java is installed
Ensure the latest version of Python is installed
Ensure latest version of Cassandra is installed
Ensure the Cassandra service is run as a non-root user
Ensure that authentication is enabled for Cassandra databases
Ensure that authorization is enabled for Cassandra databases
Ensure that Cassandra is run using a non-privileged, dedicated service account
Ensure that data center authorizations is activated
Ensure that logging is enabled
Ensure that auditing is enabled
Additional Sections (Runtime benchmarks)
Additional sections involve runtime checks and other configurations that are out of scope for the image level. Their compliance must be configured and validated by operators in the deployed environment. The Minimus cassandra-hardened image is CIS-aligned and provides secure defaults with the required configuration hooks to implement these controls.
Section 1.6 involves time synchronization which is managed by the host or orchestration layer and inherited by the container.
Sections 3.1-3.3, 3.7-3.8 are runtime benchmarks that depend on deployment-specific inputs which cannot be controlled by Minimus.
Section 3.5 involves network binding which is determined at container startup and depends on the deployment configuration.
Sections 5.1-5.2 involve inter-node encryption and client encryption which depend on operator-provided certificates, cluster configuration and TLS configuration.