800-53|AC-14a.

Title

PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION

Description

Identifies [Assignment: organization-defined user actions] that can be performed on the information system without identification or authentication consistent with organizational missions/business functions; and

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.2 - AirWatch - Enable 'Password'	MDM	AirWatch - CIS Google Android 4 v1.0.0 L1
1.1.2 - AirWatch - Enable Passcode Lock - 'Passcode Required = true'	MDM	AirWatch - CIS Apple iOS 8 v1.0.0 L1
1.1.2 - AirWatch - Enable Passcode Lock - 'Passcode Required = true'	MDM	AirWatch - CIS Apple iOS 9 v1.0.0 L1
1.1.2 - MobileIron - Enable 'Password'	MDM	MobileIron - CIS Google Android 4 v1.0.0 L1
1.1.2 - MobileIron - Enable Passcode Lock - 'Passcode Required = on'	MDM	MobileIron - CIS Apple iOS 9 v1.0.0 L1
1.1.2 - MobileIron - Enable Passcode Lock - 'Passcode Required = on'	MDM	MobileIron - CIS Apple iOS 8 v1.0.0 L1
1.2 Ensure 'Screen Lock' is set to 'Enabled'	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.2 Ensure 'Screen Lock' is set to 'Enabled'	MDM	AirWatch - CIS Google Android v1.3.0 L1
1.2 Ensure 'Screen Lock' is set to Enabled	MDM	AirWatch - CIS Google Android 7 v1.0.0 L1
1.2 Ensure 'Screen Lock' is set to Enabled	MDM	MobileIron - CIS Google Android 7 v1.0.0 L1
1.3 Configure SSH - Check if IgnoreRhosts is set to yes and not commented for server.	Unix	CIS Solaris 9 v1.3
1.3 Configure SSH - Check if RhostsAuthentication is set to no and not commented for server.	Unix	CIS Solaris 9 v1.3
1.3 Configure SSH - Check if RhostsRSAAuthentication is set to no and not commented for server.	Unix	CIS Solaris 9 v1.3
2.1.1 - AirWatch - Enable 'Require password'	MDM	AirWatch - CIS Google Android 4 v1.0.0 L1
2.1.1 - MobileIron - Enable 'Require password'	MDM	MobileIron - CIS Google Android 4 v1.0.0 L1
2.2.1 - AirWatch - Require passcode on device	MDM	AirWatch - CIS Apple iOS 8 v1.0.0 L1
2.2.1 - AirWatch - Require passcode on device	MDM	AirWatch - CIS Apple iOS 9 v1.0.0 L1
2.2.1 - MobileIron - Require passcode on device	MDM	MobileIron - CIS Apple iOS 8 v1.0.0 L1
2.2.1 - MobileIron - Require passcode on device	MDM	MobileIron - CIS Apple iOS 9 v1.0.0 L1
2.2.6 - Configuring SSH - ignore .shosts and .rhosts - 'IgnoreRhosts = yes'	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
2.2.8 - Configuring SSH - disallow host based authentication - 'HostbasedAuthentication = no'	Unix	CIS AIX 5.3/6.1 L2 v1.1.0
3.1.1 - AirWatch - Enable 'Require password'	MDM	AirWatch - CIS Apple iOS 8 v1.0.0 L1
3.1.1 - AirWatch - Enable 'Require password'	MDM	AirWatch - CIS Apple iOS 9 v1.0.0 L1
3.1.1 - MobileIron - Enable 'Require password'	MDM	MobileIron - CIS Apple iOS 9 v1.0.0 L1
3.1.1 - MobileIron - Enable 'Require password'	MDM	MobileIron - CIS Apple iOS 8 v1.0.0 L1
4.03 init.ora - 'remote_os_authent = FALSE'	Unix	CIS v1.1.0 Oracle 11g OS L1
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS Amazon Linux v2.1.0 L1
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS SUSE Linux Enterprise Server 11 L1 v2.1.1
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Amazon Linux v2.1.0 L1
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.2.8 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Debian Family Server L1 v1.0.0
5.2.8 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Debian Family Workstation L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Debian 9 Server L1 v1.0.1
5.2.9 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Distribution Independent Linux Workstation L1 v2.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Fedora 19 Family Linux Server L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Aliyun Linux 2 L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Distribution Independent Linux Server L1 v2.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Fedora 19 Family Linux Workstation L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Debian 9 Workstation L1 v1.0.1
5.2.11 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Amazon Linux 2 STIG v1.0.0 L1
5.2.23 Ensure RSA rhosts authentication is not allowed	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
5.3.10 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS CentOS 6 Server L1 v3.0.0
5.12 Disable ability to login to another user's active and locked session	Unix	CIS Apple macOS 10.13 L1 v1.1.0

Detections

Analytics

800-53|AC-14a.

Title

Description

Reference Item Details

Audit Items