Detections
Analytics

800-53|AC-2(1)

Title

AUTOMATED SYSTEM ACCOUNT MANAGEMENT

Description

The organization employs automated mechanisms to support the management of information system accounts.

Supplemental

The use of automated mechanisms can include, for example: using email or text messaging to automatically notify account managers when users are terminated or transferred; using the information system to monitor account usage; and using telephonic notification to report atypical system account usage.

Reference Item Details

Category: ACCESS CONTROL

Parent Title: ACCOUNT MANAGEMENT

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure that Corporate Login Credentials are UsedGCPCIS Google Cloud Platform v3.0.0 L1
1.1.1 Enable 'aaa new-model'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.1.1 Enable 'aaa new-model'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.1 Enable 'aaa new-model'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.1.1.1 Configure AAA Authentication - TACACS if applicableCiscoCIS Cisco NX-OS L1 v1.1.0
1.1.1.1 TACACS+CiscoCIS Cisco IOS XR 7.x v1.0.0 L2
1.1.1.2 Configure AAA Authentication - Local SSH keysCiscoCIS Cisco NX-OS L1 v1.1.0
1.1.1.2 RADIUSCiscoCIS Cisco IOS XR 7.x v1.0.0 L2
1.1.1.3 Configure AAA Authentication - RADIUS if applicableCiscoCIS Cisco NX-OS L1 v1.1.0
1.1.2 Enable 'aaa authentication login'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.2 Enable 'aaa authentication login'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.1.2 Enable 'aaa authentication login'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.1.2.1 console authenticationCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.2.1 vty line authenticationCiscoCIS Cisco NX-OS L1 v1.1.0
1.1.2.2 vty line authenticationCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.3 Enable 'aaa authentication enable default'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.1.3 Enable 'aaa authentication enable default'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.1.3 Enable 'aaa authentication enable default'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.4 Set 'login authentication for 'line con 0'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.4 Set 'login authentication for 'line vty'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.1.4 Set 'login authentication for 'line vty'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.1.4.1 exec accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.2 command accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.3 network accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.4 system accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.5 Ensure 'Password Policy' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.1.5 Local users, groups and tasksCiscoCIS Cisco IOS XR 7.x v1.0.0 L2
1.1.5 Set 'login authentication for 'ip http'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.1.5 Set 'login authentication for 'ip http'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.1.5 Set 'login authentication for 'line tty'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.6 Set 'login authentication for 'line vty'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.7 Set 'aaa accounting connection'CiscoCIS Cisco IOS XE 17.x v2.1.0 L2
1.1.7 Set 'aaa accounting connection'CiscoCIS Cisco IOS XE 16.x v2.1.0 L2
1.1.8 Set 'aaa accounting connection'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.1 Ensure Trusted Locations Are Definedmicrosoft_azureCIS Microsoft Azure Foundations v2.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabledPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.10 Ensure 'User consent for applications' is set to 'Do not allow user consent'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L1
1.11 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L2
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.13 Ensure That 'Users Can Register Applications' Is Set to 'No'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L1
1.14 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L1