800-53|AC-2(1)

Title

AUTOMATED SYSTEM ACCOUNT MANAGEMENT

Description

The organization employs automated mechanisms to support the management of information system accounts.

Supplemental

The use of automated mechanisms can include, for example: using email or text messaging to automatically notify account managers when users are terminated or transferred; using the information system to monitor account usage; and using telephonic notification to report atypical system account usage.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Parent Title: ACCOUNT MANAGEMENT

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1 Ensure single sign-on (SSO) is configured for your account / organization	Snowflake	CIS Snowflake Foundations v1.0.0 L1
1.1 Ensure that Corporate Login Credentials are Used	GCP	CIS Google Cloud Platform v3.0.0 L1
1.1.1 Enable 'aaa new-model'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L1
1.1.1 Enable 'aaa new-model'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.1.1 Enable 'aaa new-model'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L1
1.1.1.1 Configure AAA Authentication - TACACS if applicable	Cisco	CIS Cisco NX-OS L1 v1.1.0
1.1.1.1 TACACS+	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L2
1.1.1.2 Configure AAA Authentication - Local SSH keys	Cisco	CIS Cisco NX-OS L1 v1.1.0
1.1.1.2 RADIUS	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L2
1.1.1.3 Configure AAA Authentication - RADIUS if applicable	Cisco	CIS Cisco NX-OS L1 v1.1.0
1.1.2 Enable 'aaa authentication login'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.1.2 Enable 'aaa authentication login'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L1
1.1.2 Enable 'aaa authentication login'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L1
1.1.2.1 console authentication	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.1.2.1 vty line authentication	Cisco	CIS Cisco NX-OS L1 v1.1.0
1.1.2.2 vty line authentication	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.1.3 Enable 'aaa authentication enable default'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L1
1.1.3 Enable 'aaa authentication enable default'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L1
1.1.3 Enable 'aaa authentication enable default'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.1.4 Set 'login authentication for 'line con 0'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.1.4 Set 'login authentication for 'line vty'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L1
1.1.4 Set 'login authentication for 'line vty'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L1
1.1.4.1 exec accounting	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.2 command accounting	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.3 network accounting	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.4 system accounting	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.1.5 Ensure 'Password Policy' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.1.5 Local users, groups and tasks	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L2
1.1.5 Set 'login authentication for 'ip http'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L1
1.1.5 Set 'login authentication for 'ip http'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L1
1.1.5 Set 'login authentication for 'line tty'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.1.6 Set 'login authentication for 'line vty'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.1.7 Set 'aaa accounting connection'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
1.1.7 Set 'aaa accounting connection'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
1.1.8 Set 'aaa accounting connection'	Cisco	CIS Cisco IOS 15 L2 v4.1.1
1.2 Ensure Snowflake SCIM integration is configured to automatically provision and deprovision users and groups (i.e. roles)	Snowflake	CIS Snowflake Foundations v1.0.0 L2
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management	Palo_Alto	CIS Palo Alto Firewall 11 v1.1.0 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management	Palo_Alto	CIS Palo Alto Firewall 10 v1.2.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled	Palo_Alto	CIS Palo Alto Firewall 10 v1.2.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled	Palo_Alto	CIS Palo Alto Firewall 11 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPS	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMP	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSH	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.6.1 Ensure 'SSH source restriction' is set to an authorized IP address	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.7.4 Configure NTP Authentication	Cisco	CIS Cisco NX-OS L2 v1.1.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.21 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments	amazon_aws	CIS Amazon Web Services Foundations L2 3.0.0
18.10.12.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.12.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS

Detections

Analytics