Detections
Analytics

800-53|AC-2(1)

Title

AUTOMATED SYSTEM ACCOUNT MANAGEMENT

Description

The organization employs automated mechanisms to support the management of information system accounts.

Supplemental

The use of automated mechanisms can include, for example: using email or text messaging to automatically notify account managers when users are terminated or transferred; using the information system to monitor account usage; and using telephonic notification to report atypical system account usage.

Reference Item Details

Category: ACCESS CONTROL

Parent Title: ACCOUNT MANAGEMENT

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 Enable 'aaa new-model'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.2 Enable 'aaa authentication login'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.3 Enable 'aaa authentication enable default'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.8 Set 'aaa accounting connection'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.2 Ensure Snowflake SCIM integration is configured to automatically provision and deprovision users and groups (i.e. roles)SnowflakeCIS Snowflake Foundations v1.0.0 L2
1.6.1 Ensure 'SSH source restriction' is set to an authorized IP addressCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
2.1.6 Key chainsCiscoCIS Cisco IOS XR 7.x v1.0.0 L2
2.2 Ensure Basic Registry and Quick Start security Registry are RemovedUnixCIS IBM WebSphere Liberty v1.0.0 L1
2.2.6 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
2.2.6 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
2.2.7 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE'OracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
2.2.7 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE'OracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
2.2.7 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
2.2.7 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
2.2.8 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
2.2.8 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessOracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessOracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
2.3 Ensure 'DNS Guard' is enabledCiscoCIS Cisco ASA 9.x Firewall L2 v1.1.0
2.4.2 Set AAA 'source-interface'CiscoCIS Cisco IOS XE 17.x v2.1.1 L1
2.4.2 Set AAA 'source-interface'CiscoCIS Cisco IOS XE 16.x v2.1.0 L2
3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode'MS_SQLDBCIS Microsoft SQL Server 2019 v1.4.0 L1 Database Engine
3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode'MS_SQLDBCIS SQL Server 2022 Database L1 DB v1.1.0
3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode'MS_SQLDBCIS SQL Server 2016 Database L1 DB v1.4.0
3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode'MS_SQLDBCIS SQL Server 2017 Database L1 DB v1.3.0
3.1.1 Client certificate authentication should not be used for usersUnixCIS Kubernetes v1.10.0 L1 Master
3.1.2 Service account token authentication should not be used for usersUnixCIS Kubernetes v1.10.0 L1 Master
3.1.3 Bootstrap token authentication should not be used for usersUnixCIS Kubernetes v1.10.0 L1 Master
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'OracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'OracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
3.4 Ensure SQL Authentication is not used in contained databasesMS_SQLDBCIS SQL Server 2016 Database L1 AWS RDS v1.4.0
3.4 Ensure SQL Authentication is not used in contained databasesMS_SQLDBCIS Microsoft SQL Server 2019 v1.4.0 L1 Database Engine
3.4 Ensure SQL Authentication is not used in contained databasesMS_SQLDBCIS SQL Server 2016 Database L1 DB v1.4.0
3.4 Ensure SQL Authentication is not used in contained databasesMS_SQLDBCIS Microsoft SQL Server 2019 v1.4.0 L1 AWS RDS
3.4 Ensure SQL Authentication is not used in contained databasesMS_SQLDBCIS SQL Server 2022 Database L1 AWS RDS v1.1.0
3.4 Ensure SQL Authentication is not used in contained databasesMS_SQLDBCIS SQL Server 2017 Database L1 AWS RDS v1.3.0
3.4 Ensure SQL Authentication is not used in contained databasesMS_SQLDBCIS SQL Server 2017 Database L1 DB v1.3.0
3.4 Ensure SQL Authentication is not used in contained databasesMS_SQLDBCIS SQL Server 2022 Database L1 DB v1.1.0
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
4.3 Ensure 'DBA_USERS.AUTHENTICATION_TYPE' Is Not Set to 'EXTERNAL' for Any UserOracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
4.3 Ensure 'DBA_USERS.AUTHENTICATION_TYPE' Is Not Set to 'EXTERNAL' for Any UserOracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
5.3.2.1.1 Ensure password failed attempts lockout is configuredUnixCIS SUSE Linux Enterprise 15 v2.0.0 L1 Server
5.11 DB2CHGPWD_EEE Registry VariableWindowsCIS IBM DB2 11 v1.1.0 Windows OS Level 1
5.11 DB2CHGPWD_EEE Registry VariableUnixCIS IBM DB2 11 v1.1.0 Linux OS Level 1