Detections
Analytics

800-53|AC-2(12)

Title

ACCOUNT MONITORING / ATYPICAL USAGE

Description

The organization:

Supplemental

Atypical usage includes, for example, accessing information systems at certain times of the day and from locations that are not consistent with the normal usage patterns of individuals working in organizations.

Reference Item Details

Related: CA-7

Category: ACCESS CONTROL

Parent Title: ACCOUNT MANAGEMENT

Family: ACCESS CONTROL

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1 Ensure that IP addresses are mapped to usernames - User ID AgentsPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - ZonesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
2.3 Ensure that User-ID is only enabled for internal trusted interfacesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.5.4 (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.5.4 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1