800-53|AC-6(7)

Title

REVIEW OF USER PRIVILEGES

Description

The organization:

Supplemental

The need for certain assigned user privileges may change over time reflecting changes in organizational missions/business function, environments of operation, technologies, or threat. Periodic review of assigned user privileges is necessary to determine if the rationale for assigning such privileges remains valid. If the need cannot be revalidated, organizations take appropriate corrective actions.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: CA-7

Category: ACCESS CONTROL

Parent Title: LEAST PRIVILEGE

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3.10.7 Set 'Network access: Remotely accessible registry paths and sub-paths' to the following list	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.10.10 Set 'Network access: Remotely accessible registry paths' to the following list	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.1 Configure 'Allow log on through Remote Desktop Services'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.2 Set 'Deny log on through Remote Desktop Services' to 'Guests'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.3 Set 'Deny access to this computer from the network' to 'Guests'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.4 Set 'Create a pagefile' to 'Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.5 Set 'Create permanent shared objects' to 'No One'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.6 Set 'Increase scheduling priority' to 'Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.7 Set 'Access this computer from the network' to 'Users, Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.8 Set 'Force shutdown from a remote system' to 'Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.9 Set 'Change the time zone' to 'LOCAL SERVICE, Administrators, Users'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.10 Set 'Create global objects' to 'Administrators, SERVICE, LOCAL SERVICE, NETWORK SERVICE'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.11 Set 'Enable computer and user accounts to be trusted for delegation' to 'No One'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.12 Set 'Profile single process' to 'Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.13 Set 'Shut down the system' to 'Administrators, Users'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.14 Set 'Take ownership of files or other objects' to 'Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.15 Set 'Create symbolic links' to 'Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.16 Set 'Act as part of the operating system' to 'No One'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.17 Set 'Modify firmware environment values' to 'Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.18 Set 'Back up files and directories' to 'Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.19 Debug programs = Administrators	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.20 Set 'Access Credential Manager as a trusted caller' to 'No One'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.21 Set 'Deny log on locally' to 'Guests'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.22 Set 'Profile system performance' to 'NT SERVICE\WdiServiceHost,Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.23 Set 'Restore files and directories' to 'Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.24 Set 'Perform volume maintenance tasks' to 'Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.25 Set 'Impersonate a client after authentication' to 'Administrators, SERVICE, Local Service, Network Service'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.26 Configure 'Log on as a batch job'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.27 Set 'Adjust memory quotas for a process' to 'Administrators, Local Service, Network Service'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.28 Set 'Manage auditing and security log' to 'Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.29 Set 'Deny log on as a batch job' to 'Guests'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.30 Set 'Bypass traverse checking' to 'Users, NETWORK SERVICE, LOCAL SERVICE, Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.31 Set 'Increase a process working set' to 'Administrators, Local Service'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.32 Set 'Change the system time' to 'LOCAL SERVICE, Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.33 Configure 'Deny log on as a service'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.34 Configure 'Log on as a service'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.35 Set 'Generate security audits' to 'Local Service, Network Service'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.36 Set 'Allow log on locally' to 'Administrators, Users'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.37 Set 'Lock pages in memory' to 'No One'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.38 Set 'Load and unload device drivers' to 'Administrators'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.39 Configure 'Remove computer from docking station'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.40 Set 'Replace a process level token' to 'Local Service, Network Service'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.41 Set 'Create a token object' to 'No One'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4.42 Set 'Modify an object label' to 'No one'	Windows	CIS Windows 8 L1 v1.0.0
1.2 Ensure Snowflake SCIM integration is configured to automatically provision and deprovision users and groups (i.e. roles)	Snowflake	CIS Snowflake Foundations v1.0.0 L2
1.2 Set permissions on local-settings.js	Windows	CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
1.04 Windows Oracle Account - 'Deny Log on Locally Right'	Windows	CIS v1.1.0 Oracle 11g OS Windows Level 1
1.10 Windows Oracle Registry Key Permissions - 'Verify and set permissions'	Windows	CIS v1.1.0 Oracle 11g OS Windows Level 1
1.15 Ensure IAM Users Receive Permissions Only Through Groups	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
1.18 Ensure IAM instance roles are used for AWS resource access from instances	amazon_aws	CIS Amazon Web Services Foundations L2 3.0.0

Detections

Analytics