800-53|AC-6(8)

Title

PRIVILEGE LEVELS FOR CODE EXECUTION

Description

The information system prevents [Assignment: organization-defined software] from executing at higher privilege levels than users executing the software.

Supplemental

In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations.

Reference Item Details

Category: ACCESS CONTROL

Parent Title: LEAST PRIVILEGE

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.17.5 Set 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.8 Set 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' (STIG only)WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' (STIG only)WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS
2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
2.16.1 - General permissions management - 'no SUID or SGID files exist'UnixCIS AIX 5.3/6.1 L2 v1.1.0
12.10 Find SUID System ExecutablesUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.10 Find SUID System ExecutablesUnixCIS Debian Linux 7 L1 v1.0.0
12.11 Find SGID System ExecutablesUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.11 Find SGID System ExecutablesUnixCIS Debian Linux 7 L1 v1.0.0
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.7.5 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Windows Server 2012 MS L1 v3.0.0
18.7.5 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
18.7.5 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
18.7.5 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Windows Server 2012 DC L1 v3.0.0
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC