800-53|AC-6(8)

Title

PRIVILEGE LEVELS FOR CODE EXECUTION

Description

The information system prevents [Assignment: organization-defined software] from executing at higher privilege levels than users executing the software.

Supplemental

In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Parent Title: LEAST PRIVILEGE

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3.17.5 Set 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.17.8 Set 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' (STIG only)	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
2.16.1 - General permissions management - 'no SUID or SGID files exist'	Unix	CIS AIX 5.3/6.1 L2 v1.1.0
12.10 Find SUID System Executables	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.10 Find SUID System Executables	Unix	CIS Debian Linux 7 L1 v1.0.0
12.11 Find SGID System Executables	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.11 Find SGID System Executables	Unix	CIS Debian Linux 7 L1 v1.0.0
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.7.5 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
18.7.5 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
18.7.5 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
18.7.5 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Windows Server 2012 DC L1 v3.0.0
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller
18.7.12 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2
18.7.12 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1
18.7.12 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2025 v1.0.0 L1 MS
18.7.12 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.7.12 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.7.12 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC

Detections

Analytics