800-53|AC-6(8)

Title

PRIVILEGE LEVELS FOR CODE EXECUTION

Description

The information system prevents [Assignment: organization-defined software] from executing at higher privilege levels than users executing the software.

Supplemental

In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations.

Reference Item Details

Category: ACCESS CONTROL

Parent Title: LEAST PRIVILEGE

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.17.5 Set 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.8 Set 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC
2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' (STIG only)WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
2.16.1 - General permissions management - 'no SUID or SGID files exist'UnixCIS AIX 5.3/6.1 L2 v1.1.0
12.10 Find SUID System ExecutablesUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.10 Find SUID System ExecutablesUnixCIS Debian Linux 7 L1 v1.0.0
12.11 Find SGID System ExecutablesUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.11 Find SGID System ExecutablesUnixCIS Debian Linux 7 L1 v1.0.0
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.7.5 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Windows Server 2012 MS L1 v3.0.0
18.7.5 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
18.7.5 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
18.7.5 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Windows Server 2012 DC L1 v3.0.0
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller
18.7.12 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L2
18.7.12 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L1
18.7.12 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2025 v1.0.0 L1 MS
18.7.12 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.7.12 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.7.12 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'WindowsCIS Microsoft Windows Server 2025 v1.0.0 L1 DC