800-53|AC-6(8)

Title

PRIVILEGE LEVELS FOR CODE EXECUTION

Description

The information system prevents [Assignment: organization-defined software] from executing at higher privilege levels than users executing the software.

Supplemental

In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Parent Title: LEAST PRIVILEGE

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1.2.1.1 Set 'Domain controller: Allow server operators to schedule tasks' to 'Disabled'	Windows	CIS Windows 2003 DC v3.1.0
1.1.3.17.5 Set 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.17.8 Set 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.7.4 User Account Control: Detect application installations and prompt for elevation	Windows	CIS Windows 2008 Enterprise v1.2.0
1.7.4 User Account Control: Detect application installations and prompt for elevation	Windows	CIS Windows 2008 SSLF v1.2.0
1.7.5 User Account Control: Only elevate UIAccess applications that are installed in secure locations	Windows	CIS Windows 2008 SSLF v1.2.0
1.7.5 User Account Control: Only elevate UIAccess applications that are installed in secure locations	Windows	CIS Windows 2008 Enterprise v1.2.0
1.7.9 User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop	Windows	CIS Windows 2008 Enterprise v1.2.0
1.7.9 User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop	Windows	CIS Windows 2008 SSLF v1.2.0
1.9.18 Domain controller: Allow server operators to schedule tasks - Domain Controller	Windows	CIS Windows 2008 SSLF v1.2.0
1.9.18 Domain controller: Allow server operators to schedule tasks - Domain Controller	Windows	CIS Windows 2008 Enterprise v1.2.0
1.9.18 Domain controller: Allow server operators to schedule tasks - Member Server	Windows	CIS Windows 2008 Enterprise v1.2.0
1.9.18 Domain controller: Allow server operators to schedule tasks - Member Server	Windows	CIS Windows 2008 SSLF v1.2.0
12.10 Find SUID System Executables	Unix	CIS Debian Linux 7 L1 v1.0.0
12.10 Find SUID System Executables	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.11 Find SGID System Executables	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.11 Find SGID System Executables	Unix	CIS Debian Linux 7 L1 v1.0.0
18.6.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.6.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.6.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.6.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.7.5 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
18.7.5 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 L1 DC
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 L1 MS
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows Server 2019 MS Standalone L1 v1.0.0
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows Server 2019 Standalone DC L1 vCIS Microsoft Windows Server 2019 Standalone DC L1 v1.0.0

Detections

Analytics