800-53|AC-6(8)

Title

PRIVILEGE LEVELS FOR CODE EXECUTION

Description

The information system prevents [Assignment: organization-defined software] from executing at higher privilege levels than users executing the software.

Supplemental

In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Parent Title: LEAST PRIVILEGE

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3.17.5 Set 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.17.8 Set 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.46 UBTU-24-200580	Unix	CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.177 UBTU-22-654230	Unix	CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.205 OL08-00-030000	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.227 WN10-SO-000260	Windows	CIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.228 WN10-SO-000265	Windows	CIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.244 WN16-SO-000470	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.244 WN16-SO-000470	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.246 WN19-SO-000390	Windows	CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.246 WN19-SO-000390	Windows	CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.246 WN22-SO-000390	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.246 WN22-SO-000390	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.247 WN16-SO-000500	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.247 WN16-SO-000500	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.248 WN16-SO-000510	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.248 WN16-SO-000510	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.249 WN19-SO-000420	Windows	CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.249 WN19-SO-000420	Windows	CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.249 WN22-SO-000420	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.249 WN22-SO-000420	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.250 WN19-SO-000430	Windows	CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.250 WN19-SO-000430	Windows	CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.250 WN22-SO-000430	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.250 WN22-SO-000430	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.392 RHEL-09-654010	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
12.10 Find SUID System Executables	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.10 Find SUID System Executables	Unix	CIS Debian Linux 7 L1 v1.0.0
12.11 Find SGID System Executables	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.11 Find SGID System Executables	Unix	CIS Debian Linux 7 L1 v1.0.0
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.7.10 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2022 v4.0.0 L1 DC
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2016 v4.0.0 L1 DC
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v4.0.0 L1
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Stand-alone v4.0.0 L1
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2019 v4.0.0 L1 DC
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2019 v4.0.0 L1 MS
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2022 v4.0.0 L1 MS
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG
18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2016 v4.0.0 L1 MS

Detections

Analytics