800-53|IA-2(1)

Title

NETWORK ACCESS TO PRIVILEGED ACCOUNTS

Description

The information system implements multifactor authentication for network access to privileged accounts.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-6

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3.8.1 Set 'Microsoft network server: Disconnect clients when logon hours expire' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.21 Ensure that the --kubelet-certificate-authority argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - certificate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - key	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.30 Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2 Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts	GCP	CIS Google Cloud Platform v3.0.0 L1
1.2.1 Set the 'hostname'	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.2.2 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa'	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.2.2 Set 'transport input ssh' for 'line vty' connections	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L1
1.2.2 Set 'transport input ssh' for 'line vty' connections	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.2.2 Set 'transport input ssh' for 'line vty' connections	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.3 Set 'seconds' for 'ssh timeout' for 60 seconds or less	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - Telnet	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.4.2.1.15 Set 'Configure use of smart cards on fixed data drives' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.15 Set 'Require additional authentication at startup' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.25 Set 'Allow enhanced PINs for startup' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificates	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.3 Ensure that Security Key Enforcement is Enabled for All Admin Accounts	GCP	CIS Google Cloud Platform v3.0.0 L2
1.4 Ensure multi-factor authentication (MFA) is turned on for all human users with password-based authentication	Snowflake	CIS Snowflake Foundations v1.0.0 L1
1.5 Ensure MFA is enabled for the 'root' user account	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
1.5.1 Ensure 'V3' is selected for SNMP polling	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.5.7 Set 'priv' for each 'snmp-server group' using SNMPv3	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L2
1.5.8 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L2
1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3	Cisco	CIS Cisco IOS 12 L2 v4.0.0
1.6 Ensure hardware MFA is enabled for the 'root' user account	amazon_aws	CIS Amazon Web Services Foundations L2 3.0.0
1.6.2 Log all Successful and Failed Administrative Logins	Cisco	CIS Cisco NX-OS L2 v1.1.0
1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
2.1 Ensure Authentication is configured	Windows	CIS MongoDB 3.6 L1 Windows Audit v1.1.0
2.1 Ensure Authentication is configured	Unix	CIS MongoDB 7 L1 OS Linux v1.0.0
2.1 Ensure Authentication is configured	Unix	CIS MongoDB 4 L1 OS Linux v1.0.0
18.9.15.2 (L1) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.15.2 Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.9.59.3.9.2 (L1) Ensure 'Require secure RPC communication' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.59.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.9.59.3.9.3 (L1) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.59.3.9.3 Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.9.59.3.9.4 (L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.59.3.9.4 Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.9.59.3.9.5 (L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.59.3.9.5 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.9.98.1 (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L2
18.9.98.1 (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.10.15.5 (L1) Ensure 'Enable OneSettings Auditing' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
18.10.15.5 (L1) Ensure 'Enable OneSettings Auditing' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
18.10.15.5 Ensure 'Enable OneSettings Auditing' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS
18.10.15.5 Ensure 'Enable OneSettings Auditing' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC

Detections

Analytics

800-53|IA-2(1)

Title

Description

Reference Item Details

Audit Items