800-53|IA-5(6)

Title

PROTECTION OF AUTHENTICATORS

Description

The organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access.

Supplemental

For information systems containing multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: AUTHENTICATOR MANAGEMENT

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3.11.1 Set 'Network security: Do not store LAN Manager hash value on next password change' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.11.11 Set 'Network security: LAN Manager authentication level' to 'Send NTLMv2 response only. Refuse LM & NTLM'	Windows	CIS Windows 8 L1 v1.0.0
2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.11.7 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.11.7 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
2.11.2 - Permissions and Ownership - '/etc/group root:security 644'	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
2.11.3 - Permissions and Ownership - '/etc/passwd root:security 644'	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
3.2 Disable NTLM v1	Windows	CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
3.2 Disable NTLM v1	Unix	CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
3.3 Disable NTLM v1	Windows	CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
3.3 Disable NTLM v1	Unix	CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
6.1.2 Ensure permissions on /etc/passwd are configured	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
6.1.2 Ensure permissions on /etc/passwd are configured	Unix	CIS Amazon Linux v2.1.0 L1
6.1.2 Ensure permissions on /etc/passwd are configured	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
6.1.3 Ensure permissions on /etc/shadow are configured	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
6.1.3 Ensure permissions on /etc/shadow are configured	Unix	CIS Amazon Linux v2.1.0 L1
6.1.3 Ensure permissions on /etc/shadow are configured	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
6.1.4 Ensure permissions on /etc/group are configured	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
6.1.4 Ensure permissions on /etc/group are configured	Unix	CIS Amazon Linux v2.1.0 L1
6.1.4 Ensure permissions on /etc/group are configured	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
6.1.5 Ensure permissions on /etc/gshadow are configured	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
6.1.5 Ensure permissions on /etc/gshadow are configured	Unix	CIS Amazon Linux v2.1.0 L1
6.1.5 Ensure permissions on /etc/gshadow are configured	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
6.2 Verify passwd, master.passwd, and group file permissions (/etc/group)	Unix	CIS FreeBSD v1.0.5
6.2 Verify passwd, master.passwd, and group file permissions (/etc/passwd)	Unix	CIS FreeBSD v1.0.5
6.3 Verify /etc/group File Permissions	Unix	CIS Solaris 9 v1.3
6.3 Verify /etc/passwd File Permissions	Unix	CIS Solaris 9 v1.3
6.3 Verify /etc/shadow File Permissions	Unix	CIS Solaris 9 v1.3
9.2 Verify System File Permissions - /etc/passwd File Permissions.	Unix	CIS Solaris 10 L1 v5.2
9.2 Verify System File Permissions - /etc/shadow File Permissions.	Unix	CIS Solaris 10 L1 v5.2
12.1 Verify Permissions on /etc/passwd	Unix	CIS Debian Linux 7 L1 v1.0.0
12.1 Verify Permissions on /etc/passwd	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.2 Verify Permissions on /etc/shadow	Unix	CIS Debian Linux 7 L1 v1.0.0
12.2 Verify Permissions on /etc/shadow	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.3 Verify Permissions on /etc/group	Unix	CIS Debian Linux 7 L1 v1.0.0
12.3 Verify Permissions on /etc/group	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.4 Verify User/Group Ownership on /etc/passwd	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.4 Verify User/Group Ownership on /etc/passwd	Unix	CIS Debian Linux 7 L1 v1.0.0
12.5 Verify User/Group Ownership on /etc/shadow	Unix	CIS Debian Linux 7 L1 v1.0.0
12.6 Verify User/Group Ownership on /etc/group	Unix	CIS Debian Linux 7 L1 v1.0.0
12.6 Verify User/Group Ownership on /etc/group	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
18.10.55.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
Allow Basic authentication for HTTP	Windows	MSCT Edge v98 v1.0.0
Allow Basic authentication for HTTP	Windows	MSCT Edge v114 v1.0.0
Allow Basic authentication for HTTP	Windows	MSCT Edge v88 v1.0.0
Allow Basic authentication for HTTP	Windows	MSCT Edge v89 v1.0.0
Allow Basic authentication for HTTP	Windows	MSCT Edge v90 v1.0.0
Allow Basic authentication for HTTP	Windows	MSCT Edge v91 v1.0.0
Allow Basic authentication for HTTP	Windows	MSCT Edge v117 v1.0.0

Detections

Analytics