800-53|IA-5(6)

Title

PROTECTION OF AUTHENTICATORS

Description

The organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access.

Supplemental

For information systems containing multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems.

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: AUTHENTICATOR MANAGEMENT

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.11.1 Set 'Network security: Do not store LAN Manager hash value on next password change' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.11.11 Set 'Network security: LAN Manager authentication level' to 'Send NTLMv2 response only. Refuse LM & NTLM'WindowsCIS Windows 8 L1 v1.0.0
2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.11.7 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.11.7 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
2.11.2 - Permissions and Ownership - '/etc/group root:security 644'UnixCIS AIX 5.3/6.1 L1 v1.1.0
2.11.3 - Permissions and Ownership - '/etc/passwd root:security 644'UnixCIS AIX 5.3/6.1 L1 v1.1.0
3.2 Disable NTLM v1WindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
3.2 Disable NTLM v1UnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
3.3 Disable NTLM v1WindowsCIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
3.3 Disable NTLM v1UnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
6.1.2 Ensure permissions on /etc/passwd are configuredUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
6.1.2 Ensure permissions on /etc/passwd are configuredUnixCIS Amazon Linux v2.1.0 L1
6.1.2 Ensure permissions on /etc/passwd are configuredUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
6.1.3 Ensure permissions on /etc/shadow are configuredUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
6.1.3 Ensure permissions on /etc/shadow are configuredUnixCIS Amazon Linux v2.1.0 L1
6.1.3 Ensure permissions on /etc/shadow are configuredUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
6.1.4 Ensure permissions on /etc/group are configuredUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
6.1.4 Ensure permissions on /etc/group are configuredUnixCIS Amazon Linux v2.1.0 L1
6.1.4 Ensure permissions on /etc/group are configuredUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
6.1.5 Ensure permissions on /etc/gshadow are configuredUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
6.1.5 Ensure permissions on /etc/gshadow are configuredUnixCIS Amazon Linux v2.1.0 L1
6.1.5 Ensure permissions on /etc/gshadow are configuredUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
6.2 Verify passwd, master.passwd, and group file permissions (/etc/group)UnixCIS FreeBSD v1.0.5
6.2 Verify passwd, master.passwd, and group file permissions (/etc/passwd)UnixCIS FreeBSD v1.0.5
6.3 Verify /etc/group File PermissionsUnixCIS Solaris 9 v1.3
6.3 Verify /etc/passwd File PermissionsUnixCIS Solaris 9 v1.3
6.3 Verify /etc/shadow File PermissionsUnixCIS Solaris 9 v1.3
9.2 Verify System File Permissions - /etc/passwd File Permissions.UnixCIS Solaris 10 L1 v5.2
9.2 Verify System File Permissions - /etc/shadow File Permissions.UnixCIS Solaris 10 L1 v5.2
12.1 Verify Permissions on /etc/passwdUnixCIS Debian Linux 7 L1 v1.0.0
12.1 Verify Permissions on /etc/passwdUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.2 Verify Permissions on /etc/shadowUnixCIS Debian Linux 7 L1 v1.0.0
12.2 Verify Permissions on /etc/shadowUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.3 Verify Permissions on /etc/groupUnixCIS Debian Linux 7 L1 v1.0.0
12.3 Verify Permissions on /etc/groupUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.4 Verify User/Group Ownership on /etc/passwdUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.4 Verify User/Group Ownership on /etc/passwdUnixCIS Debian Linux 7 L1 v1.0.0
12.5 Verify User/Group Ownership on /etc/shadowUnixCIS Debian Linux 7 L1 v1.0.0
12.6 Verify User/Group Ownership on /etc/groupUnixCIS Debian Linux 7 L1 v1.0.0
12.6 Verify User/Group Ownership on /etc/groupUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
18.10.55.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
Allow Basic authentication for HTTPWindowsMSCT Edge v98 v1.0.0
Allow Basic authentication for HTTPWindowsMSCT Edge v114 v1.0.0
Allow Basic authentication for HTTPWindowsMSCT Edge v88 v1.0.0
Allow Basic authentication for HTTPWindowsMSCT Edge v89 v1.0.0
Allow Basic authentication for HTTPWindowsMSCT Edge v90 v1.0.0
Allow Basic authentication for HTTPWindowsMSCT Edge v91 v1.0.0
Allow Basic authentication for HTTPWindowsMSCT Edge v127 v1.0.0