800-53|IA-5c.

Title

AUTHENTICATOR MANAGEMENT

Description

Ensuring that authenticators have sufficient strength of mechanism for their intended use;

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 11g R2 DB v2.2.0
1.2.4.2.2.16 Set 'Allow BitLocker without a compatible TPM' to 'False'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.18 Set 'Configure TPM startup PIN:' to 'Require startup PIN with TPM'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.20 Set 'Configure TPM startup key:' to 'Do not allow startup key with TPM'WindowsCIS Windows 8 L1 v1.0.0
18.9.11.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.9.11.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.11 Ensure 'Require additional authentication at startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.11 Ensure 'Require additional authentication at startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.11 Ensure 'Require additional authentication at startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.14 Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.14 Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.14 Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.15 Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.15 Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.15 Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.16 Ensure 'Require additional authentication at startup: Configure TPM startup key and PIN:' is set to 'Enabled: Do not allow startup key and PIN with TPM'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.16 Ensure 'Require additional authentication at startup: Configure TPM startup key and PIN:' is set to 'Enabled: Do not allow startup key and PIN with TPM'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.16 Ensure 'Require additional authentication at startup: Configure TPM startup key and PIN:' is set to 'Enabled: Do not allow startup key and PIN with TPM'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS