Detections
Analytics

CCI|CCI-004895

Title

Permit users to invoke the trusted communications path for communications between the user and the organization-defined security functions, including at a minimum, authentication and re-authentication.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIX7-00-002061 - AIX must remove NOPASSWD tag from sudo config files.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002062 - AIX must remove !authenticate option from sudo config files.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002108 - If GSSAPI authentication is not required on AIX, the SSH daemon must disable GSSAPI authentication.UnixDISA STIG AIX 7.x v3r1
APPL-14-004022 - The macOS system must require users to reauthenticate for privilege escalation when using the "sudo" command.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-004060 - The macOS system must configure sudoers timestamp type.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
CASA-VN-000350 - The Cisco ASA VPN gateway must be configured to renegotiate the IPsec Security Association after eight hours or less.CiscoDISA STIG Cisco ASA VPN v2r2
CASA-VN-000360 - The Cisco ASA VPN gateway must be configured to renegotiate the IKE security association after 24 hours or less.CiscoDISA STIG Cisco ASA VPN v2r2
OL08-00-010381 - OL 8 must require users to reauthenticate for privilege escalation and changing roles.UnixDISA Oracle Linux 8 STIG v2r2
PHTN-40-000133 The Photon operating system must require users to reauthenticate for privilege escalation.UnixDISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1
RHEL-08-010380 - RHEL 8 must require users to provide a password for privilege escalation.UnixDISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-08-010381 - RHEL 8 must require users to reauthenticate for privilege escalation.UnixDISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-09-432015 - RHEL 9 must require reauthentication when using the 'sudo' command - sudo command.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-611145 - RHEL 9 must not be configured to bypass password requirements for privilege escalation.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
SLES-12-010110 - The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges.UnixDISA SLES 12 STIG v3r1
SLES-12-010113 - The SUSE operating system must require re-authentication when using the 'sudo' command - sudo command.UnixDISA SLES 12 STIG v3r1
SLES-15-010450 - The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges.UnixDISA SLES 15 STIG v2r2
SLES-15-020102 - The SUSE operating system must require reauthentication when using the 'sudo' command - sudo command.UnixDISA SLES 15 STIG v2r2
SPLK-CL-000180 - Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.SplunkDISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API
UBTU-20-010014 - The Ubuntu operating system must require users to reauthenticate for privilege escalation or when changing roles.UnixDISA STIG Ubuntu 20.04 LTS v2r1
UBTU-22-432010 - Ubuntu 22.04 LTS must require users to reauthenticate for privilege escalation or when changing roles.UnixDISA STIG Canonical Ubuntu 22.04 LTS v2r2
VCSA-80-000089 The vCenter Server must terminate vSphere Client sessions after 15 minutes of inactivity.VMwareDISA VMware vSphere 8.0 vCenter STIG v2r1
WN10-CC-000145 - Users must be prompted for a password on resume from sleep (on battery).WindowsDISA Windows 10 STIG v3r2
WN10-CC-000150 - The user must be prompted for a password on resume from sleep (plugged in).WindowsDISA Windows 10 STIG v3r2
WN10-CC-000270 - Passwords must not be saved in the Remote Desktop Client.WindowsDISA Windows 10 STIG v3r2
WN10-CC-000280 - Remote Desktop Services must always prompt a client for passwords upon connection.WindowsDISA Windows 10 STIG v3r2
WN10-CC-000355 - The Windows Remote Management (WinRM) service must not store RunAs credentials.WindowsDISA Windows 10 STIG v3r2
WN10-SO-000245 - User Account Control approval mode for the built-in Administrator must be enabled.WindowsDISA Windows 10 STIG v3r2
WN10-SO-000255 - User Account Control must automatically deny elevation requests for standard users.WindowsDISA Windows 10 STIG v3r2
WN10-SO-000270 - User Account Control must run all administrators in Admin Approval Mode, enabling UAC.WindowsDISA Windows 10 STIG v3r2
WN11-CC-000145 - Users must be prompted for a password on resume from sleep (on battery).WindowsDISA Windows 11 STIG v2r2
WN11-CC-000150 - The user must be prompted for a password on resume from sleep (plugged in).WindowsDISA Windows 11 STIG v2r2
WN11-CC-000270 - Passwords must not be saved in the Remote Desktop Client.WindowsDISA Windows 11 STIG v2r2
WN11-CC-000280 - Remote Desktop Services must always prompt a client for passwords upon connection.WindowsDISA Windows 11 STIG v2r2
WN11-CC-000355 - The Windows Remote Management (WinRM) service must not store RunAs credentials.WindowsDISA Windows 11 STIG v2r2
WN11-SO-000245 - User Account Control approval mode for the built-in Administrator must be enabled.WindowsDISA Windows 11 STIG v2r2
WN11-SO-000255 - User Account Control must automatically deny elevation requests for standard users.WindowsDISA Windows 11 STIG v2r2
WN11-SO-000270 - User Account Control must run all administrators in Admin Approval Mode, enabling UAC.WindowsDISA Windows 11 STIG v2r2
WN19-CC-000340 - Windows Server 2019 must not save passwords in the Remote Desktop Client.WindowsDISA Windows Server 2019 STIG v3r2
WN19-CC-000360 - Windows Server 2019 Remote Desktop Services must always prompt a client for passwords upon connection.WindowsDISA Windows Server 2019 STIG v3r2
WN19-CC-000520 - Windows Server 2019 Windows Remote Management (WinRM) service must not store RunAs credentials.WindowsDISA Windows Server 2019 STIG v3r2
WN19-SO-000380 - Windows Server 2019 User Account Control approval mode for the built-in Administrator must be enabled.WindowsDISA Windows Server 2019 STIG v3r2
WN19-SO-000410 - Windows Server 2019 User Account Control must automatically deny standard user requests for elevation.WindowsDISA Windows Server 2019 STIG v3r2
WN19-SO-000440 - Windows Server 2019 User Account Control must run all administrators in Admin Approval Mode, enabling UAC.WindowsDISA Windows Server 2019 STIG v3r2
WN22-CC-000340 - Windows Server 2022 must not save passwords in the Remote Desktop Client.WindowsDISA Windows Server 2022 STIG v2r2
WN22-CC-000360 - Windows Server 2022 Remote Desktop Services must always prompt a client for passwords upon connection.WindowsDISA Windows Server 2022 STIG v2r2
WN22-CC-000520 - Windows Server 2022 Windows Remote Management (WinRM) service must not store RunAs credentials.WindowsDISA Windows Server 2022 STIG v2r2
WN22-SO-000380 - Windows Server 2022 User Account Control (UAC) approval mode for the built-in Administrator must be enabled.WindowsDISA Windows Server 2022 STIG v2r2
WN22-SO-000410 - Windows Server 2022 User Account Control (UAC) must automatically deny standard user requests for elevation.WindowsDISA Windows Server 2022 STIG v2r2
WN22-SO-000440 - Windows Server 2022 User Account Control (UAC) must run all administrators in Admin Approval Mode, enabling UAC.WindowsDISA Windows Server 2022 STIG v2r2