CSCv6|16.11

Title

Require multi-factor authentication for all user accounts that have access to sensitive data or systems.

Description

Require multi-factor authentication for all user accounts that have access to sensitive data or systems. Multi-factor authentication can be achieved using smart cards, certificates, One Time Password (OTP) tokens, or biometrics.

Reference Item Details

Reference: CIS Critical Security Controls v6

Category: Account Monitoring and Control

Family: Application

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.4.2.1.15 Set 'Configure use of smart cards on fixed data drives' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.1.16 Set 'Require use of smart cards on fixed data drives' to 'True'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.16 Set 'Allow BitLocker without a compatible TPM' to 'False'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.18 Set 'Configure TPM startup PIN:' to 'Require startup PIN with TPM'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.19 Set 'Configure TPM startup:' to 'Do not allow TPM'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.20 Set 'Configure TPM startup key:' to 'Do not allow startup key with TPM'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.25 Set 'Allow enhanced PINs for startup' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.3.15 Set 'Configure use of smart cards on removable data drives' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.3.16 Set 'Require use of smart cards on removable data drives' to 'True'	Windows	CIS Windows 8 L1 v1.0.0
18.9.11.1.11 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0
18.9.11.1.11 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.1.0
18.9.11.1.11 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.11 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.11 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.1.0
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.15 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.11.1.15 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.9.11.1.15 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 2 Bitlocker
18.9.11.1.15 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 1 Bitlocker
18.9.11.1.15 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1607) v1.2.0 Level 1 Bitlocker
18.9.11.1.15 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.9.11.1.15 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.11.1.15 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Bitlocker
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L2 + BL
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 BL
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.0 BL
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L2 + BL
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L2 + BL
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL + NG
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL + NG
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L2 + BL + NG
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L2 + BL + NG
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL + NG
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 L2 Bitlocker v2.3.0
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L2 + BL + NG
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L2 + BL
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1709) v1.4.0 Bitlocker
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 BL
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 BL
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL + NG
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L2 + BL + NG
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L2 + BL + NG

Detections

Analytics

CSCv6|16.11

Title

Description

Reference Item Details

Audit Items