Detections
Analytics

CSCv6|5.8

Title

Administrators should be required to access a system using a fully logged and non-administrative account.

Description

Administrators should be required to access a system using a fully logged and non-administrative account. Then, once logged on to the machine without administrative privileges, the administrator should transition to administrative privileges using tools such as Sudo on Linux/UNIX, RunAs on Windows, and other similar facilities for other types of systems.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2.44 Set 'Audit Policy: Logon-Logoff: Special Logon' to 'Success'WindowsCIS Windows 8 L1 v1.0.0
1.4.1 Set 'password' for 'enable secret'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.4.1 Set 'password' for 'enable secret'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.4.1 Set 'password' for 'enable secret'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.4.1 Set 'password' for 'enable secret'CiscoCIS Cisco IOS 16 L1 v1.1.1
17.5.5 (L1) Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.5.5 (L1) Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.5.5 (L1) Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.5.5 Ensure 'Audit Special Logon' is set to 'Success'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.1.0
17.5.5 Ensure 'Audit Special Logon' is set to 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.1.0
17.5.5 Ensure 'Audit Special Logon' is set to 'Success'WindowsCIS Windows Server 2012 MS L1 v2.1.0
17.5.5 Ensure 'Audit Special Logon' is set to 'Success'WindowsCIS Windows Server 2012 DC L1 v2.1.0
17.5.5 Ensure 'Audit Special Logon' is set to 'Success'WindowsCIS Microsoft Windows 8.1 L1 v2.3.0
17.5.5 Ensure 'Audit Special Logon' is set to 'Success'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.1.0
17.5.5 Ensure 'Audit Special Logon' is set to 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.1.0
17.5.5 Ensure 'Audit Special Logon' is set to 'Success'WindowsCIS Windows 7 Workstation Level 1 v3.1.0
17.5.5 Ensure 'Audit Special Logon' is set to 'Success'WindowsCIS Microsoft Windows 8.1 L1 Bitlocker v2.3.0
17.5.5 Ensure 'Audit Special Logon' is set to 'Success'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Windows Server 2012 R2 DC L1 v2.4.0
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Windows Server 2012 R2 MS L1 v2.4.0
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.5.6 (L1) Ensure 'Audit Special Logon' is set to 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 1607) v1.2.0 Level 1 Bitlocker
17.5.6 (L1) Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 1
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL + NG
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL + NG
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL + NG
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL + NG
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.2.0
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.2.0
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + NG
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + NG
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + NG
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1