CSCv7|16.3

Title

Require Multi-factor Authentication

Description

Require multi-factor authentication for all user accounts, on all systems, whether managed onsite or by a third-party provider.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1 Ensure multifactor authentication is enabled for all users in administrative roles	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v1.5.0
1.1.1 Ensure multifactor authentication is enabled for all users in administrative roles	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v1.4.0
1.1.1 Ensure multifactor authentication is enabled for all users in administrative roles	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v1.3.0
1.1.2 Ensure multifactor authentication is enabled for all users in administrative roles	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v2.0.0
1.1.2 Ensure multifactor authentication is enabled for all users in all roles	microsoft_azure	CIS Microsoft 365 Foundations E3 L2 v1.5.0
1.1.2 Ensure multifactor authentication is enabled for all users in all roles	microsoft_azure	CIS Microsoft 365 Foundations E3 L2 v1.4.0
1.1.2 Ensure multifactor authentication is enabled for all users in all roles	microsoft_azure	CIS Microsoft 365 Foundations E3 L2 v1.3.0
1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L1
1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.1.3 Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v2.0.0
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L2
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - List Users	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L2
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - List Users	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L2
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - Role Assignments	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L2
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - Role Assignments	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L2
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - Role Definitions	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L2
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - Role Definitions	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L2
1.1.4 Ensure multifactor authentication is enabled for all users	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v2.0.0
1.1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L1
1.1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.1.4 Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.1.15 Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users.	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v1.4.0
1.1.15 Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users.	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v1.5.0
1.1.16 Ensure the option to remain signed in is hidden	microsoft_azure	CIS Microsoft 365 Foundations E3 L2 v1.5.0
1.1.16 Ensure the option to stay signed in is disabled	microsoft_azure	CIS Microsoft 365 Foundations E3 L2 v1.4.0
1.1.19 Ensure the option to remain signed in is hidden	microsoft_azure	CIS Microsoft 365 Foundations E3 L2 v2.0.0
1.2 Ensure modern authentication for Exchange Online is enabled	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v1.3.0
1.2 Ensure modern authentication for Exchange Online is enabled	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v1.5.0
1.2 Ensure modern authentication for Exchange Online is enabled	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v1.4.0
1.2 Ensure modern authentication for Exchange Online is enabled	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v2.0.0
1.2 Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts	GCP	CIS Google Cloud Platform v1.3.0 L1
1.2 Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts	GCP	CIS Google Cloud Platform v2.0.0 L1
1.2 Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts	GCP	CIS Google Cloud Platform v3.0.0 L1
1.2 Ensure that multi-factor authentication is enabled for all non-privileged users - List Users	microsoft_azure	CIS Microsoft Azure Foundations v1.3.1 L2
1.2 Ensure that multi-factor authentication is enabled for all non-privileged users - Role Assignments	microsoft_azure	CIS Microsoft Azure Foundations v1.3.1 L2
1.2 Ensure that multi-factor authentication is enabled for all non-privileged users - Role Definitions	microsoft_azure	CIS Microsoft Azure Foundations v1.3.1 L2
1.2 Ensure that multi-factor authentication is enabled for all non-service accounts	GCP	CIS Google Cloud Platform v1.1.0 L1
1.2.3 Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.2.3 Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L1
1.2.3 Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.2.4 Ensure that A Multi-factor Authentication Policy Exists for All Users	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.2.4 Ensure that A Multi-factor Authentication Policy Exists for All Users	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L1
1.2.4 Ensure that A Multi-factor Authentication Policy Exists for All Users	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.2.5 Ensure Multi-factor Authentication is Required for Risky Sign-ins	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.2.5 Ensure Multi-factor Authentication is Required for Risky Sign-ins	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L1
1.2.5 Ensure Multi-factor Authentication is Required for Risky Sign-ins	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.10 Ensure required packages for multifactor authentication are installed	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.10 Ensure required packages for multifactor authentication are installed - esc	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
1.10 Ensure required packages for multifactor authentication are installed - pam_pkcs11	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3

Detections

Analytics

CSCv7|16.3

Title

Description

Reference Item Details

Audit Items