CSCv7|16.7

Title

Establish Process for Revoking Access

Description

Establish and follow an automated process for revoking system access by disabling accounts immediately upon termination or change of responsibilities of an employee or contractor . Disabling these accounts, instead of deleting accounts, allows preservation of audit trails.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less	OracleDB	CIS Oracle Server 19c DB Unified Auditing v1.2.0
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less	OracleDB	CIS Oracle Server 19c DB Traditional Auditing v1.1.0
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.1.0
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.1.0
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less	OracleDB	CIS Oracle Server 19c DB Unified Auditing v1.1.0
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less	OracleDB	CIS Oracle Server 19c DB Traditional Auditing v1.2.0
2.2.11 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.0.0
2.2.11 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.0.0
2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less	OracleDB	CIS Oracle Server 12c DB Traditional Auditing v3.0.0
2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less	OracleDB	CIS Oracle Server 12c DB Unified Auditing v3.0.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.1.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 19c DB Traditional Auditing v1.1.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 19c DB Unified Auditing v1.1.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.0.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.0.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 12c DB Unified Auditing v3.0.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 19c DB Unified Auditing v1.2.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	OracleDB	CIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.1.1 Client certificate authentication should not be used for users	Unix	CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
3.1.1 Client certificate authentication should not be used for users	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
3.1.1 Client certificate authentication should not be used for users	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
3.1.1 Client certificate authentication should not be used for users	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
3.1.1 Client certificate authentication should not be used for users	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
3.1.1 Client certificate authentication should not be used for users	Unix	CIS Kubernetes Benchmark v1.7.1 L1 Master
3.1.1 Client certificate authentication should not be used for users	Unix	CIS Kubernetes Benchmark v1.9.0 L1 Master
3.1.2 Service account token authentication should not be used for users	Unix	CIS Kubernetes Benchmark v1.9.0 L1 Master
3.1.2 Service account token authentication should not be used for users	Unix	CIS Kubernetes Benchmark v1.7.1 L1 Master
3.1.2 Service account token authentication should not be used for users	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
3.1.3 Bootstrap token authentication should not be used for users	Unix	CIS Kubernetes Benchmark v1.7.1 L1 Master
3.1.3 Bootstrap token authentication should not be used for users	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
3.1.3 Bootstrap token authentication should not be used for users	Unix	CIS Kubernetes Benchmark v1.9.0 L1 Master
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.0.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	OracleDB	CIS Oracle Server 19c DB Traditional Auditing v1.1.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	OracleDB	CIS Oracle Server 19c DB Unified Auditing v1.1.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	OracleDB	CIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	OracleDB	CIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	OracleDB	CIS Oracle Server 12c DB Unified Auditing v3.0.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.0.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.1.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	OracleDB	CIS Oracle Server 19c DB Unified Auditing v1.2.0
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.0.0
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.0.0
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.1.0
3.4 Ensure that Storage Account Access Keys are Periodically Regenerated	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
3.4 Ensure that Storage Account Access Keys are Periodically Regenerated	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L1
3.12 (L1) Host must lock an account after a specified number of failed login attempts	VMware	CIS VMware ESXi 8.0 v1.1.0 L1

Detections

Analytics

CSCv7|16.7

Title

Description

Reference Item Details

Audit Items