800-53|AC-14a.

Title

PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION

Description

Identifies [Assignment: organization-defined user actions] that can be performed on the information system without identification or authentication consistent with organizational missions/business functions; and

Reference Item Details

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3 Configure SSH - Check if IgnoreRhosts is set to yes and not commented for server.UnixCIS Solaris 9 v1.3
1.3 Configure SSH - Check if RhostsAuthentication is set to no and not commented for server.UnixCIS Solaris 9 v1.3
1.3 Configure SSH - Check if RhostsRSAAuthentication is set to no and not commented for server.UnixCIS Solaris 9 v1.3
2.2.6 - Configuring SSH - ignore .shosts and .rhosts - 'IgnoreRhosts = yes'UnixCIS AIX 5.3/6.1 L1 v1.1.0
2.2.8 - Configuring SSH - disallow host based authentication - 'HostbasedAuthentication = no'UnixCIS AIX 5.3/6.1 L2 v1.1.0
4.03 init.ora - 'remote_os_authent = FALSE'UnixCIS v1.1.0 Oracle 11g OS L1
5.2.6 Ensure SSH IgnoreRhosts is enabledUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabledUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabledUnixCIS Amazon Linux v2.1.0 L1
5.2.7 Ensure SSH HostbasedAuthentication is disabledUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
5.2.7 Ensure SSH HostbasedAuthentication is disabledUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
5.2.7 Ensure SSH HostbasedAuthentication is disabledUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabledUnixCIS Amazon Linux v2.1.0 L1
5.2.7 Ensure SSH HostbasedAuthentication is disabledUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.2.8 Ensure SSH HostbasedAuthentication is disabledUnixCIS Debian Family Server L1 v1.0.0
5.2.8 Ensure SSH HostbasedAuthentication is disabledUnixCIS Debian Family Workstation L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Debian 10 Workstation L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Debian 10 Server L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Distribution Independent Linux Server L1 v2.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Debian 9 Workstation L1 v1.0.1
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Debian 9 Server L1 v1.0.1
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Fedora 28 Family Linux Workstation L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Fedora 28 Family Linux Server L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Aliyun Linux 2 L1 v1.0.0
5.2.11 Ensure SSH HostbasedAuthentication is disabledUnixCIS Amazon Linux 2 STIG v1.0.0 L1
5.2.23 Ensure RSA rhosts authentication is not allowedUnixCIS Amazon Linux 2 STIG v1.0.0 L3
5.2.25 Ensure SSH setting for 'IgnoreUserKnownHosts' is enabled - IgnoreUserKnownHosts is enabled.UnixCIS Amazon Linux 2 STIG v1.0.0 L3
5.3.10 Ensure SSH HostbasedAuthentication is disabledUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
5.3.10 Ensure SSH HostbasedAuthentication is disabledUnixCIS CentOS 6 Server L1 v3.0.0
5.3.10 Ensure SSH HostbasedAuthentication is disabledUnixCIS Red Hat 6 Workstation L1 v3.0.0
5.3.10 Ensure SSH HostbasedAuthentication is disabledUnixCIS Oracle Linux 6 Server L1 v2.0.0
5.3.10 Ensure SSH HostbasedAuthentication is disabledUnixCIS Red Hat 6 Server L1 v3.0.0
5.3.10 Ensure SSH HostbasedAuthentication is disabledUnixCIS CentOS 6 Workstation L1 v3.0.0
5.8 Disable automatic loginUnixCIS Apple macOS 10.13 L1 v1.1.0
5.8 Disable automatic loginUnixCIS Apple OSX 10.10 Yosemite L1 v1.2.0
5.8 Disable automatic loginUnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
5.8 Disable automatic loginUnixCIS Apple OSX 10.9 L1 v1.3.0
5.9 Disable automatic loginUnixCIS Apple macOS 10.12 L1 v1.2.0
5.12 Disable ability to login to another user's active and locked sessionUnixCIS Apple macOS 10.13 L1 v1.1.0
6.1.6 Set SSH IgnoreRhosts to yes - Check if IgnoreRhosts is set to yes and not commented for the server.UnixCIS Solaris 10 L1 v5.2
6.1.7 Set SSH RhostsAuthentication to no - Check if RhostsAuthentication is set to no and not commented for the server.UnixCIS Solaris 10 L1 v5.2
6.1.8 Set SSH RhostsRSAAuthentication to no - Check if RhostsRSAAuthentication is set to no and not commented for the server.UnixCIS Solaris 10 L1 v5.2
6.11 Remove Autologin Capabilities from the GNOME desktopUnixCIS Solaris 11 L1 v1.1.0
6.11 Remove Autologin Capabilities from the GNOME desktop - pam.confUnixCIS Solaris 11.2 L1 v1.1.0
6.11 Remove Autologin Capabilities from the GNOME desktop - pam.confUnixCIS Solaris 11.1 L1 v1.0.0
6.11 Remove Autologin Capabilities from the GNOME desktop - pam.d/gdm-autologinUnixCIS Solaris 11.2 L1 v1.1.0
6.11 Remove Autologin Capabilities from the GNOME desktop - pam.d/gdm-autologinUnixCIS Solaris 11.1 L1 v1.0.0