800-53|AC-14a.

Title

PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION

Description

Identifies [Assignment: organization-defined user actions] that can be performed on the information system without identification or authentication consistent with organizational missions/business functions; and

Reference Item Details

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2 - AirWatch - Enable 'Password'MDMAirWatch - CIS Google Android 4 v1.0.0 L1
1.1.2 - AirWatch - Enable Passcode Lock - 'Passcode Required = true'MDMAirWatch - CIS Apple iOS 9 v1.0.0 L1
1.1.2 - AirWatch - Enable Passcode Lock - 'Passcode Required = true'MDMAirWatch - CIS Apple iOS 8 v1.0.0 L1
1.1.2 - MobileIron - Enable 'Password'MDMMobileIron - CIS Google Android 4 v1.0.0 L1
1.1.2 - MobileIron - Enable Passcode Lock - 'Passcode Required = on'MDMMobileIron - CIS Apple iOS 9 v1.0.0 L1
1.1.2 - MobileIron - Enable Passcode Lock - 'Passcode Required = on'MDMMobileIron - CIS Apple iOS 8 v1.0.0 L1
1.2 Ensure 'Screen Lock' is set to 'Enabled'MDMMobileIron - CIS Google Android v1.3.0 L1
1.2 Ensure 'Screen Lock' is set to 'Enabled'MDMAirWatch - CIS Google Android v1.3.0 L1
1.2 Ensure 'Screen Lock' is set to EnabledMDMAirWatch - CIS Google Android 7 v1.0.0 L1
1.2 Ensure 'Screen Lock' is set to EnabledMDMMobileIron - CIS Google Android 7 v1.0.0 L1
1.3 Configure SSH - Check if IgnoreRhosts is set to yes and not commented for server.UnixCIS Solaris 9 v1.3
1.3 Configure SSH - Check if RhostsAuthentication is set to no and not commented for server.UnixCIS Solaris 9 v1.3
1.3 Configure SSH - Check if RhostsRSAAuthentication is set to no and not commented for server.UnixCIS Solaris 9 v1.3
2.1.1 - AirWatch - Enable 'Require password'MDMAirWatch - CIS Google Android 4 v1.0.0 L1
2.1.1 - MobileIron - Enable 'Require password'MDMMobileIron - CIS Google Android 4 v1.0.0 L1
2.2.1 - AirWatch - Require passcode on deviceMDMAirWatch - CIS Apple iOS 9 v1.0.0 L1
2.2.1 - AirWatch - Require passcode on deviceMDMAirWatch - CIS Apple iOS 8 v1.0.0 L1
2.2.1 - MobileIron - Require passcode on deviceMDMMobileIron - CIS Apple iOS 9 v1.0.0 L1
2.2.1 - MobileIron - Require passcode on deviceMDMMobileIron - CIS Apple iOS 8 v1.0.0 L1
2.2.6 - Configuring SSH - ignore .shosts and .rhosts - 'IgnoreRhosts = yes'UnixCIS AIX 5.3/6.1 L1 v1.1.0
2.2.8 - Configuring SSH - disallow host based authentication - 'HostbasedAuthentication = no'UnixCIS AIX 5.3/6.1 L2 v1.1.0
3.1.1 - AirWatch - Enable 'Require password'MDMAirWatch - CIS Apple iOS 9 v1.0.0 L1
3.1.1 - AirWatch - Enable 'Require password'MDMAirWatch - CIS Apple iOS 8 v1.0.0 L1
3.1.1 - MobileIron - Enable 'Require password'MDMMobileIron - CIS Apple iOS 9 v1.0.0 L1
3.1.1 - MobileIron - Enable 'Require password'MDMMobileIron - CIS Apple iOS 8 v1.0.0 L1
4.2.11 Ensure SSH IgnoreRhosts is enabledUnixCIS Amazon Linux 2023 Server L1 v1.0.0
4.03 init.ora - 'remote_os_authent = FALSE'UnixCIS v1.1.0 Oracle 11g OS L1
5.2.6 Ensure SSH IgnoreRhosts is enabledUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabledUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabledUnixCIS Amazon Linux v2.1.0 L1
5.2.7 Ensure SSH HostbasedAuthentication is disabledUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabledUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
5.2.7 Ensure SSH HostbasedAuthentication is disabledUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
5.2.7 Ensure SSH HostbasedAuthentication is disabledUnixCIS Amazon Linux v2.1.0 L1
5.2.7 Ensure SSH HostbasedAuthentication is disabledUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.2.8 Ensure SSH HostbasedAuthentication is disabledUnixCIS Debian Family Server L1 v1.0.0
5.2.8 Ensure SSH HostbasedAuthentication is disabledUnixCIS Debian Family Workstation L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Debian 9 Workstation L1 v1.0.1
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Distribution Independent Linux Server L1 v2.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Aliyun Linux 2 L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Debian 9 Server L1 v1.0.1
5.2.9 Ensure SSH HostbasedAuthentication is disabledUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
5.2.11 Ensure SSH HostbasedAuthentication is disabledUnixCIS Amazon Linux 2 STIG v1.0.0 L1
5.2.23 Ensure RSA rhosts authentication is not allowedUnixCIS Amazon Linux 2 STIG v1.0.0 L3
5.12 Disable ability to login to another user's active and locked sessionUnixCIS Apple macOS 10.13 L1 v1.1.0