800-53|AC-17(4)

Title

PRIVILEGED COMMANDS / ACCESS

Description

The organization:

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-6

Category: ACCESS CONTROL

Parent Title: REMOTE ACCESS

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2 Enable SSH (PermitRootLogin)	Unix	CIS FreeBSD v1.0.5
1.2.2.1.1 Configure 'Offer Remote Assistance'	Windows	CIS Windows 2003 MS v3.1.0
1.2.2.1.1 Configure 'Offer Remote Assistance'	Windows	CIS Windows 2003 DC v3.1.0
1.2.2.1.2 Configure 'Solicited Remote Assistance'	Windows	CIS Windows 2003 MS v3.1.0
1.2.2.1.2 Configure 'Solicited Remote Assistance'	Windows	CIS Windows 2003 DC v3.1.0
1.2.3.4.1 Set 'Configure Solicited Remote Assistance' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.3.4.2 Set 'Configure Offer Remote Assistance' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.6.1 Set 'Disallow Digest authentication' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.6.3 Set 'Allow Basic authentication' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.3 Configure SSH - Check if PermitRootLogin is set to no and not commented for server.	Unix	CIS Solaris 9 v1.3
1.12.4 Offer Remote Assistance	Windows	CIS Windows 2008 SSLF v1.2.0
1.12.4 Offer Remote Assistance	Windows	CIS Windows 2008 Enterprise v1.2.0
1.12.5 Solicited Remote Assistance	Windows	CIS Windows 2008 SSLF v1.2.0
1.12.5 Solicited Remote Assistance	Windows	CIS Windows 2008 Enterprise v1.2.0
18.8.35.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.1.0
18.8.35.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0
18.8.35.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 v3.1.0
18.8.35.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.1.0
18.8.35.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Windows Server 2012 DC L1 v2.1.0
18.8.35.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.1.0
18.8.35.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Windows Server 2012 MS L1 v2.1.0
18.8.35.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.1.0
18.8.35.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.1.0
18.8.35.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 v3.1.0
18.8.35.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Windows Server 2012 DC L1 v2.1.0
18.8.35.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.1.0
18.8.35.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Windows Server 2012 MS L1 v2.1.0
18.8.35.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.1.0
18.8.35.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.1.0
18.8.35.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0
18.8.36.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 DC L1 v2.4.0
18.8.36.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 DC L1 v2.5.0
18.8.36.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.2.0
18.8.36.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 MS L1 v2.4.0
18.8.36.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.8.36.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.2.0
18.8.36.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 MS L1 v2.5.0
18.8.36.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.8.36.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 DC L1 v2.4.0
18.8.36.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.8.36.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.8.36.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 DC L1 v2.5.0
18.8.36.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 MS L1 v2.4.0
18.8.36.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.2.0
18.8.36.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 MS L1 v2.5.0
18.8.36.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.2.0
18.9.97.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'	Windows	CIS Windows Server 2012 DC L1 v2.1.0
18.9.97.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.1.0
18.9.97.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.1.0
18.9.97.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.2.0

Detections

Analytics

800-53|AC-17(4)

Title

Description

Reference Item Details

Audit Items