800-53|AC-17(4)

Title

PRIVILEGED COMMANDS / ACCESS

Description

The organization:

Reference Item Details

Related: AC-6

Category: ACCESS CONTROL

Parent Title: REMOTE ACCESS

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2 Enable SSH (PermitRootLogin)UnixCIS FreeBSD v1.0.5
1.2.3.4.1 Set 'Configure Solicited Remote Assistance' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.4.2 Set 'Configure Offer Remote Assistance' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.6.1 Set 'Disallow Digest authentication' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.6.3 Set 'Allow Basic authentication' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.3 Configure SSH - Check if PermitRootLogin is set to no and not commented for server.UnixCIS Solaris 9 v1.3
2.2.2 - Configuring SSH - disabling direct root access - 'PermitRootLogin = no'UnixCIS AIX 5.3/6.1 L1 v1.1.0
5.2.8 Ensure SSH root login is disabledUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.2.8 Ensure SSH root login is disabledUnixCIS Amazon Linux v2.1.0 L1
5.2.8 Ensure SSH root login is disabledUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.3.10 Ensure SSH root login is disabledUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
5.3.10 Ensure SSH root login is disabledUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
5.8 Set DCUI.Access to allow trusted users to override lockdown modeVMwareCIS VMware ESXi 5.1 v1.0.1 Level 1
5.9 Set DCUI.Access to allow trusted users to override lockdown modeVMwareCIS VMware ESXi 5.5 v1.2.0 Level 1
6.1.9 Disable SSH root Login - Check if PermitRootLogin is set to no and not commented for the server.UnixCIS Solaris 10 L1 v5.2
6.6 Disable root login for SSHUnixCIS Solaris 11.2 L1 v1.1.0
6.6 Disable root login for SSH - PermitRootLogin = noUnixCIS Solaris 11 L1 v1.1.0
6.6 Disable root login for SSH - PermitRootLogin = noUnixCIS Solaris 11.1 L1 v1.0.0
9.3.8 Disable SSH Root LoginUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
9.3.8 Disable SSH Root LoginUnixCIS Debian Linux 7 L1 v1.0.0
18.8.36.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.8.36.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.8.36.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.8.36.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.97.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled' - ClientWindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.97.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled' - ClientWindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.97.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.97.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.97.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled' - ServiceWindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.97.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled' - ServiceWindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.97.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
18.9.97.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.102.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'WindowsCIS Windows Server 2012 MS L1 v2.4.0
18.9.102.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'WindowsCIS Windows Server 2012 DC L1 v2.4.0
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows Server v2004 MS v1.0.0
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows Server 1903 MS v1.19.9
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows 11 v1.0.0
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows Server v1909 DC v1.0.0
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows Server 1903 DC v1.19.9
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows Server v1909 MS v1.0.0
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows Server 2022 v1.0.0
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows Server 2016 DC v1.0.0
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows 10 1903 v1.19.9
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows 11 v22H2 v1.0.0
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows 10 v22H2 v1.0.0
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows 11 v23H2 v1.0.0
Allow Basic authentication - Client - AllowBasicWindowsMSCT MSCT Windows Server 2022 DC v1.0.0
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows Server 2016 MS v1.0.0
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows Server v20H2 DC v1.0.0
Allow Basic authentication - Client - AllowBasicWindowsMSCT Windows Server v2004 DC v1.0.0