800-53|AC-2(1)

Title

AUTOMATED SYSTEM ACCOUNT MANAGEMENT

Description

The organization employs automated mechanisms to support the management of information system accounts.

Supplemental

The use of automated mechanisms can include, for example: using email or text messaging to automatically notify account managers when users are terminated or transferred; using the information system to monitor account usage; and using telephonic notification to report atypical system account usage.

Reference Item Details

Category: ACCESS CONTROL

Parent Title: ACCOUNT MANAGEMENT

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure single sign-on (SSO) is configured for your account / organizationSnowflakeCIS Snowflake Foundations v1.0.0 L1
1.1 Ensure that Corporate Login Credentials are UsedGCPCIS Google Cloud Platform v3.0.0 L1
1.1.1 Enable 'aaa new-model'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.1.1 Enable 'aaa new-model'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.1 Enable 'aaa new-model'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.1.1.1 Configure AAA Authentication - TACACS if applicableCiscoCIS Cisco NX-OS L1 v1.1.0
1.1.1.1 TACACS+CiscoCIS Cisco IOS XR 7.x v1.0.0 L2
1.1.1.2 Configure AAA Authentication - Local SSH keysCiscoCIS Cisco NX-OS L1 v1.1.0
1.1.1.2 RADIUSCiscoCIS Cisco IOS XR 7.x v1.0.0 L2
1.1.1.3 Configure AAA Authentication - RADIUS if applicableCiscoCIS Cisco NX-OS L1 v1.1.0
1.1.2 Enable 'aaa authentication login'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.1.2 Enable 'aaa authentication login'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.2 Enable 'aaa authentication login'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.1.2.1 console authenticationCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.2.1 vty line authenticationCiscoCIS Cisco NX-OS L1 v1.1.0
1.1.2.2 vty line authenticationCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.3 Enable 'aaa authentication enable default'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.1.3 Enable 'aaa authentication enable default'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.3 Enable 'aaa authentication enable default'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.1.4 Set 'login authentication for 'line con 0'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.4 Set 'login authentication for 'line vty'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.1.4 Set 'login authentication for 'line vty'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.1.4.1 exec accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.2 command accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.3 network accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.4 system accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.5 Ensure 'Password Policy' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.1.5 Local users, groups and tasksCiscoCIS Cisco IOS XR 7.x v1.0.0 L2
1.1.5 Set 'login authentication for 'ip http'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.1.5 Set 'login authentication for 'ip http'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.1.5 Set 'login authentication for 'line tty'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.6 Set 'login authentication for 'line vty'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.1.7 Set 'aaa accounting connection'CiscoCIS Cisco IOS XE 17.x v2.1.0 L2
1.1.7 Set 'aaa accounting connection'CiscoCIS Cisco IOS XE 16.x v2.1.0 L2
1.1.8 Set 'aaa accounting connection'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.2 Ensure Snowflake SCIM integration is configured to automatically provision and deprovision users and groups (i.e. roles)SnowflakeCIS Snowflake Foundations v1.0.0 L2
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 11 v1.1.0 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 10 v1.2.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabledPalo_AltoCIS Palo Alto Firewall 10 v1.2.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabledPalo_AltoCIS Palo Alto Firewall 11 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.6.1 Ensure 'SSH source restriction' is set to an authorized IP addressCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.7.4 Configure NTP AuthenticationCiscoCIS Cisco NX-OS L2 v1.1.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.21 Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environmentsamazon_awsCIS Amazon Web Services Foundations L2 3.0.0
18.10.12.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.12.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS