800-53|AC-2(12)

Title

ACCOUNT MONITORING / ATYPICAL USAGE

Description

The organization:

Supplemental

Atypical usage includes, for example, accessing information systems at certain times of the day and from locations that are not consistent with the normal usage patterns of individuals working in organizations.

Reference Item Details

Related: CA-7

Category: ACCESS CONTROL

Parent Title: ACCOUNT MANAGEMENT

Family: ACCESS CONTROL

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.5.2 Log all Successful and Failed Administrative LoginsCiscoCIS Cisco NX-OS L2 v1.0.0
1.5.2 Log all Successful and Failed Administrative LoginsCiscoCIS Cisco NX-OS L1 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - User ID AgentsPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - ZonesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
2.3 Ensure that User-ID is only enabled for internal trusted interfacesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1
2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1
2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1
2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + NG
2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1
2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + NG
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1
2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
4.1.10 Ensure session initiation information is collected - /var/log/btmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - /var/log/wtmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - /var/run/utmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
4.1.10 Ensure session initiation information is collected - auditctl /var/log/wtmpUnixCIS Amazon Linux 2 STIG v1.0.0 L2
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.5.4 (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.5.4 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1