800-53|AC-2(12)

Title

ACCOUNT MONITORING / ATYPICAL USAGE

Description

The organization:

Supplemental

Atypical usage includes, for example, accessing information systems at certain times of the day and from locations that are not consistent with the normal usage patterns of individuals working in organizations.

Reference Item Details

Related: CA-7

Category: ACCESS CONTROL

Parent Title: ACCOUNT MANAGEMENT

Family: ACCESS CONTROL

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.5.2 Log all Successful and Failed Administrative LoginsCiscoCIS Cisco NX-OS L2 v1.0.0
1.5.2 Log all Successful and Failed Administrative LoginsCiscoCIS Cisco NX-OS L1 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - User ID AgentsPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - ZonesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.1.2 Ensure 'Audit Kerberos Authentication Service' is set to 'Success and Failure' (DC Only)WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.1.2 Ensure 'Audit Kerberos Authentication Service' is set to 'Success and Failure' (DC Only)WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.1.2 Ensure 'Audit Kerberos Authentication Service' is set to 'Success and Failure' (DC Only)WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.1.3 Ensure 'Audit Kerberos Service Ticket Operations' is set to 'Success and Failure' (DC Only)WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.1.3 Ensure 'Audit Kerberos Service Ticket Operations' is set to 'Success and Failure' (DC Only)WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.1.3 Ensure 'Audit Kerberos Service Ticket Operations' is set to 'Success and Failure' (DC Only)WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.5.4 (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.5.4 (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.5.4 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.5.4 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.5.4 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.5.4 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.5.4 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.5.4 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0