800-53|AC-6(1)

Title

AUTHORIZE ACCESS TO SECURITY FUNCTIONS

Description

The organization explicitly authorizes access to [Assignment: organization-defined security functions (deployed in hardware, software, and firmware) and security-relevant information].

Supplemental

Security functions include, for example, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters. Security-relevant information includes, for example, filtering rules for routers/firewalls, cryptographic key management information, configuration parameters for security services, and access control lists. Explicitly authorized personnel include, for example, security administrators, system and network administrators, system security officers, system maintenance personnel, system programmers, and other privileged users.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-17,AC-18,AC-19

Category: ACCESS CONTROL

Parent Title: LEAST PRIVILEGE

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1 Default Install Files - 'iisadmpwd' Check if exist	Windows	CIS IIS 6.0 v1.0.0
1.1.3 Ensure nodev option set on /tmp partition	Unix	CIS Debian 8 Server L1 v2.0.1
1.1.3 Ensure nodev option set on /tmp partition	Unix	CIS Debian 8 Workstation L1 v2.0.1
1.1.3.17.4 Set 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' to 'Prompt for consent'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4 Ensure nosuid option set on /tmp partition	Unix	CIS Debian 8 Server L1 v2.0.1
1.1.4 Ensure nosuid option set on /tmp partition	Unix	CIS Debian 8 Workstation L1 v2.0.1
1.1.6 Ensure /dev/shm is configured	Unix	CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0
1.1.6 Ensure /dev/shm is configured	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0
1.1.7 Ensure nodev option set on /dev/shm partition	Unix	CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0
1.1.7 Ensure nodev option set on /dev/shm partition	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0
1.1.7 Ensure nodev option set on /var/tmp partition	Unix	CIS Debian 8 Server L1 v2.0.1
1.1.7 Ensure nodev option set on /var/tmp partition	Unix	CIS Debian 8 Workstation L1 v2.0.1
1.1.8 Ensure nosuid option set on /dev/shm partition	Unix	CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0
1.1.8 Ensure nosuid option set on /dev/shm partition	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0
1.1.8 Ensure nosuid option set on /var/tmp partition	Unix	CIS Debian 8 Workstation L1 v2.0.1
1.1.8 Ensure nosuid option set on /var/tmp partition	Unix	CIS Debian 8 Server L1 v2.0.1
1.1.9 Ensure noexec option set on /dev/shm partition	Unix	CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0
1.1.9 Ensure noexec option set on /dev/shm partition	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0
1.1.9 Ensure noexec option set on /var/tmp partition	Unix	CIS Debian 8 Workstation L1 v2.0.1
1.1.9 Ensure noexec option set on /var/tmp partition	Unix	CIS Debian 8 Server L1 v2.0.1
1.1.13 Ensure nodev option set on /home partition	Unix	CIS Debian 8 Server L1 v2.0.1
1.1.13 Ensure nodev option set on /home partition	Unix	CIS Debian 8 Workstation L1 v2.0.1
1.1.14 Ensure nodev option set on /dev/shm partition	Unix	CIS Debian 8 Server L1 v2.0.1
1.1.14 Ensure nodev option set on /dev/shm partition	Unix	CIS Debian 8 Workstation L1 v2.0.1
1.1.15 Ensure nodev option set on /dev/shm partition	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1
1.1.15 Ensure nodev option set on /dev/shm partition	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1
1.1.15 Ensure nodev option set on /dev/shm partition	Unix	CIS Amazon Linux 2 v1.0.0 L1
1.1.15 Ensure nosuid option set on /dev/shm partition	Unix	CIS Debian 8 Server L1 v2.0.1
1.1.15 Ensure nosuid option set on /dev/shm partition	Unix	CIS Debian 8 Workstation L1 v2.0.1
1.1.16 Ensure noexec option set on /dev/shm partition	Unix	CIS Debian 8 Workstation L1 v2.0.1
1.1.16 Ensure noexec option set on /dev/shm partition	Unix	CIS Debian 8 Server L1 v2.0.1
1.1.16 Ensure nosuid option set on /dev/shm partition	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1
1.1.16 Ensure nosuid option set on /dev/shm partition	Unix	CIS Amazon Linux 2 v1.0.0 L1
1.1.16 Ensure nosuid option set on /dev/shm partition	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1
1.1.17 Ensure noexec option set on /dev/shm partition	Unix	CIS Amazon Linux 2 v1.0.0 L1
1.1.17 Ensure noexec option set on /dev/shm partition	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1
1.1.17 Ensure noexec option set on /dev/shm partition	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1
1.2.8 Ensure that the --authorization-mode argument includes RBAC	Unix	CIS Kubernetes Benchmark v1.9.0 L1 Master
1.2.8 Ensure that the --authorization-mode argument includes RBAC	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.8 Ensure that the --authorization-mode argument includes RBAC	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.19 Ensure that the healthz endpoint is protected by RBAC	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.14 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.15 Ensure IAM Users Receive Permissions Only Through Groups	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
1.15 Ensure that 'Guest invite restrictions' is set to 'Only users assigned to specific admin roles can invite guest users'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L2
1.16 Ensure That 'Restrict access to Microsoft Entra admin center' is Set to 'Yes'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.17 Ensure a support role has been created to manage incidents with AWS Support	amazon_aws	CIS Amazon Web Services Foundations L1 1.3.0
1.17 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L2
1.18 Ensure IAM instance roles are used for AWS resource access from instances	amazon_aws	CIS Amazon Web Services Foundations L2 3.0.0
1.18 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L2
1.19 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L2

Detections

Analytics