800-53|AC-6(3)

Title

NETWORK ACCESS TO PRIVILEGED COMMANDS

Description

The organization authorizes network access to [Assignment: organization-defined privileged commands] only for [Assignment: organization-defined compelling operational needs] and documents the rationale for such access in the security plan for the information system.

Supplemental

Network access is any access across a network connection in lieu of local access (i.e., user being physically present at the device).

Reference Item Details

Related: AC-17

Category: ACCESS CONTROL

Parent Title: LEAST PRIVILEGE

Family: ACCESS CONTROL

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.4.16 Set 'Allow Remote Shell Access' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
5.5 Ensure root login is restricted to system consoleUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.5 Ensure root login is restricted to system consoleUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
5.5 Ensure root login is restricted to system consoleUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
5.5 Ensure root login is restricted to system consoleUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
6.10 Restrict root Login to System Console - Check if 'CONSOLE' in /etc/default/login is set to /dev/console.UnixCIS Solaris 10 L1 v5.2
6.14 Restrict root Login to System Console - CONSOLE = /dev/consoleUnixCIS Solaris 11.1 L1 v1.0.0
6.14 Restrict root Login to System Console - CONSOLE = /dev/consoleUnixCIS Solaris 11 L1 v1.1.0
6.14 Restrict root Login to System Console - CONSOLE = /dev/consoleUnixCIS Solaris 11.2 L1 v1.1.0
9.1 Check for Remote ConsolesUnixCIS Solaris 11 L1 v1.1.0
9.1 Check for Remote ConsolesUnixCIS Solaris 11.1 L1 v1.0.0
9.1 Check for Remote ConsolesUnixCIS Solaris 11.2 L1 v1.1.0
9.1 Check for Remote Consoles using 'consadm' command line utilityUnixCIS Solaris 10 L1 v5.2
9.4 Restrict root Login to System ConsoleUnixCIS Debian Linux 7 L1 v1.0.0
9.4 Restrict root Login to System Console - ReviewUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
10.2 Restrict access to the web administrationUnixCIS Apache Tomcat 7 L2 v1.1.0
10.2 Restrict access to the web administrationUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
Apply UAC restrictions to local accounts on network logonWindowsMSCT Windows 10 1803 v1.0.0
Apply UAC restrictions to local accounts on network logonWindowsMSCT Windows Server 2016 MS v1.0.0
Apply UAC restrictions to local accounts on network logonWindowsMSCT Windows Server 2012 R2 MS v1.0.0
Apply UAC restrictions to local accounts on network logonWindowsMSCT Windows 10 v1507 v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows 10 v22H2 v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows Server v1909 MS v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows 10 v2004 v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows Server 2022 v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows Server v20H2 MS v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows 11 v23H2 v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows Server v2004 MS v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows Server 2019 MS v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows 10 1809 v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows 11 v24H2 v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows 10 1903 v1.19.9
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows 10 v20H2 v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows 10 v21H1 v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows 10 v21H2 v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows Server 1903 MS v1.19.9
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows 10 1909 v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows 11 v22H2 v1.0.0
Apply UAC restrictions to local accounts on network logonsWindowsMSCT Windows 11 v1.0.0
Console Authentication RealmCisco_ACITenable Cisco ACI
Default Authentication RealmCisco_ACITenable Cisco ACI
Ensure root login is restricted to system consoleUnixTenable Cisco Firepower Management Center OS Best Practices Audit
Network access: Restrict clients allowed to make remote calls to SAMWindowsMSCT Windows 10 v2004 v1.0.0
Network access: Restrict clients allowed to make remote calls to SAMWindowsMSCT Windows 10 v21H1 v1.0.0
Network access: Restrict clients allowed to make remote calls to SAMWindowsMSCT Windows 10 v21H2 v1.0.0
Network access: Restrict clients allowed to make remote calls to SAMWindowsMSCT Windows 11 v24H2 v1.0.0
Network access: Restrict clients allowed to make remote calls to SAMWindowsMSCT Windows Server 2016 MS v1.0.0
Network access: Restrict clients allowed to make remote calls to SAMWindowsMSCT Windows 10 1809 v1.0.0
Network access: Restrict clients allowed to make remote calls to SAMWindowsMSCT Windows Server 2019 MS v1.0.0
Network access: Restrict clients allowed to make remote calls to SAMWindowsMSCT Windows 11 v1.0.0