Detections
Analytics

800-53|AC-6(7)

Title

REVIEW OF USER PRIVILEGES

Description

The organization:

Supplemental

The need for certain assigned user privileges may change over time reflecting changes in organizational missions/business function, environments of operation, technologies, or threat. Periodic review of assigned user privileges is necessary to determine if the rationale for assigning such privileges remains valid. If the need cannot be revalidated, organizations take appropriate corrective actions.

Reference Item Details

Related: CA-7

Category: ACCESS CONTROL

Parent Title: LEAST PRIVILEGE

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.10.7 Set 'Network access: Remotely accessible registry paths and sub-paths' to the following listWindowsCIS Windows 8 L1 v1.0.0
1.1.3.10.10 Set 'Network access: Remotely accessible registry paths' to the following listWindowsCIS Windows 8 L1 v1.0.0
1.1.4.1 Configure 'Allow log on through Remote Desktop Services'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.2 Set 'Deny log on through Remote Desktop Services' to 'Guests'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.3 Set 'Deny access to this computer from the network' to 'Guests'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.4 Set 'Create a pagefile' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.5 Set 'Create permanent shared objects' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.6 Set 'Increase scheduling priority' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.7 Set 'Access this computer from the network' to 'Users, Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.8 Set 'Force shutdown from a remote system' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.9 Set 'Change the time zone' to 'LOCAL SERVICE, Administrators, Users'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.10 Set 'Create global objects' to 'Administrators, SERVICE, LOCAL SERVICE, NETWORK SERVICE'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.11 Set 'Enable computer and user accounts to be trusted for delegation' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.12 Set 'Profile single process' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.13 Set 'Shut down the system' to 'Administrators, Users'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.14 Set 'Take ownership of files or other objects' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.15 Set 'Create symbolic links' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.16 Set 'Act as part of the operating system' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.17 Set 'Modify firmware environment values' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.18 Set 'Back up files and directories' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.19 Debug programs = AdministratorsWindowsCIS Windows 8 L1 v1.0.0
1.1.4.20 Set 'Access Credential Manager as a trusted caller' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.21 Set 'Deny log on locally' to 'Guests'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.22 Set 'Profile system performance' to 'NT SERVICE\WdiServiceHost,Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.23 Set 'Restore files and directories' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.24 Set 'Perform volume maintenance tasks' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.25 Set 'Impersonate a client after authentication' to 'Administrators, SERVICE, Local Service, Network Service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.26 Configure 'Log on as a batch job'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.27 Set 'Adjust memory quotas for a process' to 'Administrators, Local Service, Network Service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.28 Set 'Manage auditing and security log' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.29 Set 'Deny log on as a batch job' to 'Guests'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.30 Set 'Bypass traverse checking' to 'Users, NETWORK SERVICE, LOCAL SERVICE, Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.31 Set 'Increase a process working set' to 'Administrators, Local Service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.32 Set 'Change the system time' to 'LOCAL SERVICE, Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.33 Configure 'Deny log on as a service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.34 Configure 'Log on as a service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.35 Set 'Generate security audits' to 'Local Service, Network Service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.36 Set 'Allow log on locally' to 'Administrators, Users'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.37 Set 'Lock pages in memory' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.38 Set 'Load and unload device drivers' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.39 Configure 'Remove computer from docking station'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.40 Set 'Replace a process level token' to 'Local Service, Network Service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.41 Set 'Create a token object' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.42 Set 'Modify an object label' to 'No one'WindowsCIS Windows 8 L1 v1.0.0
1.04 Windows Oracle Account - 'Deny Log on Locally Right'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 1
1.10 Windows Oracle Registry Key Permissions - 'Verify and set permissions'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 1
1.15 Ensure IAM Users Receive Permissions Only Through Groupsamazon_awsCIS Amazon Web Services Foundations L1 2.0.0
1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'microsoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
1.16 Ensure that 'Guest invite restrictions' is set to 'Only users assigned to specific admin roles can invite guest users'microsoft_azureCIS Microsoft Azure Foundations v2.0.0 L2
1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v2.0.0 L1