800-53|AC-6(7)(b)

Title

REVIEW OF USER PRIVILEGES

Description

Reassigns or removes privileges, if necessary, to correctly reflect organizational mission/business needs.

Reference Item Details

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.10.7 Set 'Network access: Remotely accessible registry paths and sub-paths' to the following listWindowsCIS Windows 8 L1 v1.0.0
1.1.3.10.10 Set 'Network access: Remotely accessible registry paths' to the following listWindowsCIS Windows 8 L1 v1.0.0
1.1.4.1 Configure 'Allow log on through Remote Desktop Services'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.2 Set 'Deny log on through Remote Desktop Services' to 'Guests'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.3 Set 'Deny access to this computer from the network' to 'Guests'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.4 Set 'Create a pagefile' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.5 Set 'Create permanent shared objects' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.6 Set 'Increase scheduling priority' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.7 Set 'Access this computer from the network' to 'Users, Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.8 Set 'Force shutdown from a remote system' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.9 Set 'Change the time zone' to 'LOCAL SERVICE, Administrators, Users'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.10 Set 'Create global objects' to 'Administrators, SERVICE, LOCAL SERVICE, NETWORK SERVICE'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.11 Set 'Enable computer and user accounts to be trusted for delegation' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.12 Set 'Profile single process' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.13 Set 'Shut down the system' to 'Administrators, Users'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.14 Set 'Take ownership of files or other objects' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.15 Set 'Create symbolic links' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.16 Set 'Act as part of the operating system' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.17 Set 'Modify firmware environment values' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.18 Set 'Back up files and directories' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.19 Debug programs = AdministratorsWindowsCIS Windows 8 L1 v1.0.0
1.1.4.20 Set 'Access Credential Manager as a trusted caller' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.21 Set 'Deny log on locally' to 'Guests'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.22 Set 'Profile system performance' to 'NT SERVICE\WdiServiceHost,Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.23 Set 'Restore files and directories' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.24 Set 'Perform volume maintenance tasks' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.25 Set 'Impersonate a client after authentication' to 'Administrators, SERVICE, Local Service, Network Service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.26 Configure 'Log on as a batch job'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.27 Set 'Adjust memory quotas for a process' to 'Administrators, Local Service, Network Service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.28 Set 'Manage auditing and security log' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.29 Set 'Deny log on as a batch job' to 'Guests'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.30 Set 'Bypass traverse checking' to 'Users, NETWORK SERVICE, LOCAL SERVICE, Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.31 Set 'Increase a process working set' to 'Administrators, Local Service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.32 Set 'Change the system time' to 'LOCAL SERVICE, Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.33 Configure 'Deny log on as a service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.34 Configure 'Log on as a service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.35 Set 'Generate security audits' to 'Local Service, Network Service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.36 Set 'Allow log on locally' to 'Administrators, Users'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.37 Set 'Lock pages in memory' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.38 Set 'Load and unload device drivers' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.39 Configure 'Remove computer from docking station'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.40 Set 'Replace a process level token' to 'Local Service, Network Service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.41 Set 'Create a token object' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.42 Set 'Modify an object label' to 'No one'WindowsCIS Windows 8 L1 v1.0.0
1.2 Set permissions on local-settings.jsWindowsCIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
1.04 Windows Oracle Account - 'Deny Log on Locally Right'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 1
1.5 Disable Interactive LoginWindowsCIS MySQL 5.6 Windows OS L2 v1.1.0
1.5 Disable Interactive LoginWindowsCIS MySQL 5.7 Enterprise Windows OS L2 v1.0.0
1.5 Disable Interactive LoginWindowsCIS MySQL 5.6 Enterprise Windows OS L2 v1.1.0
1.10 Windows Oracle Registry Key Permissions - 'Verify and set permissions'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 1