800-53|AC-6(8)

Title

PRIVILEGE LEVELS FOR CODE EXECUTION

Description

The information system prevents [Assignment: organization-defined software] from executing at higher privilege levels than users executing the software.

Supplemental

In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by organizations.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Parent Title: LEAST PRIVILEGE

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3.17.5 Set 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.17.8 Set 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1
2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1
2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 MS L1 v2.0.0
2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 DC L1 v2.0.0
2.16.1 - General permissions management - 'no SUID or SGID files exist'	Unix	CIS AIX 5.3/6.1 L2 v1.1.0
12.10 Find SUID System Executables	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.10 Find SUID System Executables	Unix	CIS Debian Linux 7 L1 v1.0.0
12.11 Find SGID System Executables	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.11 Find SGID System Executables	Unix	CIS Debian Linux 7 L1 v1.0.0
18.6.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.6.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.6.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.6.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.7.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + NG
18.7.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL + NG
18.7.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL + NG
18.7.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL
18.7.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + NG
18.7.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1
18.7.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1
18.7.2 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL
18.7.5 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Windows Server 2012 DC L1 v3.0.0
18.7.5 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
18.7.5 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
18.7.5 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + NG
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows Server 2019 MS Standalone L1 v1.0.0
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows Server 2016 DC L1 v2.0.0
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 MS
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows Server 2019 DC L1 v2.0.0
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows Server 2016 MS L1 v2.0.0
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows Server 2019 MS L1 v2.0.0
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 DC
18.7.10 Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' - Enabled: Show warning and elevation prompt	Windows	CIS Microsoft Windows Server 2019 Standalone DC L1 vCIS Microsoft Windows Server 2019 Standalone DC L1 v1.0.0

Detections

Analytics