800-53|AU-9(4)

Title

ACCESS BY SUBSET OF PRIVILEGED USERS

Description

The organization authorizes access to management of audit functionality to only [Assignment: organization-defined subset of privileged users].

Supplemental

Individuals with privileged access to an information system and who are also the subject of an audit by that system, may affect the reliability of audit information by inhibiting audit activities or modifying audit records. This control enhancement requires that privileged access be further defined between audit-related privileges and other privileges, thus limiting the users with audit-related privileges.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-5

Category: AUDIT AND ACCOUNTABILITY

Parent Title: PROTECTION OF AUDIT INFORMATION

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.8 Ensure that the --authorization-mode argument includes RBAC	Unix	CIS Kubernetes Benchmark v1.9.0 L1 Master
1.2.8 Ensure that the --authorization-mode argument includes RBAC	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.8 Ensure that the --authorization-mode argument includes RBAC	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.8 Ensure that the --authorization-mode argument includes RBAC	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.8 Verify that RBAC is enabled	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.19 Ensure that the healthz endpoint is protected by RBAC	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.3 Ensure that 'Restrict non-admin users from creating tenants' is set to 'Yes'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.3.1 Ensure that controller manager healthz endpoints are protected by RBAC	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.3.3 Ensure that the --use-service-account-credentials argument is set to true	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.3.3 Ensure that the --use-service-account-credentials argument is set to true	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.3.3 Ensure that the --use-service-account-credentials argument is set to true	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.3.3 Ensure that the --use-service-account-credentials argument is set to true	Unix	CIS Kubernetes Benchmark v1.9.0 L1 Master
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.4 Ensure 'application pool identity' is configured for all application pools	Windows	CIS IIS 10 v1.2.1 Level 1
1.4 Ensure Guest Users Are Reviewed on a Regular Basis	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.4.1 Ensure that the healthz endpoints for the scheduler are protected by RBAC	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.9.4 Ensure directory in context.xml is a secure location - configuration	Unix	CIS Apache Tomcat5.5/6.0 L1 v1.0
1.9.6 Ensure directory in logging.properties is a secure location (check log directory location)	Unix	CIS Apache Tomcat5.5/6.0 L1 v1.0
1.9.6 Ensure directory in logging.properties is a secure location (check prefix application name)	Unix	CIS Apache Tomcat5.5/6.0 L1 v1.0
1.14 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.15 Ensure IAM Users Receive Permissions Only Through Groups	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
1.15 Ensure that 'Guest invite restrictions' is set to 'Only users assigned to specific admin roles can invite guest users'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L2
1.16 Ensure That 'Restrict access to Microsoft Entra admin center' is Set to 'Yes'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.17 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L2
1.18 Ensure IAM instance roles are used for AWS resource access from instances	amazon_aws	CIS Amazon Web Services Foundations L2 3.0.0
1.18 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L2
1.19 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L2
1.20 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L2
1.22 Ensure That No Custom Subscription Administrator Roles Exist	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.23 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L2
2.001 - Permissions for event logs must conform to minimum requirements - application.evtx	Windows	DISA Windows Server 2008 R2 MS STIG v1r33
2.001 - Permissions for event logs must conform to minimum requirements - application.evtx	Windows	DISA Windows Server 2008 MS STIG v6r46
2.001 - Permissions for event logs must conform to minimum requirements - application.evtx	Windows	DISA Windows 7 STIG v1r32
2.001 - Permissions for event logs must conform to minimum requirements - application.evtx	Windows	DISA Windows Server 2008 DC STIG v6r47
2.001 - Permissions for event logs must conform to minimum requirements - application.evtx	Windows	DISA Windows Server 2008 R2 DC STIG v1r34
2.001 - Permissions for event logs must conform to minimum requirements - security.evtx	Windows	DISA Windows Server 2008 R2 MS STIG v1r33
2.001 - Permissions for event logs must conform to minimum requirements - security.evtx	Windows	DISA Windows Server 2008 MS STIG v6r46
2.001 - Permissions for event logs must conform to minimum requirements - security.evtx	Windows	DISA Windows Server 2008 DC STIG v6r47
2.001 - Permissions for event logs must conform to minimum requirements - security.evtx	Windows	DISA Windows Server 2008 R2 DC STIG v1r34
2.001 - Permissions for event logs must conform to minimum requirements - system.evtx	Windows	DISA Windows Server 2008 DC STIG v6r47
2.001 - Permissions for event logs must conform to minimum requirements - system.evtx	Windows	DISA Windows 7 STIG v1r32
2.001 - Permissions for event logs must conform to minimum requirements - system.evtx	Windows	DISA Windows Server 2008 R2 MS STIG v1r33
2.001 - Permissions for event logs must conform to minimum requirements - system.evtx	Windows	DISA Windows Server 2008 R2 DC STIG v1r34
2.001 - Permissions for event logs must conform to minimum requirements - system.evtx	Windows	DISA Windows Server 2008 MS STIG v6r46
2.001 - Permissions for event logs must conform to minimum requirements.	Windows	DISA Windows 7 STIG v1r32
2.1 Ensure that IP addresses are mapped to usernames	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L2
11.1 Ensure SELinux Is Enabled in Enforcing Mode - config	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0
11.1 Ensure SELinux Is Enabled in Enforcing Mode - config	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
11.1 Ensure SELinux Is Enabled in Enforcing Mode - current	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0
11.1 Ensure SELinux Is Enabled in Enforcing Mode - current	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware

Detections

Analytics