800-53|IA-2(2)

Title

NETWORK ACCESS TO NON-PRIVILEGED ACCOUNTS

Description

The information system implements multifactor authentication for network access to non-privileged accounts.

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure that multi-factor authentication is enabled for all privileged usersmicrosoft_azureCIS Microsoft Azure Foundations v1.3.1 L1
1.1.2 Ensure multifactor authentication is enabled for all users in all rolesmicrosoft_azureCIS Microsoft 365 Foundations E3 L2 v1.4.0
1.1.3.10.2 Set 'Network access: Allow anonymous SID/Name translation' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.6 Enable Conditional Access policies to block legacy authenticationmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
1.1.8 Enable Azure AD Identity Protection sign-in risk policiesmicrosoft_azureCIS Microsoft 365 Foundations E5 L2 v1.4.0
1.2 Ensure modern authentication for Exchange Online is enabledmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
1.2 Ensure that multi-factor authentication is enabled for all non-privileged users - List Usersmicrosoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.2 Ensure that multi-factor authentication is enabled for all non-privileged users - Role Assignmentsmicrosoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.2 Ensure that multi-factor authentication is enabled for all non-privileged users - Role Definitionsmicrosoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.2.1 Set 'privilege 1' for local users - 'No users with privileges 2-15'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.2.1 Set 'privilege 1' for local users - 'No users with privileges 2-15'CiscoCIS Cisco IOS 17 L1 v1.0.0
1.2.2 Set 'transport input ssh' for 'line vty' connectionsCiscoCIS Cisco IOS 17 L1 v1.0.0
1.3 Ensure modern authentication for Skype for Business Online is enabledmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
1.4 Ensure modern authentication for SharePoint applications is requiredmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.5 Ensure MFA is enabled for the 'root' user accountamazon_awsCIS Amazon Web Services Foundations L1 1.4.0
1.5 Ensure that 'Number of methods required to reset' is set to '2'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L1
1.5.9 Set 'priv' for each 'snmp-server group' using SNMPv3CiscoCIS Cisco IOS 17 L2 v1.0.0
1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3CiscoCIS Cisco IOS 17 L2 v1.0.0
1.6 Ensure hardware MFA is enabled for the 'root' user accountamazon_awsCIS Amazon Web Services Foundations L2 1.4.0
1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console passwordamazon_awsCIS Amazon Web Services Foundations L1 1.4.0
1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L1
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 BL
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL + NG
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 BL
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL + NG
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL + NG
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL + NG
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 BL
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 BL
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL
18.9.11.3.12 Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 BL
18.9.11.3.12 Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL + NG
18.9.11.3.12 Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.9.11.3.12 Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.9.11.3.12 Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.11.3.12 Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.11.3.12 Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL
18.9.11.3.12 Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 BL