800-53|IA-5(1)(c)

Title

PASSWORD-BASED AUTHENTICATION

Description

Stores and transmits only cryptographically-protected passwords;

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.7 Set 'Store passwords using reversible encryption' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.2 Ensure that the --basic-auth-file argument is not setUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.2 Ensure that the --basic-auth-file argument is not setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.2.3 Ensure 'Authentication with Exchange server.' is set to 'Enabled:Kerberos/NTLM Password Authentication'WindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.1.2.3 Ensure 'Authentication with Exchange server.' is set to 'Enabled:Kerberos/NTLM Password Authentication'WindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.1.3 Ensure that the --basic-auth-file argument is not setUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.19 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.20 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.21 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2 Password Security Policy - d) Check either of the following words exist in configuration fileZTE_ROSNGTenable ZTE ROSNG
1.2.1 Set 'privilege 1' for local users - 'All users have encrypted passwords'CiscoCIS Cisco IOS 17 L1 v1.0.0
1.2.1 Set 'privilege 1' for local users - 'All users have encrypted passwords'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.4 SNMP Security - a) SNMP Community SecurityZTE_ROSNGTenable ZTE ROSNG
1.4 Verify that 'MYSQL_PWD' Is Not SetUnixCIS MySQL 5.7 Enterprise Linux OS L1 v1.0.0
1.4 Verify That the MYSQL_PWD Environment Variables Is Not In UseWindowsCIS MySQL 5.7 Windows OS L1 v1.0.0
1.4 Verify That the MYSQL_PWD Environment Variables Is Not In UseUnixCIS MySQL 5.7 Linux OS L1 v1.0.0
1.4 Verify That the MYSQL_PWD Environment Variables Is Not In UseUnixCIS MySQL 5.6 Enterprise Linux OS L1 v1.1.0
1.4 Verify That the MYSQL_PWD Environment Variables Is Not In UseUnixCIS MySQL 5.6 Linux OS L1 v1.1.0
1.4.1 Set 'password' for 'enable secret'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.4.2 Enable 'service password-encryption'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.4.3 Set 'username secret' for all local usersCiscoCIS Cisco IOS 12 L1 v4.0.0
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' ProfilesWindowsCIS MySQL 5.7 Windows OS L1 v1.0.0
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .bash_profileUnixCIS MySQL 5.6 Enterprise Linux OS L1 v1.1.0
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .bash_profileUnixCIS MySQL 5.7 Linux OS L1 v1.0.0
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .bash_profileUnixCIS MySQL 5.6 Linux OS L1 v1.1.0
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .bashrcUnixCIS MySQL 5.6 Enterprise Linux OS L1 v1.1.0
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .bashrcUnixCIS MySQL 5.7 Linux OS L1 v1.0.0
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .bashrcUnixCIS MySQL 5.6 Linux OS L1 v1.1.0
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .profileUnixCIS MySQL 5.6 Enterprise Linux OS L1 v1.1.0
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .profileUnixCIS MySQL 5.7 Linux OS L1 v1.0.0
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .profileUnixCIS MySQL 5.6 Linux OS L1 v1.1.0
1.9 Set 'Configure login authentication for POP3' to 'SecureLogin'WindowsCIS Microsoft Exchange Server 2013 CAS v1.1.0
1.9 Set 'Configure login authentication for POP3' to 'SecureLogin'WindowsCIS Microsoft Exchange Server 2016 CAS v1.0.0
1.15 Set 'Configure login authentication for IMAP4' to 'SecureLogin'WindowsCIS Microsoft Exchange Server 2013 CAS v1.1.0
1.15 Set 'Configure login authentication for IMAP4' to 'SecureLogin'WindowsCIS Microsoft Exchange Server 2016 CAS v1.0.0
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 MS L2 v1.3.0
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 DC L2 v1.3.0
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L2 DC
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L2 MS
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
2.6 Ensure transport layer security for 'basic authentication' is configuredWindowsCIS IIS 7 L1 v1.8.0
2.6 Ensure transport layer security for 'basic authentication' is configuredWindowsCIS IIS 8.0 v1.5.0 Level 1
2.7 Ensure 'passwordFormat' is not set to clear - ApplicationsWindowsCIS IIS 10 v1.1.1 Level 1