Detections
Analytics

800-53|IA-5(6)

Title

PROTECTION OF AUTHENTICATORS

Description

The organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access.

Supplemental

For information systems containing multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems.

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: AUTHENTICATOR MANAGEMENT

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.11.1 Set 'Network security: Do not store LAN Manager hash value on next password change' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.11.11 Set 'Network security: LAN Manager authentication level' to 'Send NTLMv2 response only. Refuse LM & NTLM'WindowsCIS Windows 8 L1 v1.0.0
1.132 WN16-CC-000430WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.132 WN16-CC-000430WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.133 WN19-CC-000400WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.133 WN19-CC-000400WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.133 WN22-CC-000400WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.133 WN22-CC-000400WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.162 WN10-CC-000300WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.216 WN10-SO-000195WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT I
1.217 WN10-SO-000205WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT I
1.235 WN16-SO-000360WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT I
1.235 WN16-SO-000360WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT I
1.236 WN16-SO-000380WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT I
1.236 WN16-SO-000380WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT I
1.237 WN19-SO-000300WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT I
1.237 WN19-SO-000300WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT I
1.237 WN22-SO-000300WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT I
1.237 WN22-SO-000300WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT I
1.238 WN19-SO-000310WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT I
1.238 WN19-SO-000310WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT I
1.238 WN22-SO-000310WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT I
1.238 WN22-SO-000310WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT I
2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.11.7 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.11.7 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
2.11.2 - Permissions and Ownership - '/etc/group root:security 644'UnixCIS AIX 5.3/6.1 L1 v1.1.0
2.11.3 - Permissions and Ownership - '/etc/passwd root:security 644'UnixCIS AIX 5.3/6.1 L1 v1.1.0
3.2 Disable NTLM v1WindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
3.2 Disable NTLM v1UnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
3.3 Disable NTLM v1WindowsCIS Mozilla Firefox 38 ESR Windows L1 v1.0.0
3.3 Disable NTLM v1UnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
6.1.2 Ensure permissions on /etc/passwd are configuredUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
6.1.2 Ensure permissions on /etc/passwd are configuredUnixCIS Amazon Linux v2.1.0 L1
6.1.2 Ensure permissions on /etc/passwd are configuredUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
6.1.3 Ensure permissions on /etc/shadow are configuredUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
6.1.3 Ensure permissions on /etc/shadow are configuredUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
12.1 Verify Permissions on /etc/passwdUnixCIS Debian Linux 7 L1 v1.0.0
12.1 Verify Permissions on /etc/passwdUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.2 Verify Permissions on /etc/shadowUnixCIS Debian Linux 7 L1 v1.0.0
12.2 Verify Permissions on /etc/shadowUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.3 Verify Permissions on /etc/groupUnixCIS Debian Linux 7 L1 v1.0.0
12.3 Verify Permissions on /etc/groupUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.4 Verify User/Group Ownership on /etc/passwdUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
12.4 Verify User/Group Ownership on /etc/passwdUnixCIS Debian Linux 7 L1 v1.0.0
12.5 Verify User/Group Ownership on /etc/shadowUnixCIS Debian Linux 7 L1 v1.0.0
12.6 Verify User/Group Ownership on /etc/groupUnixCIS Debian Linux 7 L1 v1.0.0
12.6 Verify User/Group Ownership on /etc/groupUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
18.10.55.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1