800-53|IA-5c.

Title

AUTHENTICATOR MANAGEMENT

Description

Ensuring that authenticators have sufficient strength of mechanism for their intended use;

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 11g R2 DB v2.2.0
1.2.4.2.2.16 Set 'Allow BitLocker without a compatible TPM' to 'False'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.18 Set 'Configure TPM startup PIN:' to 'Require startup PIN with TPM'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.20 Set 'Configure TPM startup key:' to 'Do not allow startup key with TPM'WindowsCIS Windows 8 L1 v1.0.0
18.9.11.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.11.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.11 Ensure 'Require additional authentication at startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.11 Ensure 'Require additional authentication at startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.11 Ensure 'Require additional authentication at startup' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.14 Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.14 Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.14 Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.15 Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.15 Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.15 Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.16 Ensure 'Require additional authentication at startup: Configure TPM startup key and PIN:' is set to 'Enabled: Do not allow startup key and PIN with TPM'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.16 Ensure 'Require additional authentication at startup: Configure TPM startup key and PIN:' is set to 'Enabled: Do not allow startup key and PIN with TPM'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'WindowsCIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always' - Enabled: AlwaysWindowsCIS Microsoft Windows Server 2016 MS L1 v2.0.0
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always' - Enabled: AlwaysWindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always' - Enabled: AlwaysWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always' - Enabled: AlwaysWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + NG
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always' - Enabled: AlwaysWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always' - Enabled: AlwaysWindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always' - Enabled: AlwaysWindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 MS
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always' - Enabled: AlwaysWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always' - Enabled: AlwaysWindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 DC
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always' - Enabled: AlwaysWindowsCIS Microsoft Windows Server 2019 DC L1 v2.0.0
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always' - Enabled: AlwaysWindowsCIS Microsoft Windows Server 2016 DC L1 v2.0.0
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always' - Enabled: AlwaysWindowsCIS Microsoft Windows Server 2019 MS L1 v2.0.0
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL + NG
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL + NG
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + NG
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + NG