800-53|IA-5c.

Title

AUTHENTICATOR MANAGEMENT

Description

Ensuring that authenticators have sufficient strength of mechanism for their intended use;

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2 Ensure All Default Passwords Are Changed	OracleDB	CIS Oracle Server 11g R2 DB v2.2.0
1.2.4.2.2.16 Set 'Allow BitLocker without a compatible TPM' to 'False'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.18 Set 'Configure TPM startup PIN:' to 'Require startup PIN with TPM'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.20 Set 'Configure TPM startup key:' to 'Do not allow startup key with TPM'	Windows	CIS Windows 8 L1 v1.0.0
18.9.11.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.9.11.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.11 Ensure 'Require additional authentication at startup' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.11 Ensure 'Require additional authentication at startup' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.11 Ensure 'Require additional authentication at startup' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.14 Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.14 Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.14 Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.15 Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.2.15 Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.15 Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.16 Ensure 'Require additional authentication at startup: Configure TPM startup key and PIN:' is set to 'Enabled: Do not allow startup key and PIN with TPM'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.2.16 Ensure 'Require additional authentication at startup: Configure TPM startup key and PIN:' is set to 'Enabled: Do not allow startup key and PIN with TPM'	Windows	CIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.2.16 Ensure 'Require additional authentication at startup: Configure TPM startup key and PIN:' is set to 'Enabled: Do not allow startup key and PIN with TPM'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 L1 DC
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.10.13.1 (L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 L1 MS
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC
18.10.13.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'	Windows	CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS

Detections

Analytics

800-53|IA-5c.

Title

Description

Reference Item Details

Audit Items