CSCv6|16.1

Title

Review all system accounts and disable any account that cannot be associated with a business process and owner.

Description

Review all system accounts and disable any account that cannot be associated with a business process and owner.

Reference Item Details

Reference: CIS Critical Security Controls v6

Category: Account Monitoring and Control

Family: Application

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.2.25 Set 'Audit Policy: Logon-Logoff: Logoff' to 'Success'	Windows	CIS Windows 8 L1 v1.0.0
1.1.2.36 Set 'Audit Policy: Logon-Logoff: Other Logon/Logoff Events' to 'No Auditing'	Windows	CIS Windows 8 L1 v1.0.0
1.1.2.50 Set 'Audit Policy: Logon-Logoff: Logon' to 'Success and Failure'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.1.2 Configure 'Accounts: Rename guest account'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.1.5 Set 'Accounts: Guest account status' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.15 Set 'Require additional authentication at startup' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
10.5 Lock Inactive User Accounts	Unix	CIS Debian Linux 7 L1 v1.0.0
10.5 Lock Inactive User Accounts	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.5.2 Ensure 'Audit Logoff' is set to 'Success'	Windows	CIS Windows Server 2012 MS L1 v2.1.0
17.5.2 Ensure 'Audit Logoff' is set to 'Success'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0
17.5.2 Ensure 'Audit Logoff' is set to 'Success'	Windows	CIS Windows 7 Workstation Level 1 v3.1.0
17.5.2 Ensure 'Audit Logoff' is set to 'Success'	Windows	CIS Microsoft Windows 8.1 L1 v2.3.0
17.5.2 Ensure 'Audit Logoff' is set to 'Success'	Windows	CIS Microsoft Windows 8.1 L1 Bitlocker v2.3.0
17.5.2 Ensure 'Audit Logoff' is set to 'Success'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.1.0
17.5.2 Ensure 'Audit Logoff' is set to 'Success'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.1.0
17.5.2 Ensure 'Audit Logoff' is set to 'Success'	Windows	CIS Windows Server 2012 DC L1 v2.1.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.5.3 (L1) Ensure 'Audit Logoff' is set to 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1607) v1.2.0 Level 1 Bitlocker
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 1
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + BL
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + BL + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL + NG

Detections

Analytics

CSCv6|16.1

Title

Description

Reference Item Details

Audit Items