CSCv6|16.14

Title

Verify that all authentication files are encrypted or hashed and that these files cannot be accessed without root or administrator privileges.

Description

Verify that all authentication files are encrypted or hashed and that these files cannot be accessed without root or administrator privileges. Audit all access to password files in the system.

Reference Item Details

Category: Account Monitoring and Control

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 Ensure 'Logon Password' is setCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.1.1 Ensure 'Logon Password' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.1.1 Ensure 'Logon Password' is setCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.1.1.7 Set 'Store passwords using reversible encryption' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.2 Ensure 'Enable Password' is setCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.1.2 Ensure 'Enable Password' is setCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.1.2 Ensure 'Enable Password' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.1.2 Ensure that the --basic-auth-file argument is not setUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.2 Ensure that the --basic-auth-file argument is not setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.2 Ensure that the --basic-auth-file argument is not setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.3 Ensure that the --basic-auth-file argument is not setUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.3.10.11 Configure 'Network access: Do not allow storage of passwords and credentials for network authentication'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.11.1 Set 'Network security: Do not store LAN Manager hash value on next password change' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.11.15 Set 'Network Security: Configure encryption types allowed for Kerberos' to 'RC4\AES128\AES256\Future types'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.14.1 Configure 'System cryptography: Force strong key protection for user keys stored on the computer'WindowsCIS Windows 8 L1 v1.0.0
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 MS L1 v2.2.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 DC L1 v2.2.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
1.1.19 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.20 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.20 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.21 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.2 Ensure that the --basic-auth-file argument is not setUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.3 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.2.4.5.4 Set 'Always prompt for password upon connection' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
18.3.6 (L1) Ensure 'WDigest Authentication' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.3.6 (L1) Ensure 'WDigest Authentication' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.3.6 Ensure 'WDigest Authentication' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.3.6 Ensure 'WDigest Authentication' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.3.6 Ensure 'WDigest Authentication' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
18.3.6 Ensure 'WDigest Authentication' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
18.3.7 Ensure 'WDigest Authentication' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.3.7 Ensure 'WDigest Authentication' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
18.3.7 Ensure 'WDigest Authentication' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.3.7 Ensure 'WDigest Authentication' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0