CSCv6|16.14

Title

Verify that all authentication files are encrypted or hashed and that these files cannot be accessed without root or administrator privileges.

Description

Verify that all authentication files are encrypted or hashed and that these files cannot be accessed without root or administrator privileges. Audit all access to password files in the system.

Reference Item Details

Reference: CIS Critical Security Controls v6

Category: Account Monitoring and Control

Family: Application

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1 Ensure 'Logon Password' is set	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.0.0
1.1.1 Ensure 'Logon Password' is set	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.1.1 Ensure 'Logon Password' is set	Cisco	CIS Cisco Firewall ASA 9 L1 v4.0.0
1.1.1 Ensure 'Logon Password' is set	Cisco	CIS Cisco Firewall ASA 8 L1 v4.1.0
1.1.1 Ensure 'Logon Password' is set	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.1.1.1.3.3 Set 'Store passwords using reversible encryption' to 'Disabled'	Windows	CIS Windows 2003 MS v3.1.0
1.1.1.1.3.3 Set 'Store passwords using reversible encryption' to 'Disabled'	Windows	CIS Windows 2003 DC v3.1.0
1.1.1.2.1.80 Set 'Network access: Do not allow storage of credentials or .NET Passports for network authentication' to 'Enabled'	Windows	CIS Windows 2003 MS v3.1.0
1.1.1.2.1.80 Set 'Network access: Do not allow storage of credentials or .NET Passports for network authentication' to 'Enabled'	Windows	CIS Windows 2003 DC v3.1.0
1.1.1.7 Set 'Store passwords using reversible encryption' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.2 Ensure 'Enable Password' is set	Cisco	CIS Cisco Firewall ASA 8 L1 v4.1.0
1.1.2 Ensure 'Enable Password' is set	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.1.2 Ensure 'Enable Password' is set	Cisco	CIS Cisco Firewall ASA 9 L1 v4.0.0
1.1.2 Ensure 'Enable Password' is set	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.0.0
1.1.2 Ensure 'Enable Password' is set	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.1.2 Ensure that the --basic-auth-file argument is not set	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.2 Ensure that the --basic-auth-file argument is not set	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.2 Ensure that the --basic-auth-file argument is not set	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.2 Ensure that the --basic-auth-file argument is not set	Unix	CIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.3 Ensure that the --basic-auth-file argument is not set	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.3.10.11 Configure 'Network access: Do not allow storage of passwords and credentials for network authentication'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.11.1 Set 'Network security: Do not store LAN Manager hash value on next password change' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.11.15 Set 'Network Security: Configure encryption types allowed for Kerberos' to 'RC4\AES128\AES256\Future types'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.14.1 Configure 'System cryptography: Force strong key protection for user keys stored on the computer'	Windows	CIS Windows 8 L1 v1.0.0
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1607) v1.2.0 Level 1 Bitlocker
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 1
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL + NG
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Windows Server 2012 MS L1 v2.1.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Windows Server 2012 MS L1 v2.2.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + NG
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + NG
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.1.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.1.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + NG
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL + NG
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL + NG
1.1.19 Ensure that the --token-auth-file parameter is not set	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.20 Ensure that the --token-auth-file parameter is not set	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.20 Ensure that the --token-auth-file parameter is not set	Unix	CIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.20 Ensure that the --token-auth-file parameter is not set	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.21 Ensure that the --token-auth-file parameter is not set	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1

Detections

Analytics

CSCv6|16.14

Title

Description

Reference Item Details

Audit Items