CSCv6|16.4

Title

Regularly monitor the use of all accounts, automatically logging off users after a standard period of inactivity.

Description

Regularly monitor the use of all accounts, automatically logging off users after a standard period of inactivity.

Reference Item Details

Reference: CIS Critical Security Controls v6

Category: Account Monitoring and Control

Family: Application

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.2.2 Set 'Audit Policy: Account Management: Other Account Management Events' to 'Success and Failure'	Windows	CIS Windows 8 L1 v1.0.0
1.1.2.10 Set 'Audit Policy: Account Management: User Account Management' to 'Success and Failure'	Windows	CIS Windows 8 L1 v1.0.0
1.1.2.48 Set 'Audit Policy: Account Logon: Credential Validation' to 'Success and Failure'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.8.1 Set 'Microsoft network server: Disconnect clients when logon hours expire' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.8.2 Set 'Microsoft network server: Amount of idle time required before suspending session' to '15 or fewer minute(s)'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.11.17 Configure 'Network security: Force logoff when logon hours expire'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.5.5 Set 'Do not allow passwords to be saved' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.6.4 Set 'Disallow WinRM from storing RunAs credentials' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.4 Ensure 'Automatically Lock' is set to 'Immediately'	MDM	AirWatch - CIS Google Android v1.3.0 L1
1.4 Ensure 'Automatically Lock' is set to 'Immediately'	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device management	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device management	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device management	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.0.0
1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.0.0
1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.21 Ensure 'Screen timeout' is set to '1 minute or less'	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.21 Ensure 'Screen timeout' is set to '1 minute or less'	MDM	AirWatch - CIS Google Android v1.3.0 L1
2.1 Enable Secure Admin Access - 'autologout.telnet.enable = on'	NetApp	TNS NetApp Data ONTAP 7G
2.1 Enable Secure Admin Access - 'autologout.telnet.timeout <= 5'	NetApp	TNS NetApp Data ONTAP 7G
2.1 Enable Secure Admin Access - 'httpd.timeout <= 300'	NetApp	TNS NetApp Data ONTAP 7G
2.1 Enable Secure Admin Access - 'ssh.idle.timeout <= 60'	NetApp	TNS NetApp Data ONTAP 7G
10.04 Grid Control TimeOut Value - 'Configure an appropriate value for Grid Control Timeout Value in the Oracle Application Server'	Windows	CIS v1.1.0 Oracle 11g OS Windows Level 1
10.04 Grid Control TimeOut Value - 'Configure an appropriate value for Grid Control Timeout Value in the Oracle Application Server'	Unix	CIS v1.1.0 Oracle 11g OS L1
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
17.2.3 (L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.2.3 Ensure 'Audit User Account Management' is set to 'Success and Failure'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
17.2.3 Ensure 'Audit User Account Management' is set to 'Success and Failure'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.9.59.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.59.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.59.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.9.59.3.10.1 Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.59.3.10.1 Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'	Windows	CIS Windows 7 Workstation Level 2 v3.2.0
18.9.59.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'	Windows	CIS Windows 7 Workstation Level 2 v3.2.0
18.9.59.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.95.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.95.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.95.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.9.95.2 (L1) Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.95.2 Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.9.95.2 Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.97.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.97.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.97.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.9.100.2 Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
18.9.100.2 Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0

Detections

Analytics

CSCv6|16.4

Title

Description

Reference Item Details

Audit Items