CSCv6|16.4

Title

Regularly monitor the use of all accounts, automatically logging off users after a standard period of inactivity.

Description

Regularly monitor the use of all accounts, automatically logging off users after a standard period of inactivity.

Reference Item Details

Category: Account Monitoring and Control

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2.2 Set 'Audit Policy: Account Management: Other Account Management Events' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.10 Set 'Audit Policy: Account Management: User Account Management' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.48 Set 'Audit Policy: Account Logon: Credential Validation' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.8.1 Set 'Microsoft network server: Disconnect clients when logon hours expire' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.8.2 Set 'Microsoft network server: Amount of idle time required before suspending session' to '15 or fewer minute(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.11.17 Configure 'Network security: Force logoff when logon hours expire'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.5.5 Set 'Do not allow passwords to be saved' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.6.4 Set 'Disallow WinRM from storing RunAs credentials' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.2.8 Set 'exec-timeout' less than or equal to 10 minutes 'line tty'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.2.9 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.2.10 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.2.11 Set 'transport input none' for 'line aux 0'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device managementPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutesCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutesCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutesCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutesCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutesCiscoCIS Cisco Firewall v8.x L1 v4.2.0
10.04 Grid Control TimeOut Value - 'Configure an appropriate value for Grid Control Timeout Value in the Oracle Application Server'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 1
10.04 Grid Control TimeOut Value - 'Configure an appropriate value for Grid Control Timeout Value in the Oracle Application Server'UnixCIS v1.1.0 Oracle 11g OS L1
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
17.1.2 Ensure 'Audit Kerberos Authentication Service' is set to 'Success and Failure' (DC Only)WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.1.2 Ensure 'Audit Kerberos Authentication Service' is set to 'Success and Failure' (DC Only)WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
17.1.2 Ensure 'Audit Kerberos Authentication Service' is set to 'Success and Failure' (DC Only)WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.1.2 Ensure 'Audit Kerberos Authentication Service' is set to 'Success and Failure' (DC Only)WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
17.1.2 Ensure 'Audit Kerberos Authentication Service' is set to 'Success and Failure' (DC Only)WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.2.3 (L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.2.3 (L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.2.3 Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0