CSCv6|16.9

Title

Configure access for all accounts through a centralized point of authentication, for example Active Directory or LDAP.

Description

Configure access for all accounts through a centralized point of authentication, for example Active Directory or LDAP. Configure network and security devices for centralized authentication as well.

Reference Item Details

Category: Account Monitoring and Control

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.11.12 Set 'Network Security: Allow PKU2U authentication requeststo this computer to use online identities' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.4 Set 'login authentication for 'line tty'CiscoCIS Cisco IOS 16 L1 v2.0.0
1.2.3.2.4 Set 'Do not enumerate connected users on domain-joined computers' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.2.6 Set 'Enumerate local users on domain-joined computers' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Auth ProviderWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Authentication ProviderWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode'MS_SQLDBCIS SQL Server 2008 R2 DB Engine L1 v1.7.0
3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode'MS_SQLDBCIS SQL Server 2012 Database L1 DB v1.6.0
3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode'MS_SQLDBCIS SQL Server 2012 Database L1 AWS RDS v1.6.0
3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode' - Windows Authentication modeMS_SQLDBCIS SQL Server 2014 Database L1 AWS RDS v1.5.0
3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode' - Windows Authentication modeMS_SQLDBCIS SQL Server 2014 Database L1 DB v1.5.0
4.2 Ensure claims-based authentication is used for all web applications and zones of a SharePoint 2016 farmWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
4.2 Ensure claims-based authentication is used for all web applications and zones of a SharePoint 2019 farmWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
4.3 Ensure Windows Authentication uses Kerberos and not the NT Lan Manager (NTLM) authentication protocolWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
4.3 Ensure Windows Authentication uses Kerberos and not the NT Lan Manager (NTLM) authentication protocolWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
6.2.2 Ensure no legacy '+' entries exist in /etc/passwdUnixCIS Amazon Linux v2.1.0 L1
6.2.2 Ensure no legacy '+' entries exist in /etc/passwd - + entries exist in /etc/passwdUnixCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
6.2.2 Ensure no legacy '+' entries exist in /etc/passwd - + entries exist in /etc/passwdUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
6.2.2 Ensure no legacy '+' entries exist in /etc/passwd - + entries exist in /etc/passwdUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
6.2.2 Ensure no legacy "+" entries exist in /etc/passwdUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
6.2.2 Ensure no legacy "+" entries exist in /etc/passwdUnixCIS Distribution Independent Linux Server L1 v2.0.0
6.2.3 Ensure no legacy '+' entries exist in /etc/passwd - + entries exist in /etc/passwdUnixCIS Red Hat 6 Workstation L1 v3.0.0
6.2.3 Ensure no legacy '+' entries exist in /etc/passwd - + entries exist in /etc/passwdUnixCIS CentOS 6 Workstation L1 v3.0.0
6.2.3 Ensure no legacy '+' entries exist in /etc/passwd - + entries exist in /etc/passwdUnixCIS CentOS 6 Server L1 v3.0.0
6.2.3 Ensure no legacy '+' entries exist in /etc/passwd - + entries exist in /etc/passwdUnixCIS Oracle Linux 6 Server L1 v2.0.0
6.2.3 Ensure no legacy '+' entries exist in /etc/passwd - + entries exist in /etc/passwdUnixCIS Red Hat 6 Server L1 v3.0.0
6.2.3 Ensure no legacy '+' entries exist in /etc/passwd - + entries exist in /etc/passwdUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
6.2.3 Ensure no legacy '+' entries exist in /etc/shadowUnixCIS Amazon Linux v2.1.0 L1
6.2.3 Ensure no legacy '+' entries exist in /etc/shadowUnixCIS Debian 8 Workstation L1 v2.0.2
6.2.3 Ensure no legacy '+' entries exist in /etc/shadowUnixCIS Debian 8 Server L1 v2.0.2
6.2.3 Ensure no legacy "+" entries exist in /etc/shadowUnixCIS Distribution Independent Linux Server L1 v2.0.0
6.2.3 Ensure no legacy "+" entries exist in /etc/shadowUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
6.2.4 Ensure no legacy '+' entries exist in /etc/groupUnixCIS Amazon Linux v2.1.0 L1
6.2.4 Ensure no legacy '+' entries exist in /etc/groupUnixCIS Debian 8 Server L1 v2.0.2
6.2.4 Ensure no legacy "+" entries exist in /etc/groupUnixCIS Distribution Independent Linux Server L1 v2.0.0
6.2.4 Ensure no legacy "+" entries exist in /etc/groupUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
6.2.20 Ensure shadow group is emptyUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
6.2.20 Ensure shadow group is emptyUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.2.3 (L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.8.28.2 (L1) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.8.28.3 (L1) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.6.1 (L1) Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker