CSCv6|16.9

Title

Configure access for all accounts through a centralized point of authentication, for example Active Directory or LDAP.

Description

Configure access for all accounts through a centralized point of authentication, for example Active Directory or LDAP. Configure network and security devices for centralized authentication as well.

Reference Item Details

Category: Account Monitoring and Control

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.11.12 Set 'Network Security: Allow PKU2U authentication requeststo this computer to use online identities' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.4 Set 'login authentication for 'line tty'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.1.5 Set 'login authentication for 'line vty'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.1.8 Set 'aaa accounting connection'CiscoCIS Cisco IOS 16 L2 v1.1.2
1.2.3.2.4 Set 'Do not enumerate connected users on domain-joined computers' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.2.6 Set 'Enumerate local users on domain-joined computers' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Auth ProviderWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Authentication ProviderWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed - DllNameWindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed - DllNameWindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed - DllNameWindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed - DllNameWindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only)WindowsCIS Windows Server 2012 MS L1 v2.2.0
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only)WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only)WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only)WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only)WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
18.2.3 (L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.2.3 (L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only)WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only)WindowsCIS Windows Server 2012 MS L1 v2.2.0
18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only)WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only)WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only)WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
18.8.28.2 (L1) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.28.2 (L1) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.8.28.2 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
18.8.28.2 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'WindowsCIS Windows Server 2012 MS L1 v2.2.0
18.8.28.2 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
18.8.28.2 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'WindowsCIS Windows Server 2012 DC L1 v2.2.0
18.8.28.3 (L1) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.28.3 (L1) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.8.28.3 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.8.28.3 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
18.8.28.3 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
18.8.28.3 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.8.28.3 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.8.28.3 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.8.28.3 Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled' (MS only)WindowsCIS Windows Server 2012 MS L1 v2.2.0
18.8.28.3 Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled' (MS only)WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0