Detections
Analytics

CSCv6|16.9

Title

Configure access for all accounts through a centralized point of authentication, for example Active Directory or LDAP.

Description

Configure access for all accounts through a centralized point of authentication, for example Active Directory or LDAP. Configure network and security devices for centralized authentication as well.

Reference Item Details

Category: Account Monitoring and Control

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 Enable 'aaa new-model'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.1.1 Enable 'aaa new-model'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.1.1 Enable 'aaa new-model'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.1.1 Enable 'aaa new-model'CiscoCIS Cisco IOS 16 L1 v1.1.1
1.1.2 Enable 'aaa authentication login'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.1.2 Enable 'aaa authentication login'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.1.2 Enable 'aaa authentication login'CiscoCIS Cisco IOS 16 L1 v1.1.1
1.1.2 Enable 'aaa authentication login'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.1.3 Enable 'aaa authentication enable default'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.1.3 Enable 'aaa authentication enable default'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.1.3 Enable 'aaa authentication enable default'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.1.3 Enable 'aaa authentication enable default'CiscoCIS Cisco IOS 16 L1 v1.1.1
1.1.3.11.12 Set 'Network Security: Allow PKU2U authentication requeststo this computer to use online identities' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.4 Set 'login authentication for 'line con 0'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.1.4 Set 'login authentication for 'line con 0'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.1.4 Set 'login authentication for 'line con 0'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.1.4 Set 'login authentication for 'line con 0'CiscoCIS Cisco IOS 16 L1 v1.1.1
1.1.4 Set 'login authentication for 'line tty'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.1.4 Set 'login authentication for 'line tty'CiscoCIS Cisco IOS 16 L1 v2.0.0
1.1.5 Set 'login authentication for 'line tty'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.1.5 Set 'login authentication for 'line tty'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.1.5 Set 'login authentication for 'line tty'CiscoCIS Cisco IOS 16 L1 v1.1.1
1.1.5 Set 'login authentication for 'line tty'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.1.5 Set 'login authentication for 'line vty'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.1.6 Set 'login authentication for 'line vty'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.1.6 Set 'login authentication for 'line vty'CiscoCIS Cisco IOS 16 L1 v1.1.1
1.1.6 Set 'login authentication for 'line vty'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.1.6 Set 'login authentication for 'line vty'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.1.8 Set 'aaa accounting connection'CiscoCIS Cisco IOS 15 L2 v4.1.0
1.1.8 Set 'aaa accounting connection'CiscoCIS Cisco IOS 16 L2 v1.1.2
1.1.8 Set 'aaa accounting connection'CiscoCIS Cisco IOS 15 L2 v4.0.1
1.1.9 Set 'aaa accounting connection'CiscoCIS Cisco IOS 16 L2 v1.1.0
1.1.9 Set 'aaa accounting connection'CiscoCIS Cisco IOS 16 L2 v1.1.1
1.2.3.2.4 Set 'Do not enumerate connected users on domain-joined computers' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.2.6 Set 'Enumerate local users on domain-joined computers' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Auth ProviderWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Auth ProviderWindowsCIS Microsoft SharePoint 2016 OS v1.0.0
1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Authentication ProviderWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
1.12 Ensure credentials unused for 90 days or greater are disabledamazon_awsCIS Amazon Web Services Foundations L1 1.3.0
18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 1
18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Microsoft Windows 10 Enterprise (Release 1607) v1.2.0 Level 1 Bitlocker
18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installed - Admpwd.Dll existsWindowsCIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 1
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Microsoft Windows 8.1 L1 Bitlocker v2.3.0
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installedWindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.1.0