CSCv6|5.1

Title

Minimize administrative privileges and only use administrative accounts when they are required.

Description

Minimize administrative privileges and only use administrative accounts when they are required. Implement focused auditing on the use of administrative privileged functions and monitor for anomalous behavior.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure a separate user and group exist for Cassandra - groupUnixCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - groupUnixCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - passwdUnixCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - passwdUnixCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - user exists in groupUnixCIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - user exists in groupUnixCIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1 Ensure access to SharePointEmailws.asmx is limited to only the server farm accountWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
1.1 Ensure access to SharePointEmailws.asmx is limited to only the server farm accountWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
1.1.2.1 Set 'Audit Policy: Privilege Use: Sensitive Privilege Use' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.1.3 Set 'Accounts: Administrator account status' to 'Disabled'.WindowsCIS Windows 8 L1 v1.0.0
1.1.3.1.4 Configure 'Accounts: Rename administrator account'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.4.5 Configure 'Devices: Prevent users from installing printer drivers'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.1 Set 'User Account Control: Admin Approval Mode for the Built-in Administrator account' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.2 Set 'User Account Control: Detect application installations and prompt for elevation' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.3 Set 'User Account Control: Behavior of the elevation prompt for standard users' to 'Automatically deny elevation requests'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.4 Set 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' to 'Prompt for consent'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.5 Set 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.7 Set 'User Account Control: Switch to the secure desktop when prompting for elevation' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.17.10 Set 'User Account Control: Run all administrators in Admin Approval Mode' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.4 Set 'Create a pagefile' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.5 Set 'Create permanent shared objects' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.6 Set 'Increase scheduling priority' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.8 Set 'Force shutdown from a remote system' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.9 Set 'Change the time zone' to 'LOCAL SERVICE, Administrators, Users'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.10 Set 'Create global objects' to 'Administrators, SERVICE, LOCAL SERVICE, NETWORK SERVICE'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.11 Set 'Enable computer and user accounts to be trusted for delegation' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.12 Set 'Profile single process' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.13 Set 'Shut down the system' to 'Administrators, Users'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.14 Set 'Take ownership of files or other objects' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.15 Set 'Create symbolic links' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.16 Set 'Act as part of the operating system' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.17 Set 'Modify firmware environment values' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.18 Set 'Back up files and directories' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.19 Debug programs = AdministratorsWindowsCIS Windows 8 L1 v1.0.0
1.1.4.20 Set 'Access Credential Manager as a trusted caller' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.22 Set 'Profile system performance' to 'NT SERVICE\WdiServiceHost,Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.23 Set 'Restore files and directories' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.24 Set 'Perform volume maintenance tasks' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.25 Set 'Impersonate a client after authentication' to 'Administrators, SERVICE, Local Service, Network Service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.26 Configure 'Log on as a batch job'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.27 Set 'Adjust memory quotas for a process' to 'Administrators, Local Service, Network Service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.28 Set 'Manage auditing and security log' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.32 Set 'Change the system time' to 'LOCAL SERVICE, Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.34 Configure 'Log on as a service'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.38 Set 'Load and unload device drivers' to 'Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.41 Set 'Create a token object' to 'No One'WindowsCIS Windows 8 L1 v1.0.0
1.1.12 Ensure that the admission control policy is set to SecurityContextDenyUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.13 Ensure that the admission control plugin SecurityContextDeny is setUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.13 Ensure that the admission control plugin SecurityContextDeny is setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.14 Ensure that the admission control policy is set to SecurityContextDenyUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1