Theme

CSCv6|5.8

Title

Administrators should be required to access a system using a fully logged and non-administrative account.

Description

Administrators should be required to access a system using a fully logged and non-administrative account. Then, once logged on to the machine without administrative privileges, the administrator should transition to administrative privileges using tools such as Sudo on Linux/UNIX, RunAs on Windows, and other similar facilities for other types of systems.

Reference Item Details

Reference: CIS Critical Security Controls v6

Category: Controlled Use of Administrative Privileges

Family: System

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.2.44 Set 'Audit Policy: Logon-Logoff: Special Logon' to 'Success'	Windows	CIS Windows 8 L1 v1.0.0
4.1 Ensure sudo is configured correctly	Unix	CIS PostgreSQL 9.6 OS v1.0.0
4.1 Ensure sudo is configured correctly	Unix	CIS PostgreSQL 11 OS v1.0.0
4.1 Ensure sudo is configured correctly	Unix	CIS PostgreSQL 9.5 OS v1.1.0
4.1 Ensure sudo is configured correctly	Unix	CIS PostgreSQL 10 OS v1.0.0
4.1 Ensure sudo is configured correctly - /etc/sudoers	Unix	CIS PostgreSQL 14 OS v1.0.0
4.1 Ensure sudo is configured correctly - /etc/sudoers	Unix	CIS PostgreSQL 13 OS v1.0.0
4.1 Ensure sudo is configured correctly - /etc/sudoers	Unix	CIS PostgreSQL 12 OS v1.0.0
4.1 Ensure sudo is configured correctly - /etc/sudoers.d/postgres	Unix	CIS PostgreSQL 14 OS v1.0.0
4.1 Ensure sudo is configured correctly - /etc/sudoers.d/postgres	Unix	CIS PostgreSQL 13 OS v1.0.0
4.1 Ensure sudo is configured correctly - /etc/sudoers.d/postgres	Unix	CIS PostgreSQL 12 OS v1.0.0
5.2.8 Ensure SSH root login is disabled	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.2.8 Ensure SSH root login is disabled	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.2.8 Ensure SSH root login is disabled	Unix	CIS Amazon Linux v2.1.0 L1
5.2.10 Ensure SSH root login is disabled	Unix	CIS Debian 8 Server L1 v2.0.2
5.2.10 Ensure SSH root login is disabled	Unix	CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
5.2.10 Ensure SSH root login is disabled	Unix	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
5.2.10 Ensure SSH root login is disabled	Unix	CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
5.2.10 Ensure SSH root login is disabled	Unix	CIS Distribution Independent Linux Workstation L1 v2.0.0
5.2.10 Ensure SSH root login is disabled	Unix	CIS Debian 8 Workstation L1 v2.0.2
5.2.10 Ensure SSH root login is disabled	Unix	CIS Distribution Independent Linux Server L1 v2.0.0
5.2.14 Ensure SSH access is limited	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.2.14 Ensure SSH access is limited	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.2.14 Ensure SSH access is limited	Unix	CIS Amazon Linux v2.1.0 L1
5.2.18 Ensure SSH access is limited	Unix	CIS Debian 8 Workstation L1 v2.0.2
5.2.18 Ensure SSH access is limited	Unix	CIS Debian 8 Server L1 v2.0.2
5.2.18 Ensure SSH access is limited	Unix	CIS Distribution Independent Linux Server L1 v2.0.0
5.2.18 Ensure SSH access is limited	Unix	CIS Distribution Independent Linux Workstation L1 v2.0.0
5.3.10 Ensure SSH root login is disabled	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
5.3.10 Ensure SSH root login is disabled	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.1.0
5.3.10 Ensure SSH root login is disabled	Unix	CIS Ubuntu Linux 20.04 LTS Server L1 v1.1.0
5.3.10 Ensure SSH root login is disabled	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
5.3.11 Ensure SSH root login is disabled	Unix	CIS Oracle Linux 6 Server L1 v2.0.0
5.3.11 Ensure SSH root login is disabled	Unix	CIS Red Hat 6 Server L1 v3.0.0
17.5.5 (L1) Ensure 'Audit Special Logon' is set to include 'Success'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
17.5.5 (L1) Ensure 'Audit Special Logon' is set to include 'Success'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1
17.5.6 Ensure 'Audit Special Logon' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.3.1 (L1) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.3.1 (L1) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
18.3.1 Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
18.3.1 Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.3.1 Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.3.1 Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.3.1 Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.3.1 Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1