CSCv7|16.13

Title

Alert on Account Login Behavior Deviation

Description

Alert when users deviate from normal login behavior, such as time-of-day, workstation location and duration.

Reference Item Details

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

NamePluginAudit Name
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Windows Server 2012 DC L1 v3.0.0
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Windows Server 2012 MS L1 v3.0.0
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
17.5.3 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v3.0.0
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Windows Server 2012 DC L1 v3.0.0
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS