CSCv7|16.13

Title

Alert on Account Login Behavior Deviation

Description

Alert when users deviate from normal login behavior, such as time-of-day, workstation location and duration.

Reference Item Details

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Windows Server 2012 DC L1 v3.0.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Windows Server 2012 MS L1 v3.0.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 MS L1 v2.0.0
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2019 MS L1 v2.0.0
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 DC L1 v2.0.0
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 DC
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 MS
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows Server 2019 DC L1 v2.0.0
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
17.5.3 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1