CSCv7|16.3

Title

Require Multi-factor Authentication

Description

Require multi-factor authentication for all user accounts, on all systems, whether managed onsite or by a third-party provider.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2 Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts	GCP	CIS Google Cloud Platform v3.0.0 L1
1.3 Ensure that Security Key Enforcement is Enabled for All Admin Accounts	GCP	CIS Google Cloud Platform v3.0.0 L2
1.4 Ensure multi-factor authentication (MFA) is turned on for all human users with password-based authentication	Snowflake	CIS Snowflake Foundations v1.0.0 L1
1.8.8 Ensure users must authenticate users using MFA via a graphical user logon	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.10 Ensure required packages for multifactor authentication are installed	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.10 Ensure required packages for multifactor authentication are installed - esc	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
1.10 Ensure required packages for multifactor authentication are installed - pam_pkcs11	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG
18.10.9.1.12 (L1) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 BL
18.10.9.1.13 (L1) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.10.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.10.10.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.3.13 (BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.10.10.3.13 (BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.10.10.3.13 (BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker

Detections

Analytics

CSCv7|16.3

Title

Description

Reference Item Details

Audit Items