CSCv7|16.3

Title

Require Multi-factor Authentication

Description

Require multi-factor authentication for all user accounts, on all systems, whether managed onsite or by a third-party provider.

Reference Item Details

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 Ensure multifactor authentication is enabled for all users in administrative rolesmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
1.1.2 Ensure multifactor authentication is enabled for all users in all rolesmicrosoft_azureCIS Microsoft 365 Foundations E3 L2 v1.4.0
1.1.15 Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users.microsoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
1.1.16 Ensure the option to stay signed in is disabledmicrosoft_azureCIS Microsoft 365 Foundations E3 L2 v1.4.0
1.2 Ensure modern authentication for Exchange Online is enabledmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
1.2 Ensure that multi-factor authentication is enabled for all non-privileged users - List Usersmicrosoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.2 Ensure that multi-factor authentication is enabled for all non-privileged users - Role Assignmentsmicrosoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.2 Ensure that multi-factor authentication is enabled for all non-privileged users - Role Definitionsmicrosoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.2 Ensure that multi-factor authentication is enabled for all non-service accountsGCPCIS Google Cloud Platform v1.1.0 L1
1.3 Ensure modern authentication for Skype for Business Online is enabledmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
1.3 Ensure that Security Key Enforcement is enabled for all admin accountsGCPCIS Google Cloud Platform v1.1.0 L2
1.4 Ensure modern authentication for SharePoint applications is requiredmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.5 Ensure that 'Number of methods required to reset' is set to '2'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L1
1.8.8 Ensure users must authenticate users using MFA via a graphical user logonUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.10 Ensure required packages for multifactor authentication are installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.10 Ensure required packages for multifactor authentication are installed - escUnixCIS Amazon Linux 2 STIG v1.0.0 L3
1.10 Ensure required packages for multifactor authentication are installed - pam_pkcs11UnixCIS Amazon Linux 2 STIG v1.0.0 L3
1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L1
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 BL
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL + NG
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 BL
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL + NG
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL + NG
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL + NG
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 BL
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 BL
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL
18.9.11.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.9.11.1.15 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.11.1.15 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.9.11.1.16 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.9.11.1.16 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.11.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.9.11.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 BL
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG