CSCv7|16.3

Title

Require Multi-factor Authentication

Description

Require multi-factor authentication for all user accounts, on all systems, whether managed onsite or by a third-party provider.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1 Ensure multifactor authentication is enabled for all users in administrative roles	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v1.5.0
1.1.2 Ensure multifactor authentication is enabled for all users in all roles	microsoft_azure	CIS Microsoft 365 Foundations E3 L2 v1.5.0
1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - List Users	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L2
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - Role Assignments	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L2
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - Role Definitions	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L2
1.1.4 Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.1.15 Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users.	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v1.5.0
1.1.16 Ensure the option to remain signed in is hidden	microsoft_azure	CIS Microsoft 365 Foundations E3 L2 v1.5.0
1.2 Ensure modern authentication for Exchange Online is enabled	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v1.5.0
1.2 Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts	GCP	CIS Google Cloud Platform v1.3.0 L1
1.2.3 Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.2.4 Ensure that A Multi-factor Authentication Policy Exists for All Users	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.2.5 Ensure Multi-factor Authentication is Required for Risky Sign-ins	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.2.6 Ensure Multi-factor Authentication is Required for Azure Management	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.3 Ensure modern authentication for SharePoint applications is required	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v1.5.0
1.3 Ensure that Security Key Enforcement is Enabled for All Admin Accounts	GCP	CIS Google Cloud Platform v1.3.0 L2
1.5 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled'	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.6 Ensure That 'Number of methods required to reset' is set to '2'	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.8.8 Ensure users must authenticate users using MFA via a graphical user logon	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.10 Ensure required packages for multifactor authentication are installed	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.10 Ensure required packages for multifactor authentication are installed - esc	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
1.10 Ensure required packages for multifactor authentication are installed - pam_pkcs11	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes'	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 BL
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL + NG
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L2 + BL
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 BL
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L2 + BL
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 BL
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL + NG
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 BL
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.10.9.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
18.10.9.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.10.9.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 BL
18.10.9.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL
18.10.9.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.10.9.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL + NG
18.10.9.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True' - Enabled: True	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L2 + BL
18.10.9.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True' - Enabled: True	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.10.9.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True' - Enabled: True	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 BL
18.10.9.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True' - Enabled: True	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL + NG
18.10.9.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True' - Enabled: True	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL

Detections

Analytics

CSCv7|16.3

Title

Description

Reference Item Details

Audit Items