Detections
Analytics

CSCv7|16.7

Title

Establish Process for Revoking Access

Description

Establish and follow an automated process for revoking system access by disabling accounts immediately upon termination or change of responsibilities of an employee or contractor . Disabling these accounts, instead of deleting accounts, allows preservation of audit trails.

Reference Item Details

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessOracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessOracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessOracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessOracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessOracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessOracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
2.2.12 Ensure 'SSL_CERT_REVOCATION' Is Set To 'REQUIRED'WindowsCIS Oracle Database 23ai v1.0.0 L1 RDBMS On Windows Server Host OS
2.2.12 Ensure 'SSL_CERT_REVOCATION' Is Set To 'REQUIRED'UnixCIS Oracle Database 23ai v1.0.0 L1 RDBMS On Linux Host OS
2.3.8 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is Set To '3' Or LessOracleDBCIS Oracle Database 23ai v1.0.0 L1 RDBMS
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less Than Or Equal To '5'OracleDBCIS Oracle Database 23ai v1.0.0 L1 RDBMS
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'OracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'OracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'OracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.1.1 Client certificate authentication should not be used for usersUnixCIS Kubernetes v1.10.0 L1 Master
3.1.1 Client certificate authentication should not be used for usersUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
3.1.1 Client certificate authentication should not be used for usersUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
3.1.1 Client certificate authentication should not be used for usersUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
3.1.2 Service account token authentication should not be used for usersUnixCIS Kubernetes v1.10.0 L1 Master
3.1.3 Bootstrap token authentication should not be used for usersUnixCIS Kubernetes v1.10.0 L1 Master
3.1.6 Ensure that usage is restricted and expiry is enforced for Databricks personal access tokensmicrosoft_azureCIS Microsoft Azure Foundations v4.0.0 L1
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater Than Or Equal To '1'OracleDBCIS Oracle Database 23ai v1.0.0 L1 RDBMS
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'OracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'OracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'OracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'OracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'OracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'OracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'OracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
3.12 (L1) Host must lock an account after a specified number of failed login attemptsVMwareCIS VMware ESXi 8.0 v1.2.0 L1
4.3 (L1) Ensure the maximum failed login attempts is set to 5VMwareCIS VMware ESXi 7.0 v1.4.0 L1
4.3 Ensure the maximum failed login attempts is set to 5VMwareCIS VMware ESXi 6.7 v1.3.0 Level 1
4.4.1 Ensure custom authselect profile is usedUnixCIS Amazon Linux 2023 Server L1 v1.0.0
4.4.2 Ensure authselect includes with-faillockUnixCIS Amazon Linux 2023 Server L1 v1.0.0
4.4.2 Ensure lockout for failed password attempts is configuredUnixCIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1
4.4.2 Ensure lockout for failed password attempts is configuredUnixCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1
4.4.2 Ensure lockout for failed password attempts is configuredUnixCIS Debian 10 Workstation L1 v2.0.0
4.4.2 Ensure lockout for failed password attempts is configuredUnixCIS Debian 10 Server L1 v2.0.0
4.4.2 Ensure lockout for failed password attempts is configuredUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server
10.3.1.2 Ensure that Storage Account access keys are periodically regeneratedmicrosoft_azureCIS Microsoft Azure Foundations v4.0.0 L1
10.3.1.3 Ensure 'Allow storage account key access' for Azure Storage Accounts is 'Disabled'microsoft_azureCIS Microsoft Azure Foundations v4.0.0 L1