Detections
Analytics

CSCv7|16.7

Title

Establish Process for Revoking Access

Description

Establish and follow an automated process for revoking system access by disabling accounts immediately upon termination or change of responsibilities of an employee or contractor . Disabling these accounts, instead of deleting accounts, allows preservation of audit trails.

Reference Item Details

Category: Account Monitoring and Control

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.47 UBTU-24-200610UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III
1.80 UBTU-22-411045UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III
2.1.6 Ensure that usage is restricted and expiry is enforced for Databricks personal access tokensmicrosoft_azureCIS Microsoft Azure Foundations v5.0.0 L1
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessOracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessOracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessOracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or LessOracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
2.2.12 Ensure 'SSL_CERT_REVOCATION' Is Set To 'REQUIRED'UnixCIS Oracle Database 23ai v1.1.0 L1 RDBMS On Linux Host OS Unix
2.2.12 Ensure 'SSL_CERT_REVOCATION' Is Set To 'REQUIRED'WindowsCIS Oracle Database 23ai v1.1.0 L1 RDBMS On Windows Server Host OS Windows
2.3.7 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is Set To '3' Or LessOracleDBCIS Oracle Database 19c v2.0.0 L1 RDBMS
2.3.8 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is Set To '3' Or LessOracleDBCIS Oracle Database 23ai v1.1.0 L1 RDBMS
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less Than Or Equal To '5'OracleDBCIS Oracle Database 23ai v1.1.0 L1 RDBMS
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less Than Or Equal To '5'OracleDBCIS Oracle Database 19c v2.0.0 L1 RDBMS
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'OracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'OracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'OracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.1.1 Client certificate authentication should not be used for usersUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
3.1.1 Client certificate authentication should not be used for usersUnixCIS Kubernetes v1.12.0 L1 Master Node
3.1.1 Client certificate authentication should not be used for usersUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
3.1.1 Client certificate authentication should not be used for usersUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
3.1.2 Service account token authentication should not be used for usersUnixCIS Kubernetes v1.12.0 L1 Master Node
3.1.3 Bootstrap token authentication should not be used for usersUnixCIS Kubernetes v1.12.0 L1 Master Node
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater Than Or Equal To '1'OracleDBCIS Oracle Database 23ai v1.1.0 L1 RDBMS
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater Than Or Equal To '1'OracleDBCIS Oracle Database 19c v2.0.0 L1 RDBMS
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'OracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'OracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'OracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'OracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'OracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'OracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'OracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.12 (L1) Host must lock an account after a specified number of failed login attemptsVMwareCIS VMware ESXi 8.0 v1.2.0 L1
4.3 (L1) Ensure the maximum failed login attempts is set to 5VMwareCIS VMware ESXi 7.0 v1.5.0 L1
4.3 Ensure the maximum failed login attempts is set to 5VMwareCIS VMware ESXi 6.7 v1.3.0 Level 1
4.4.1 Ensure custom authselect profile is usedUnixCIS Amazon Linux 2023 v1.0.0 L1 Server
4.4.2 Ensure authselect includes with-faillockUnixCIS Amazon Linux 2023 v1.0.0 L1 Server
4.4.2 Ensure lockout for failed password attempts is configuredUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation
4.4.2 Ensure lockout for failed password attempts is configuredUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server
4.4.2 Ensure lockout for failed password attempts is configuredUnixCIS Debian Linux 10 v2.0.0 L1 Server
4.4.2 Ensure lockout for failed password attempts is configuredUnixCIS Debian Linux 10 v2.0.0 L1 Workstation
4.4.2.1.2 Ensure password failed attempts lockout is configuredUnixCIS CentOS Linux 7 v4.0.0 L1 Server
4.4.2.1.2 Ensure password failed attempts lockout is configuredUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server
4.4.2.1.2 Ensure password failed attempts lockout is configuredUnixCIS Amazon Linux 2 v3.0.0 L1
4.4.2.1.2 Ensure password failed attempts lockout is configuredUnixCIS Oracle Linux 7 v4.0.0 L1 Server
4.4.2.1.2 Ensure password failed attempts lockout is configuredUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation
4.4.2.1.2 Ensure password failed attempts lockout is configuredUnixCIS Oracle Linux 7 v4.0.0 L1 Workstation