CSCv7|4.1

Title

Maintain Inventory of Administrative Accounts

Description

Use automated tools to inventory all administrative accounts, including domain and local accounts, to ensure that only authorized individuals have elevated privileges.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3 Ensure that between two and four global admins are designatedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.5.0
1.1.10 Use Just In Time privileged access to Office 365 rolesmicrosoft_azureCIS Microsoft 365 Foundations E5 L2 v1.5.0
1.5 Ensure Administrative accounts are separate and cloud-onlymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.5.0
1.23 Ensure That No Custom Subscription Owner Roles Are Createdmicrosoft_azureCIS Microsoft Azure Foundations v1.5.0 L1
2.2.10 (L1) Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.10 (L1) Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.12 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.12 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.14 (L1) Configure 'Create symbolic links'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.14 (L1) Configure 'Create symbolic links'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.15 (L1) Ensure 'Debug programs' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.15 (L1) Ensure 'Debug programs' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.16 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
2.2.16 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
2.2.16 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
2.2.16 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
2.2.17 Ensure 'Create symbolic links' is set to 'Administrators' (DC only)WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.17 Ensure 'Create symbolic links' is set to 'Administrators' (DC only)WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.17 Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
2.2.17 Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
2.2.17 Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
2.2.17 Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
2.2.18 Ensure 'Create symbolic links' is set to 'Administrators, NT VIRTUAL MACHINE\Virtual Machines' (MS only)WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.21 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.21 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.21 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
2.2.21 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
2.2.21 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
2.2.21 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
2.2.22 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.22 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.22 Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
2.2.22 Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
2.2.22 Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
2.2.22 Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators' - Window Manager\Window Manager Group'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators' - Window Manager\Window Manager Group'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.26 (L1) Ensure 'Load and unload device drivers' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.26 (L1) Ensure 'Load and unload device drivers' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.10 Ensure Secure Keyboard Entry terminal.app is EnabledUnixCIS Apple macOS 10.14 v2.0.0 L1