Detections
Analytics

CSCv7|4.1

Title

Maintain Inventory of Administrative Accounts

Description

Use automated tools to inventory all administrative accounts, including domain and local accounts, to ensure that only authorized individuals have elevated privileges.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 Ensure Administrative accounts are separate and cloud-onlymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.1.0
1.1.1 Ensure Administrative accounts are separate and cloud-onlymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.0.0
1.1.3 Ensure that between two and four global admins are designatedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.0.0
1.1.3 Ensure that between two and four global admins are designatedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
1.1.3 Ensure that between two and four global admins are designatedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.5.0
1.1.3 Ensure that between two and four global admins are designatedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.3.0
1.1.3 Ensure that between two and four global admins are designatedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.1.0
1.1.7 Ensure that between two and four global admins are designatedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v2.0.0
1.1.10 Use Just In Time privileged access to Office 365 rolesmicrosoft_azureCIS Microsoft 365 Foundations E5 L2 v1.5.0
1.1.10 Use Just In Time privileged access to Office 365 rolesmicrosoft_azureCIS Microsoft 365 Foundations E5 L2 v1.4.0
1.1.11 Use Just In Time privileged access to Office 365 rolesmicrosoft_azureCIS Microsoft 365 Foundations E5 L2 v1.3.0
1.1.15 Ensure 'Privileged Identity Management' is used to manage rolesmicrosoft_azureCIS Microsoft 365 Foundations E5 L2 v2.0.0
1.5 Ensure Administrative accounts are separate and cloud-onlymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v2.0.0
1.5 Ensure Administrative accounts are separate and cloud-onlymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.5.0
1.6 Ensure Administrative accounts are separate, unassigned, and cloud-onlymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
1.22 Ensure That No Custom Subscription Administrator Roles Existmicrosoft_azureCIS Microsoft Azure Foundations v2.1.0 L1
1.23 Ensure That No Custom Subscription Administrator Roles Existmicrosoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
1.23 Ensure That No Custom Subscription Owner Roles Are Createdmicrosoft_azureCIS Microsoft Azure Foundations v1.5.0 L1
1.25 Ensure fewer than 5 users have global administrator assignmentmicrosoft_azureCIS Microsoft Azure Foundations v2.1.0 L1
2.2.10 (L1) Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.10 (L1) Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.10 (L1) Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.0.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2016 STIG NG MS L3 v1.0.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.0.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Windows Server 2012 MS L1 v2.2.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Windows Server 2012 R2 MS L1 v2.4.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2016 STIG NG DC L3 v1.0.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.2.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Windows Server 2012 DC L1 v2.2.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Windows Server 2012 R2 DC L1 v2.4.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.2.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
2.2.10 Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.10 Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1
2.2.12 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.12 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.10 Ensure Secure Keyboard Entry terminal.app is EnabledUnixCIS Apple macOS 10.14 v2.0.0 L1
2.10 Ensure Secure Keyboard Entry terminal.app is EnabledUnixCIS Apple macOS 10.15 v2.0.0 L1
2.10 Ensure Secure Keyboard Entry terminal.app is EnabledUnixCIS Apple macOS 11 v2.0.0 L1
2.10 Ensure Secure Keyboard Entry terminal.app is EnabledUnixCIS Apple macOS 12.0 Monterey v1.0.0 L1