Detections
Analytics

CSCv7|4.1

Title

Maintain Inventory of Administrative Accounts

Description

Use automated tools to inventory all administrative accounts, including domain and local accounts, to ensure that only authorized individuals have elevated privileges.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 Ensure Administrative accounts are separate and cloud-onlymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.0.0
1.1.3 Ensure that between two and four global admins are designatedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.0.0
1.23 Ensure That No Custom Subscription Administrator Roles Existmicrosoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
2.2.10 (L1) Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.10 Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.12 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.12 Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.14 (L1) Configure 'Create symbolic links'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.14 Configure 'Create symbolic links'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.15 (L1) Ensure 'Debug programs' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.15 Ensure 'Debug programs' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.17 Ensure 'Create symbolic links' is set to 'Administrators' (DC only)WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.21 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.21 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.22 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.22 Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators' - Window Manager\Window Manager Group'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.25 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only) - Administrators (DC only)WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
2.2.25 Ensure 'Increase scheduling priority' is set to 'Administrators' - AdministratorsWindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.25 Ensure 'Increase scheduling priority' is set to 'Administrators' - Window Manager\Window Manager Group'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.26 (L1) Ensure 'Load and unload device drivers' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.26 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only)WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.26 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only)WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
2.2.26 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only) - No OneWindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
2.2.26 Ensure 'Load and unload device drivers' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.27 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only)WindowsCIS Microsoft Windows Server 2016 DC L1 v2.0.0
2.2.27 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only)WindowsCIS Microsoft Windows Server 2019 Standalone DC L1 vCIS Microsoft Windows Server 2019 Standalone DC L1 v1.0.0
2.2.27 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only)WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
2.2.27 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only)WindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 DC
2.2.27 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only)WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
2.2.27 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only)WindowsCIS Windows Server 2012 DC L1 v3.0.0
2.2.27 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only)WindowsCIS Microsoft Windows Server 2019 DC L1 v2.0.0
2.2.27 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only)WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
2.2.27 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only)WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.27 Ensure 'Force shutdown from a remote system' is set to 'Administrators' - AdministratorsWindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
2.2.27 Ensure 'Force shutdown from a remote system' is set to 'Administrators' - AdministratorsWindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
2.2.28 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only)WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
2.2.28 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only)WindowsCIS Windows Server 2012 MS L1 v3.0.0
2.2.28 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only)WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
2.2.28 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only) - No OneWindowsCIS Microsoft Windows Server 2019 MS L1 v2.0.0
2.2.28 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only) - No OneWindowsCIS Microsoft Windows Server 2019 MS Standalone L1 v1.0.0
2.2.28 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only) - No OneWindowsCIS Microsoft Windows Server 2016 MS L1 v2.0.0
2.2.28 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only) - No OneWindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 MS
2.2.28 Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.10 Ensure Secure Keyboard Entry terminal.app is EnabledUnixCIS Apple macOS 10.14 v2.0.0 L1