CSCv7|4.6

Title

Use of Dedicated Machines For All Administrative Tasks

Description

Ensure administrators use a dedicated machine for all administrative tasks or tasks requiring administrative access. This machine will be segmented from the organization's primary network and not be allowed Internet access. This machine will not be used for reading e-mail, composing documents, or browsing the Internet.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4.2 If SNMPv2 is in use, set Restrictions on Access - ACL	Cisco	CIS Cisco NX-OS L1 v1.0.0
1.4.2 If SNMPv2 is in use, set Restrictions on Access - snmp-server	Cisco	CIS Cisco NX-OS L1 v1.0.0
1.5.2 If SNMPv2 is in use, set Restrictions on Access	Cisco	CIS Cisco NX-OS L1 v1.1.0
18.9.85.1 (L1) Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
18.9.85.1 (L1) Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.85.1 (L1) Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Windows Server 2012 DC L1 v2.2.0
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG NG MS L3 v1.0.0
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG NG DC L3 v1.0.0
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 MS L1 v2.4.0
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.2.0
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.2.0
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG DC L1 v1.0.0
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.0.0
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 DC L1 v2.4.0
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Windows Server 2012 MS L1 v2.2.0
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.9.85.2 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.85.2 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.85.2 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.0.0
18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1
18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.2.0
18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG DC L1 v1.0.0
18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG NG MS L3 v1.0.0
18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.2.0
18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG NG DC L3 v1.0.0
18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
18.9.86.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.9.86.1 Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.9.86.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.9.86.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.3.0
19.7.41.1 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
19.7.41.1 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
19.7.41.1 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
19.7.41.1 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Windows Server 2012 MS L1 v2.2.0
19.7.41.1 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.0.0
19.7.41.1 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
19.7.41.1 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
19.7.41.1 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
19.7.41.1 Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.2.0

Detections

Analytics

CSCv7|4.6

Title

Description

Reference Item Details

Audit Items