CSCv7|4.6

Title

Use of Dedicated Machines For All Administrative Tasks

Description

Ensure administrators use a dedicated machine for all administrative tasks or tasks requiring administrative access. This machine will be segmented from the organization's primary network and not be allowed Internet access. This machine will not be used for reading e-mail, composing documents, or browsing the Internet.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.2 Configure IP Blocking on Failed LoginsCiscoCIS Cisco NX-OS v1.2.0 L1
2.2.7 (L1) Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.7 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.8 (L1) Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.8 Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.9 (L1) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE, Users'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.10 (L1) Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.10 Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.11 (L1) Ensure 'Create a token object' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.11 Ensure 'Create a token object' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.12 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.12 Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.14 (L1) Configure 'Create symbolic links'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.14 Configure 'Create symbolic links'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.15 (L1) Ensure 'Debug programs' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.15 Ensure 'Debug programs' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.21 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.21 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.22 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.22 Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.24 (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.24 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators' - Window Manager\Window Manager Group'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.25 Ensure 'Increase scheduling priority' is set to 'Administrators' - AdministratorsWindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.25 Ensure 'Increase scheduling priority' is set to 'Administrators' - Window Manager\Window Manager Group'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.26 (L1) Ensure 'Load and unload device drivers' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.26 Ensure 'Load and unload device drivers' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.30 (L1) Ensure 'Manage auditing and security log' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.30 Ensure 'Manage auditing and security log' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.32 (L1) Ensure 'Modify firmware environment values' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.32 Ensure 'Modify firmware environment values' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.33 (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.33 Ensure 'Perform volume maintenance tasks' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.34 Ensure 'Profile single process' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.35 (L1) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.35 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.37 (L1) Ensure 'Restore files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.37 Ensure 'Restore files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.38 (L1) Ensure 'Shut down the system' is set to 'Administrators, Users'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.38 Ensure 'Shut down the system' is set to 'Administrators, Users'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.39 (L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.39 Ensure 'Take ownership of files or other objects' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.9.85.1 (L1) Ensure 'Allow user control over installs' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.9.85.2 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
19.7.41.1 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
19.7.41.1 Ensure 'Always install with elevated privileges' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1