CSCv7|4.8

Title

Log and Alert on Changes to Administrative Group Membership

Description

Configure systems to issue a log entry and alert when an account is added to or removed from any group assigned administrative privileges.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.4 Ensure mounting of freevxfs filesystems is disabledUnixCIS Amazon Linux 2023 Server L1 v1.0.0
1.21 Ensure 'Ephemeral profile' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.22 Ensure 'Import autofill form data from default browser on first run' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.23 Ensure 'Import of homepage from default browser on first run' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.24 Ensure 'Import search engines from default browser on first run' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.29 Ensure 'URLs for which local IPs are exposed in WebRTC ICE candidates' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Windows Server 2012 DC L1 v3.0.0
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
2.10.1 Ensure 'Allow automatic sign-in to Microsoft cloud identity providers' Is EnabledWindowsCIS Google Chrome L1 v3.0.0
2.11 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v3.0.0 L1
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL