CSCv7|4.8

Title

Log and Alert on Changes to Administrative Group Membership

Description

Configure systems to issue a log entry and alert when an account is added to or removed from any group assigned administrative privileges.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.4 Ensure mounting of freevxfs filesystems is disabledUnixCIS Amazon Linux 2023 Server L1 v1.0.0
1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + NG
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows Server 2019 MS L1 v2.0.0
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'WindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
2.2.1 Ensure 'AUDIT_SYS_OPERATIONS' Is Set to 'TRUE'OracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
2.2.1 Ensure 'AUDIT_SYS_OPERATIONS' Is Set to 'TRUE'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.1.0
2.2.1 Ensure 'AUDIT_SYS_OPERATIONS' Is Set to 'TRUE'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
17.5.3 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
17.5.3 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
17.5.3 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
17.5.3 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
17.5.3 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
17.5.3 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
17.5.3 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
17.5.3 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1