CSCv7|4.8

Title

Log and Alert on Changes to Administrative Group Membership

Description

Configure systems to issue a log entry and alert when an account is added to or removed from any group assigned administrative privileges.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1.4 Ensure mounting of freevxfs filesystems is disabled	Unix	CIS Amazon Linux 2023 Server L1 v1.0.0
1.9 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L1
1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'	microsoft_azure	CIS Microsoft Azure Foundations v1.5.0 L1
1.21 Ensure 'Ephemeral profile' is set to 'Disabled'	Windows	CIS Google Chrome L1 v3.0.0
1.22 Ensure 'Import autofill form data from default browser on first run' is set to 'Disabled'	Windows	CIS Google Chrome L1 v3.0.0
1.23 Ensure 'Import of homepage from default browser on first run' is set to 'Disabled'	Windows	CIS Google Chrome L1 v3.0.0
1.24 Ensure 'Import search engines from default browser on first run' is set to 'Disabled'	Windows	CIS Google Chrome L1 v3.0.0
1.29 Ensure 'URLs for which local IPs are exposed in WebRTC ICE candidates' is set to 'Disabled'	Windows	CIS Google Chrome L1 v3.0.0
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1
17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + BL + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Intune for Windows 11 v1.0.0 L1 + BL + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Stand-alone v1.0.1 L1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Stand-alone v1.0.1 L1 + BL
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Stand-alone v1.0.0 L1 + BL
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows Server 2019 DC L1 v1.2.1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise v1.12.0 L1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Stand-alone v1.0.0 L1 + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Stand-alone v1.0.1 L1 + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Intune for Windows 10 v1.1.0 L1 + BL
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows Server 2019 MS L1 v1.2.1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Intune for Windows 10 v1.1.0 L1 + NG
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Intune for Windows 10 v1.1.0 L1
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'	Windows	CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL + NG

Detections

Analytics

CSCv7|4.8

Title

Description

Reference Item Details

Audit Items