Capacity
CCI-000770
The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.
30
Rule
Severity: Medium
Ensure All Accounts on the System Have Unique Names
29
Rule
Severity: Medium
Restrict Serial Port Root Logins
29
Rule
Severity: Medium
Restrict Virtual Console Root Logins
5
Rule
Severity: Medium
Enable Smart Card Login
30
Rule
Severity: Medium
Disable SSH Root Login
2
Rule
Severity: Medium
Direct root Logins Are Not Allowed
1
Rule
Severity: Medium
The application server must authenticate users individually prior to using a group authenticator.
2
Rule
Severity: Medium
The application must ensure users are authenticated with an individual authenticator prior to using a group authenticator.
1
Rule
Severity: Medium
SAML integration must be enabled in Docker Enterprise.
1
Rule
Severity: Medium
The WebSphere Application Server users in a local user registry group must be authorized for that group.
2
Rule
Severity: Medium
The JBoss server must be configured to use individual accounts and not generic or shared accounts.
1
Rule
Severity: Medium
The Mainframe Product must verify users are authenticated with an individual authenticator prior to using a group authenticator.
2
Rule
Severity: Medium
ONTAP must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.
5
Rule
Severity: Medium
The network device must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.
1
Rule
Severity: High
Oracle WebLogic must authenticate users individually prior to using a group authenticator.
2
Rule
Severity: Medium
Prisma Cloud Compute must be configured with unique user accounts.
2
Rule
Severity: High
The Riverbed NetProfiler must be configured to authenticate each administrator prior to authorizing privileges based on roles.
2
Rule
Severity: High
The TippingPoint SMS must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access and to enforce access restrictions.
1
Rule
Severity: Medium
The UEM server must ensure users are authenticated with an individual authenticator prior to using a group authenticator.
2
Rule
Severity: High
TLS must be enabled on JMX.
4
Rule
Severity: Medium
The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.
2
Rule
Severity: Medium
The macOS system must disable logon to other user's active and locked sessions.
2
Rule
Severity: Medium
The macOS system must disable root logon.
2
Rule
Severity: Medium
The macOS system must disable root logon for SSH.
3
Rule
Severity: Medium
The Ubuntu operating system must prevent direct login into the root account.
1
Rule
Severity: Medium
The container platform must ensure users are authenticated with an individual authenticator prior to using a group authenticator.
3
Rule
Severity: Medium
The operating system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.
2
Rule
Severity: Medium
Direct logins to the AIX system must not be permitted to shared accounts, default accounts, application accounts, and utility accounts.
1
Rule
Severity: Medium
CA-TSS user accounts must uniquely identify system users.
1
Rule
Severity: Medium
IBM RACF user accounts must uniquely identify system users.
1
Rule
Severity: High
The ICS must be configured to prevent nonprivileged users from executing privileged functions.
2
Rule
Severity: Medium
The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.
2
Rule
Severity: Medium
OL 8 must not permit direct logons to the root account using remote access via SSH.
1
Rule
Severity: Medium
Automation Controller must be configured to authenticate users individually, prior to using a group authenticator.
2
Rule
Severity: High
OpenShift RBAC access controls must be enforced.
2
Rule
Severity: Medium
RHEL 8 must not permit direct logons to the root account using remote access via SSH.
4
Rule
Severity: Medium
The SUSE operating system must deny direct logons to the root account using remote access via SSH.
2
Rule
Severity: Medium
RHEL 9 must not permit direct logons to the root account using remote access via SSH.
1
Rule
Severity: Medium
RHEL 9 must use the CAC smart card driver.
1
Rule
Severity: Medium
The VMM must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.
1
Rule
Severity: Low
The ESXi host must use Active Directory for local user authentication.
4
Rule
Severity: Medium
The vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users.
3
Rule
Severity: Low
The ESXi host must uniquely identify and must authenticate organizational users by using Active Directory.
1
Rule
Severity: Medium
The BIG-IP appliance must be configured to ensure administrators are authenticated with an individual authenticator prior to using a group authenticator.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must prevent direct login into the root account.
1
Rule
Severity: High
The F5 BIG-IP appliance must be configured to use multifactor authentication (MFA) for interactive logins.
1
Rule
Severity: Medium
MKE must be configured to integrate with an Enterprise Identity Provider.
1
Rule
Severity: Medium
RHEL 9 must use the common access card (CAC) smart card driver.
1
Rule
Severity: Medium
SLEM 5 must deny direct logons to the root account using remote access via SSH.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules