Skip to content
Log In

CCI-000770

The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.

Ensure All Accounts on the System Have Unique Names

33 rules found Severity: Medium

Logo

Restrict Serial Port Root Logins

31 rules found Severity: Medium

Logo

Restrict Virtual Console Root Logins

31 rules found Severity: Medium

Logo

Enable Smart Card Login

5 rules found Severity: Medium

Logo

Disable SSH Root Login

8 rules found Severity: Medium

Logo

Direct root Logins Are Not Allowed

2 rules found Severity: Medium

Logo

SAML integration must be enabled in Docker Enterprise.

1 rule found Severity: Medium

Logo

The WebSphere Application Server users in a local user registry group must be authorized for that group.

1 rule found Severity: Medium

Logo

Oracle WebLogic must authenticate users individually prior to using a group authenticator.

1 rule found Severity: High

Logo

The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must prevent direct login into the root account.

2 rules found Severity: Medium

Logo

The network device must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.

4 rules found Severity: Medium

Logo

The BIG-IP appliance must be configured to ensure administrators are authenticated with an individual authenticator prior to using a group authenticator.

1 rule found Severity: Medium

Logo

TLS must be enabled on JMX.

1 rule found Severity: High

Logo

The F5 BIG-IP appliance must be configured to use multifactor authentication (MFA) for interactive logins.

1 rule found Severity: High

Logo

Direct logins to the AIX system must not be permitted to shared accounts, default accounts, application accounts, and utility accounts.

1 rule found Severity: Medium

Logo

The JBoss server must be configured to use individual accounts and not generic or shared accounts.

1 rule found Severity: Medium

Logo

MKE must be configured to integrate with an Enterprise Identity Provider.

1 rule found Severity: Medium

Logo

ONTAP must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.

1 rule found Severity: Medium

Logo

The Riverbed NetProfiler must be configured to authenticate each administrator prior to authorizing privileges based on roles.

1 rule found Severity: High

Logo

SLEM 5 must deny direct logons to the root account using remote access via SSH.

1 rule found Severity: Medium

Logo

The TippingPoint SMS must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access and to enforce access restrictions.

1 rule found Severity: High

Logo

The macOS system must disable logon to other user's active and locked sessions.

1 rule found Severity: Medium

Logo

The macOS system must disable root logon.

1 rule found Severity: Medium

Logo

The macOS system must disable root logon for SSH.

1 rule found Severity: Medium

Logo

The application must ensure users are authenticated with an individual authenticator prior to using a group authenticator.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must prevent direct login into the root account.

1 rule found Severity: Medium

Logo

AOS must be configured to use DOD public key infrastructure (PKI) as multifactor authentication (MFA) for interactive logins.

1 rule found Severity: High

Logo

OL 8 must not permit direct logons to the root account using remote access via SSH.

1 rule found Severity: Medium

Logo

Prisma Cloud Compute must be configured with unique user accounts.

1 rule found Severity: Medium

Logo

OpenShift RBAC access controls must be enforced.

1 rule found Severity: High

Logo

RHEL 8 must not permit direct logons to the root account using remote access via SSH.

1 rule found Severity: Medium

Logo

RHEL 9 must not permit direct logons to the root account using remote access via SSH.

1 rule found Severity: Medium

Logo

RHEL 9 must use the common access card (CAC) smart card driver.

1 rule found Severity: Medium

Logo

The SUSE operating system must deny direct logons to the root account using remote access via SSH.

2 rules found Severity: Medium

Logo

The operating system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.

2 rules found Severity: Medium

Logo

The ESXi host must use Active Directory for local user authentication.

1 rule found Severity: Low

Logo

The ESXi host must uniquely identify and must authenticate organizational users by using Active Directory.

2 rules found Severity: Low

Logo

The vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users.

3 rules found Severity: Medium

Logo