CCI-000804

Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.

26 rules found Severity: Medium

33 rules found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

3 rules found Severity: Medium

2 rules found Severity: Medium

5 rules found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

3 rules found Severity: Medium

1 rule found Severity: Medium

CCI-000804

Ensure All Accounts on the System Have Unique User IDs

Ensure All Accounts on the System Have Unique Names

Ensure no duplicate UIDs exist

Kona Site Defender must not strip origin-defined HTTP session headers.

The CA API Gateway providing user authentication intermediary services must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

IBM Aspera Faspex must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

IBM Aspera Shares must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

The DataPower Gateway providing user authentication intermediary services must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

CA VM:Secure product NORULE record in the SECURITY CONFIG file must be configured to REJECT.

The IBM z/VM TCP/IP ANONYMOU statement must not be coded in FTP configuration.

SQL Server must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

The Tanium application must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).

The Ubuntu operating system must uniquely identify interactive users.

MongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

The DBMS must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

PostgreSQL must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

The BIG-IP APM module must be configured to uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users) when connecting to virtual servers.

The BIG-IP Core implementation must be configured to uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users) when connecting to virtual servers.

PostgreSQL must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).

The EDB Postgres Advanced Server must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).

The F5 BIG-IP appliance providing user authentication intermediary services must uniquely identify and authenticate users using redundant authentication servers and multifactor authentication (MFA).

All accounts on AIX must be assigned unique User Identification Numbers (UIDs) and must authenticate organizational and non-organizational users (or processes acting on behalf of these users).

MarkLogic Server must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

MongoDB must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).

Azure SQL Database must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).

Windows 11 systems must use a BitLocker PIN with a minimum length of six digits for pre-boot authentication.

The built-in guest account must be disabled.

Windows Server 2016 built-in guest account must be disabled.

The MySQL Database Server 8.0 must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

Redis Enterprise DBMS must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

SLEM 5 must not have duplicate User IDs (UIDs) for interactive users.

TOSS duplicate User IDs (UIDs) must not exist for interactive users.

The Anonymous Logon and Everyone groups must not be members of the Pre-Windows 2000 Compatible Access group.

NixOS must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users).

The ALG providing user authentication intermediary services must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

The application must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

Ubuntu 22.04 LTS must uniquely identify interactive users.

Duplicate User IDs (UIDs) must not exist for interactive users.

The operating system must uniquely identify and must authenticate non-organizational users (or processes acting on behalf of non-organizational users).

CA-ACF2 defined user accounts must uniquely identify system users.

IBM RACF user accounts must uniquely identify system users.

IBM z/OS startup parameters for the FTP server must have the INACTIVE statement properly set.

CA-TSS user accounts must uniquely identify system users.

The Mainframe Product must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

The MariaDB must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).

The Juniper SRX Services Gateway VPN must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

SharePoint must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

Windows Server 2019 must have the built-in guest account disabled.

Windows Server 2022 must have the built-in guest account disabled.

OL 8 duplicate User IDs (UIDs) must not exist for interactive users.

RHEL 9 duplicate User IDs (UIDs) must not exist for interactive users.

The SUSE operating system must not have duplicate User IDs (UIDs) for interactive users.

Duplicate UIDs must not exist for multiple non-organizational users.

The vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users.

The VPN Gateway must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).