Skip to content
ATO Pathways
  Log In

CCI-002227

Restrict privileged accounts on the system to organization-defined personnel or roles.

Logo
13

Rule

Severity: Medium
Ensure invoking users password for privilege escalation when using sudo
Logo
1

Rule

Severity: Medium
The BlackBerry UEM server must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, or auditor.
Logo
1

Rule

Severity: Medium
The MaaS360 MDM server must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, auditor.
Logo
2

Rule

Severity: Medium
Sign-on to the ESCD Application Console must be restricted to only authorized personnel.
Logo
2

Rule

Severity: Medium
The Distributed Console Access Facility (DCAF) Console must be restricted to only authorized personnel.
Logo
2

Rule

Severity: Medium
Access to the Hardware Management Console must be restricted to only authorized personnel.
Logo
2

Rule

Severity: Medium
Automatic Call Answering to the Hardware Management Console must be disabled.
Logo
2

Rule

Severity: Medium
The Jamf Pro EMM server must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, auditor.
Logo
1

Rule

Severity: Medium
The MobileIron Core v10 server must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, auditor.
Logo
1

Rule

Severity: Medium
The Samsung SDS EMM must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, auditor.
Logo
1

Rule

Severity: Medium
The Workspace ONE UEM server must be configured to have at least one user in the following Administrator roles: Server primary administrator, security configuration administrator, device user group administrator, or auditor.
Logo
2

Rule

Severity: Medium
Administrative accounts of all high-value IT resources must be assigned to a specific administrative tier in Active Directory to separate highly privileged administrative accounts from less privileged administrative accounts.
Logo
2

Rule

Severity: Medium
The Oracle Linux operating system must use the invoking user's password for privilege escalation when using "sudo".
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must use the invoking user's password for privilege escalation when using "sudo".
Logo
2

Rule

Severity: Medium
RHEL 8 must use the invoking user's password for privilege escalation when using "sudo".
Logo
2

Rule

Severity: Medium
The SUSE operating system must use the invoking user's password for privilege escalation when using "sudo".

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules