CCI-004045
Require users to be individually authenticated before granting access to the shared accounts or resources.
1 rule found Severity: Medium
The Cisco ISE must change the password for the local CLI and web-based account when members who have access to the password leave the role and are no longer authorized access.
1 rule found Severity: Medium
The DNS server implementation must require users to be individually authenticated before granting access to the shared accounts or resources.
1 rule found Severity: Medium
Direct logins to the AIX system must not be permitted to shared accounts, default accounts, application accounts, and utility accounts.
1 rule found Severity: Medium
1 rule found Severity: High
The Juniper EX switch must change credentials for account of last resort when administrators who know the credential leave the organization.
1 rule found Severity: Medium
2 rules found Severity: Medium
Microsoft Intune service must be configured to use a DOD Central Directory Service to provide multifactor authentication for network access to privileged and nonprivileged accounts and individual and group accounts.
1 rule found Severity: Medium
The network device must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.
1 rule found Severity: Medium
2 rules found Severity: Medium
ONTAP must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.
1 rule found Severity: Medium
The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.
1 rule found Severity: Medium
The Riverbed NetProfiler must be configured to authenticate each administrator prior to authorizing privileges based on roles.
1 rule found Severity: High
Automation Controller must be configured to authenticate users individually, prior to using a group authenticator.
1 rule found Severity: Medium
2 rules found Severity: Medium
The Tanium Application Server must be configured with a connector to sync to Microsoft Active Directory for account management functions.
2 rules found Severity: Medium
The TippingPoint SMS must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access and to enforce access restrictions.
1 rule found Severity: High
The password for the local account of last resort and the device password (if configured) must be changed when members who had access to the password leave the role and are no longer authorized access.
1 rule found Severity: Medium
TOSS must not permit direct logons to the root account using remote access from outside of the system via SSH.
1 rule found Severity: Medium
The web server must require users to be individually authenticated before granting access to the shared accounts or resources.
1 rule found Severity: Medium
AAA Services must be configured to require users to be individually authenticated before granting access to the shared accounts or resources.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The application must ensure users are authenticated with an individual authenticator prior to using a group authenticator.
1 rule found Severity: Medium
The Central Log Server must require users to be individually authenticated before granting access to the shared accounts or resources.
1 rule found Severity: Medium
The container platform must ensure users are authenticated with an individual authenticator prior to using a group authenticator.
1 rule found Severity: Medium
1 rule found Severity: Medium
The container platform must terminate shared/group account credentials when members leave the group.
1 rule found Severity: Medium
The DBMS must require users to be individually authenticated before granting access to the shared accounts or resources.
1 rule found Severity: Medium
Forescout must terminate the account of last resort password when members with access to the password leave the group.
1 rule found Severity: Medium
The operating system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.
3 rules found Severity: Medium
The Mainframe Product must verify users are authenticated with an individual authenticator prior to using a group authenticator.
1 rule found Severity: Medium
1 rule found Severity: Medium
Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
2 rules found Severity: Medium
The UEM server must ensure users are authenticated with an individual authenticator prior to using a group authenticator.
1 rule found Severity: Medium
The VMM must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.
1 rule found Severity: Medium
The ESXi host must uniquely identify and must authenticate organizational users by using Active Directory.
1 rule found Severity: Low
The vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users.
1 rule found Severity: Medium
Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.
1 rule found Severity: High