Configure the system logon banner message title., CC ID: 01743
Configure the "interactive logon: number of previous logons to cache (in case domain controller is not available" setting., CC ID: 01744
Configure the "Interactive logon: Require Domain Controller authentication to unlock workstation" setting., CC ID: 01746
Configure the Prompt for password on resume from hibernate / suspend setting., CC ID: 04356
Configure the "Interactive logon: Smart card removal behavior" setting., CC ID: 01747
Configure the "Recovery console: Allow automatic administrative logon" setting., CC ID: 01776
Configure the "Recovery console: Allow floppy copy and access to all drivers and all folders" setting., CC ID: 01777
Configure the system to require an Open Firmware password on system startup., CC ID: 04479
Configure the "Interactive logon: Require removal card" setting., CC ID: 06053
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
For system accounts on behalf of which critical services or servers are run, the control system shall provide the capability to disallow interactive logons. (5.13.1 ¶ 2, IEC 62443-3-3: Industrial communication networks â Network and system security â Part 3-3: System security requirements and security levels, Edition 1)
Interactive use is prevented unless needed for an exceptional circumstance. (8.6.1 Bullet 1, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
Interactive use is limited to the time needed for the exceptional circumstance. (8.6.1 Bullet 2, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
Interactive use is prevented unless needed for an exceptional circumstance. (8.6.1 Bullet 1, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
Interactive use is limited to the time needed for the exceptional circumstance. (8.6.1 Bullet 2, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
Interactive use is prevented unless needed for an exceptional circumstance. (8.6.1 Bullet 1, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
Interactive use is limited to the time needed for the exceptional circumstance. (8.6.1 Bullet 2, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
Interactive use is prevented unless needed for an exceptional circumstance. (8.6.1 Bullet 1, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
Interactive use is limited to the time needed for the exceptional circumstance. (8.6.1 Bullet 2, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
Interactive use is limited to the time needed for the exceptional circumstance. (8.6.1 Bullet 2, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
Interactive use is prevented unless needed for an exceptional circumstance. (8.6.1 Bullet 1, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
Sign-on mechanisms should be configured to provide information so that they display no identifying details until after sign-on is completed successfully. (CF.06.07.03a, The Standard of Good Practice for Information Security)
Network devices should be configured to integrate with access control mechanisms in other devices (e.g., to provide strong authentication). (CF.09.01.04d, The Standard of Good Practice for Information Security)
Sign-on mechanisms should be configured to provide information so that they display no identifying details until after sign-on is completed successfully. (CF.06.07.03a, The Standard of Good Practice for Information Security, 2013)
Network devices should be configured to integrate with access control mechanisms in other devices (e.g., to provide strong authentication). (CF.09.01.04d, The Standard of Good Practice for Information Security, 2013)