IL3 (Detect & Resist) Controls
Local user sessions on critical workstations.
Local user account status change on critical workstations should be logged and reportable
Changes to critical workstation user accounts and group membership or status
Running of all network commands and executables