800-53|AC-14

Title

PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION

Description

The organization:

Supplemental

This control addresses situations in which organizations determine that no identification or authentication is required in organizational information systems. Organizations may allow a limited number of user actions without identification or authentication including, for example, when individuals access public websites or other publicly accessible federal information systems, when individuals use mobile phones to receive calls, or when facsimiles are received. Organizations also identify actions that normally require identification or authentication but may under certain circumstances (e.g., emergencies), allow identification or authentication mechanisms to be bypassed. Such bypasses may occur, for example, via a software-readable physical switch that commands bypass of the logon functionality and is protected from accidental or unmonitored use. This control does not apply to situations where identification and authentication have already occurred and are not repeated, but rather to situations where identification and authentication have not yet occurred. Organizations may decide that there are no user actions that can be performed on organizational information systems without identification and authentication and thus, the values for assignment statements can be none.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: CP-2,IA-2

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Priority: P3

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.2 Install and configure HP-UX Secure Shell 'IgnoreRhosts=yes'	Unix	CIS HP-UX 11i v1.5
1.1.2 Install and configure HP-UX Secure Shell 'RhostsAuthentication=no'	Unix	CIS HP-UX 11i v1.5
1.1.2 Install and configure HP-UX Secure Shell 'RhostsRSAAuthentication=no'	Unix	CIS HP-UX 11i v1.5
1.2 Ensure 'Screen Lock' is set to Enabled	MDM	AirWatch - CIS Google Android v1.2.0 L1
1.2 Ensure 'Screen Lock' is set to Enabled	MDM	MobileIron - CIS Google Android v1.2.0 L1
1.4.2.2 Disable automatic login	Unix	CIS Apple OSX 10.6 Snow Leopard L1 v1.0.0
1.4.13.2 Disable automatic login	Unix	CIS Apple OSX 10.6 Snow Leopard L1 v1.0.0
1.4.14.8 Secure Remote Login 'HostbasedAuthentication'	Unix	CIS Apple OSX 10.6 Snow Leopard L2 v1.0.0
1.4.14.8 Secure Remote Login 'IgnoreRhosts'	Unix	CIS Apple OSX 10.6 Snow Leopard L2 v1.0.0
1.470 - The system must not allow a non-certificate trusted host SSH logon to the system.	Unix	Tenable Fedora Linux Best Practices v2.0.0
2.4.2.2 Disable Automatic Login & 2.4.13.2 Disable Automatic Login	Unix	CIS Apple OSX 10.5 Leopard L1 v1.0.0
4.330 - The system must be configured so that the SSH daemon does not allow authentication using RSA rhosts authentication.	Unix	Tenable Fedora Linux Best Practices v2.0.0
4.350 - The system must be configured so that the SSH daemon does not allow authentication using rhosts authentication.	Unix	Tenable Fedora Linux Best Practices v2.0.0
4.380 - The system must be configured so that the SSH daemon does not allow authentication using known hosts authentication.	Unix	Tenable Fedora Linux Best Practices v2.0.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS Distribution Independent Linux Server L1 v1.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS SUSE Linux Enterprise Workstation 11 L1 v2.0.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS CentOS 6 Server L1 v2.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	Huawei EulerOS 2 Server L1 v1.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS Amazon Linux v2.0.0 L1
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS Oracle Linux 6 Server L1 v1.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS Oracle Linux 6 Workstation L1 v1.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.0.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS Red Hat 6 Server L1 v2.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS SUSE Linux Enterprise Server 11 L1 v2.0.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS CentOS 6 Workstation L1 v2.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.0.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS Distribution Independent Linux Workstation L1 v1.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS Ubuntu Linux 16.04 LTS Server L1 v1.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS Ubuntu Linux 16.04 LTS Workstation L1 v1.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	CIS Red Hat 6 Workstation L1 v2.1.0
5.2.6 Ensure SSH IgnoreRhosts is enabled	Unix	Huawei EulerOS 2 Workstation L1 v1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS CentOS 6 Workstation L1 v2.1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS CentOS 6 Server L1 v2.1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Red Hat 6 Workstation L1 v2.1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.0.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Ubuntu Linux 16.04 LTS Server L1 v1.1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Oracle Linux 6 Workstation L1 v1.1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Distribution Independent Linux Workstation L1 v1.1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Amazon Linux v2.0.0 L1
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Ubuntu Linux 16.04 LTS Workstation L1 v1.1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.0.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	Huawei EulerOS 2 Workstation L1 v1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Distribution Independent Linux Server L1 v1.1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS SUSE Linux Enterprise Workstation 11 L1 v2.0.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	Huawei EulerOS 2 Server L1 v1.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS SUSE Linux Enterprise Server 11 L1 v2.0.0
5.2.7 Ensure SSH HostbasedAuthentication is disabled	Unix	CIS Oracle Linux 6 Server L1 v1.1.0
5.12 Disable automatic login	Unix	CIS Apple macOS 10.13 L1 v1.0.0

Detections

Analytics