800-53|AC-4(17)

Title

DOMAIN AUTHENTICATION

Description

The information system uniquely identifies and authenticates source and destination points by [Selection (one or more): organization, system, application, individual] for information transfer.

Supplemental

Attribution is a critical component of a security concept of operations. The ability to identify source and destination points for information flowing in information systems, allows the forensic reconstruction of events when required, and encourages policy compliance by attributing policy violations to specific organizations/individuals. Successful domain authentication requires that information system labels distinguish among systems, organizations, and individuals involved in preparing, sending, receiving, or disseminating information.

Reference Item Details

Related: IA-2,IA-3,IA-4,IA-5

Category: ACCESS CONTROL

Parent Title: INFORMATION FLOW ENFORCEMENT

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AMLS-L3-000220 - The Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP - BGPAristaDISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000220 - The Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP - IS-IS auth modeAristaDISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000220 - The Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP - IS-IS md5 keyAristaDISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000220 - The Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP - OSPF MD5 KeyAristaDISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000220 - The Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP - OSPF message-digestAristaDISA STIG Arista MLS DCS-7000 Series RTR v1r4
ARST-RT-000280 - The Arista router must be configured to authenticate all routing protocol messages using NIST-validated FIPS 198-1 message authentication code algorithm.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000470 - The Arista BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
BGP: Authenticate peersAlcatelTNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit
CISC-RT-000020 - The Cisco switch must be configured to implement message authentication for all control plane protocols.CiscoDISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000030 - The Cisco switch must be configured to use keys with a duration not exceeding 180 days for authenticating routing protocol messages.CiscoDISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000050 - The Cisco router must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime.CiscoDISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000050 - The Cisco router must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime.CiscoDISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000050 - The Cisco router must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime.CiscoDISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000050 - The Cisco switch must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime.CiscoDISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000050 - The Cisco switch must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime.CiscoDISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.CiscoDISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.CiscoDISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.CiscoDISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000480 - The Cisco BGP switch must be configured to use a unique key for each autonomous system (AS) that it peers with.CiscoDISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000480 - The Cisco BGP switch must be configured to use a unique key for each autonomous system (AS) that it peers with.CiscoDISA STIG Cisco NX-OS Switch RTR v3r1
JUEX-RT-000530 - The Juniper router must be configured to implement message authentication for all control plane protocols.JuniperDISA Juniper EX Series Router v2r1
JUEX-RT-000540 - The Juniper BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.JuniperDISA Juniper EX Series Router v2r1
JUEX-RT-000550 - The Juniper router must be configured to use keys with a duration not exceeding 180 days for authenticating routing protocol messages.JuniperDISA Juniper EX Series Router v2r1
JUNI-RT-000020 - The Juniper router must be configured to implement message authentication for all control plane protocols - BGPJuniperDISA STIG Juniper Router RTR v3r1
JUNI-RT-000020 - The Juniper router must be configured to implement message authentication for all control plane protocols - IS-IS keyJuniperDISA STIG Juniper Router RTR v3r1
JUNI-RT-000020 - The Juniper router must be configured to implement message authentication for all control plane protocols - IS-IS typeJuniperDISA STIG Juniper Router RTR v3r1
JUNI-RT-000020 - The Juniper router must be configured to implement message authentication for all control plane protocols - LDPJuniperDISA STIG Juniper Router RTR v3r1
JUNI-RT-000020 - The Juniper router must be configured to implement message authentication for all control plane protocols - OSPFJuniperDISA STIG Juniper Router RTR v3r1
JUNI-RT-000020 - The Juniper router must be configured to implement message authentication for all control plane protocols - RIP keyJuniperDISA STIG Juniper Router RTR v3r1
JUNI-RT-000020 - The Juniper router must be configured to implement message authentication for all control plane protocols - RIP typeJuniperDISA STIG Juniper Router RTR v3r1
JUNI-RT-000030 - The Juniper router must be configured to use keys with a duration not exceeding 180 days for authenticating routing protocol messages.JuniperDISA STIG Juniper Router RTR v3r1
JUNI-RT-000470 - The Juniper BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.JuniperDISA STIG Juniper Router RTR v3r1