800-53|AC-4(17)

Title

DOMAIN AUTHENTICATION

Description

The information system uniquely identifies and authenticates source and destination points by [Selection (one or more): organization, system, application, individual] for information transfer.

Supplemental

Attribution is a critical component of a security concept of operations. The ability to identify source and destination points for information flowing in information systems, allows the forensic reconstruction of events when required, and encourages policy compliance by attributing policy violations to specific organizations/individuals. Successful domain authentication requires that information system labels distinguish among systems, organizations, and individuals involved in preparing, sending, receiving, or disseminating information.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: IA-2,IA-3,IA-4,IA-5

Category: ACCESS CONTROL

Parent Title: INFORMATION FLOW ENFORCEMENT

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
4.7.1 Ensure authentication is set to MD5	Juniper	CIS Juniper OS Benchmark v2.0.0 L1
4.8.1 Ensure authentication is set to MD5	Juniper	CIS Juniper OS Benchmark v2.0.0 L1
AMLS-L3-000220 - The Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP - BGP	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r3
AMLS-L3-000220 - The Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP - IS-IS auth mode	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r3
AMLS-L3-000220 - The Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP - IS-IS md5 key	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r3
AMLS-L3-000220 - The Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP - OSPF MD5 Key	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r3
AMLS-L3-000220 - The Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP - OSPF message-digest	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r3
ARST-RT-000280 - The Arista router must be configured to authenticate all routing protocol messages using NIST-validated FIPS 198-1 message authentication code algorithm.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000470 - The Arista BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
BGP: Authenticate peers	Alcatel	TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit
CISC-RT-000020 - The Cisco router must be configured to implement message authentication for all control plane protocols - BGP	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000020 - The Cisco router must be configured to implement message authentication for all control plane protocols - EIGRP	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000020 - The Cisco router must be configured to implement message authentication for all control plane protocols - IS-IS	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000020 - The Cisco router must be configured to implement message authentication for all control plane protocols - RIP	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000020 - The Cisco switch must be configured to implement message authentication for all control plane protocols - bgp	Cisco	DISA STIG Cisco NX-OS Switch RTR v1r1
CISC-RT-000020 - The Cisco switch must be configured to implement message authentication for all control plane protocols - bgp	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000020 - The Cisco switch must be configured to implement message authentication for all control plane protocols - ospf	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000020 - The Cisco switch must be configured to implement message authentication for all control plane protocols - ospf	Cisco	DISA STIG Cisco NX-OS Switch RTR v1r1
CISC-RT-000020 - The Cisco switch must be configured to implement message authentication for all control plane protocols - rip	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000020 - The Cisco switch must be configured to implement message authentication for all control plane protocols - rip	Cisco	DISA STIG Cisco NX-OS Switch RTR v1r1
CISC-RT-000020 - The Cisco switch must be configured to implement message authentication for all control plane protocols.	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r3
CISC-RT-000030 - The Cisco router must be configured to use keys with a duration not exceeding 180 days for authenticating routing protocol messages.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r3
CISC-RT-000030 - The Cisco router must be configured to use keys with a duration not exceeding 180 days for authenticating routing protocol messages.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000030 - The Cisco router must be configured to use keys with a duration not exceeding 180 days for authenticating routing protocol messages.	Cisco	DISA STIG Cisco IOS Router RTR v1r4
CISC-RT-000030 - The Cisco router must be configured to use keys with a duration not exceeding 180 days for authenticating routing protocol messages.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r2
CISC-RT-000030 - The Cisco router must be configured to use keys with a duration not exceeding 180 days for authenticating routing protocol messages.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r1
CISC-RT-000030 - The Cisco switch must be configured to use keys with a duration not exceeding 180 days for authenticating routing protocol messages.	Cisco	DISA STIG Cisco NX-OS Switch RTR v1r1
CISC-RT-000030 - The Cisco switch must be configured to use keys with a duration not exceeding 180 days for authenticating routing protocol messages.	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000030 - The Cisco switch must be configured to use keys with a duration not exceeding 180 days for authenticating routing protocol messages.	Cisco	DISA STIG Cisco IOS XE Switch RTR v1r1
CISC-RT-000030 - The Cisco switch must be configured to use keys with a duration not exceeding 180 days for authenticating routing protocol messages.	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r3
CISC-RT-000030 - The Cisco switch must be configured to use keys with a duration not exceeding 180 days for authenticating routing protocol messages.	Cisco	DISA STIG Cisco IOS Switch RTR v1r1
CISC-RT-000040 - The Cisco router must be configured to use encryption for routing protocol authentication - BGP	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000040 - The Cisco router must be configured to use encryption for routing protocol authentication - EIGRP	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000040 - The Cisco router must be configured to use encryption for routing protocol authentication - IS-IS	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000040 - The Cisco router must be configured to use encryption for routing protocol authentication - RIP	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000050 - The Cisco router must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime.	Cisco	DISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000050 - The Cisco router must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000050 - The Cisco router must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000050 - The Cisco switch must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime.	Cisco	DISA STIG Cisco IOS XE Switch RTR v2r5
CISC-RT-000050 - The Cisco switch must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime.	Cisco	DISA STIG Cisco IOS Switch RTR v2r5
CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.	Cisco	DISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000480 - The Cisco BGP switch must be configured to use a unique key for each autonomous system (AS) that it peers with.	Cisco	DISA STIG Cisco IOS XE Switch RTR v2r5
CISC-RT-000480 - The Cisco BGP switch must be configured to use a unique key for each autonomous system (AS) that it peers with.	Cisco	DISA STIG Cisco NX-OS Switch RTR v1r1
CISC-RT-000480 - The Cisco BGP switch must be configured to use a unique key for each autonomous system (AS) that it peers with.	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000480 - The Cisco BGP switch must be configured to use a unique key for each autonomous system (AS) that it peers with.	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r3
JUEX-RT-000530 - The Juniper router must be configured to implement message authentication for all control plane protocols.	Juniper	DISA Juniper EX Series Router v1r3
JUEX-RT-000540 - The Juniper BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.	Juniper	DISA Juniper EX Series Router v1r3

Detections

Analytics