Detections
Analytics

800-53|IA-2(12)

Title

ACCEPTANCE OF PIV CREDENTIALS

Description

The information system accepts and electronically verifies Personal Identity Verification (PIV) credentials.

Supplemental

This control enhancement applies to organizations implementing logical access control systems (LACS) and physical access control systems (PACS). Personal Identity Verification (PIV) credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials.

Reference Item Details

Related: AU-2,PE-3,SA-4

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.8.8 Ensure users must authenticate users using MFA via a graphical user logonUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.10 Ensure required packages for multifactor authentication are installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.10 Ensure required packages for multifactor authentication are installed - escUnixCIS Amazon Linux 2 STIG v1.0.0 L3
1.10 Ensure required packages for multifactor authentication are installed - pam_pkcs11UnixCIS Amazon Linux 2 STIG v1.0.0 L3
5.4.9 Ensure multifactor authentication for access to privileged accounts - PAM.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.10 Ensure certificate status checking for PKI authenticationUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-003205 - The AIX operating system must accept and verify Personal Identity Verification (PIV) credentials - PIV credentialsUnixDISA STIG AIX 7.x v2r9
APPL-14-001060 - The macOS system must set smart card certificate trust to moderate.UnixDISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-15-001060 - The macOS system must set smart card certificate trust to moderate.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Set Smartcard Certificate Trust to HighUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Set Smartcard Certificate Trust to HighUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Smartcard Certificate Trust to HighUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
CASA-VN-000660 - The Cisco VPN remote access server must be configured to accept Common Access Card (CAC) credential credentials.CiscoDISA STIG Cisco ASA VPN v2r1
Catalina - Allow Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Allow Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Allow Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Allow Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Allow Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Allow Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Allow Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Allow Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate