800-53|IA-2(3)

Title

LOCAL ACCESS TO PRIVILEGED ACCOUNTS

Description

The information system implements multifactor authentication for local access to privileged accounts.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-6

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.8 - /etc/security/user - 'sugroups=ALL su=true'	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication.	Unix	DISA STIG AIX 7.x v2r9
AMLS-NM-000220 - The Arista Multilayer Switch must use multifactor authentication for local access to privileged accounts.	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r4
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - ChallengeResponseAuthentication	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - enforceSmartCard	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - PasswordAuthentication	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-12-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-13-003020 - The macOS system must use multifactor authentication for local access to privileged and nonprivileged accounts.	Unix	DISA STIG Apple macOS 13 v1r4
Big Sur - Enforce Smartcard Authentication	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Smartcard Authentication	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Smartcard Authentication	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Smartcard Authentication	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Smartcard Authentication	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Smartcard Authentication	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Smartcard Authentication	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Smartcard Authentication	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Smartcard Authentication	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - 800-171
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
DKER-EE-002180 - SAML integration must be enabled in Docker Enterprise.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
ESXI-06-000012 - The SSH daemon must ignore .rhosts files.	Unix	DISA STIG VMware vSphere 6.x ESXi OS v1r5
ESXI-06-000040 - The system must use multifactor authentication for local access to privileged accounts.	VMware	DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-65-000012 - The ESXi host SSH daemon must ignore .rhosts files.	Unix	DISA STIG VMware vSphere ESXi OS 6.5 v2r4
ESXI-65-000040 - The ESXi host must use multifactor authentication for local access to privileged accounts.	VMware	DISA STIG VMware vSphere ESXi 6.5 v2r4
ESXI-67-000012 - The ESXi host SSH daemon must ignore .rhosts files.	Unix	DISA STIG VMware vSphere 6.7 ESXi OS v1r3
ESXI-67-000040 - The ESXi host must use multifactor authentication for local DCUI access to privileged accounts.	VMware	DISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-70-000012 - The ESXi host Secure Shell (SSH) daemon must ignore '.rhosts' files.	Unix	DISA STIG VMware vSphere 7.0 ESXi OS v1r2
GOOG-12-007200 - Google Android 12 must be configured to disable trust agents.	MDM	AirWatch - DISA Google Android 12 COPE v1r2
GOOG-12-007200 - Google Android 12 must be configured to disable trust agents.	MDM	MobileIron - DISA Google Android 12 COBO v1r2
GOOG-12-007200 - Google Android 12 must be configured to disable trust agents.	MDM	MobileIron - DISA Google Android 12 COPE v1r2
GOOG-12-007200 - Google Android 12 must be configured to disable trust agents.	MDM	AirWatch - DISA Google Android 12 COBO v1r2
GOOG-13-707200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.	MDM	MobileIron - DISA Google Android 13 BYOD v1r2
GOOG-13-707200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.	MDM	AirWatch - DISA Google Android 13 BYOD v1r2
GOOG-14-707200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.	MDM	AirWatch - DISA Google Android 14 BYOAD v1r1
GOOG-14-707200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.	MDM	MobileIron - DISA Google Android 14 BYOAD v1r1
Monterey - Enforce Smartcard Authentication	Unix	NIST macOS Monterey v1.0.0 - 800-171
Monterey - Enforce Smartcard Authentication	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 Low
Monterey - Enforce Smartcard Authentication	Unix	NIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Enforce Smartcard Authentication	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Enforce Smartcard Authentication	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Enforce Smartcard Authentication	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 High

Detections

Analytics

800-53|IA-2(3)

Title

Description

Reference Item Details

Audit Items