800-53|IA-2(4)

Title

LOCAL ACCESS TO NON-PRIVILEGED ACCOUNTS

Description

The information system implements multifactor authentication for local access to non-privileged accounts.

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication.UnixDISA STIG AIX 7.x v2r9
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - ChallengeResponseAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - enforceSmartCardUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - PasswordAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r6
APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.UnixDISA STIG Apple macOS 11 v1r8
APPL-12-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-003020 - The macOS system must use multifactor authentication for local access to privileged and nonprivileged accounts.UnixDISA STIG Apple macOS 13 v1r4
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
DKER-EE-002180 - SAML integration must be enabled in Docker Enterprise.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
GEN009120 - System must be configured to require the use of CAC, PIV compliant hardware token, or Alternate Logon Token for authenticationUnixDISA STIG AIX 5.3 v1r2
GEN009120 - The system must be configured to require the use of a CAC, PIV compliant token or Alternate Logon Token for authentication.UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN009120 - The system, if capable, must be configured to require the use of a CAC, PIV compliant hardware token, or Alternate Logon Token (ALT) for authentication.UnixDISA STIG Solaris 10 SPARC v2r4
GEN009120 - The system, if capable, must be configured to require the use of a CAC, PIV compliant hardware token, or Alternate Logon Token (ALT) for authentication.UnixDISA STIG Solaris 10 X86 v2r4
GEN009120 - The system, if capable, must be configured to require the use of a CAC, PIV compliant hardware token, or Alternate Logon Token (ALT) for authentication.UnixDISA STIG for Oracle Linux 5 v2r1
GEN009120 - The system, if capable, must be configured to require the use of a CAC, PIV compliant hardware token, or Alternate Logon Token.UnixDISA STIG AIX 6.1 v1r14
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - 800-171
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - 800-53r5 Low
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - All Profiles
O112-C2-012900 - The DBMS must use multifactor authentication for access to user accounts.UnixDISA STIG Oracle 11.2g v2r5 Linux
O112-C2-012900 - The DBMS must use multifactor authentication for access to user accounts.WindowsDISA STIG Oracle 11.2g v2r5 Windows
OL07-00-010500 - The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.UnixDISA Oracle Linux 7 STIG v2r14
RHEL-09-255035 - RHEL 9 SSHD must accept public key authentication.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-611160 - RHEL 9 must use the common access card (CAC) smart card driver.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
SLES-12-030520 - The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).UnixDISA SLES 12 STIG v2r13
UBTU-16-030840 - The Ubuntu operating system must implement smart card logins for multifactor authentication for access to accounts.UnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-18-010427 - The Ubuntu operating system must implement smart card logins for multifactor authentication for access to accounts.UnixDISA STIG Ubuntu 18.04 LTS v2r15