800-53|IA-2(8)

Title

NETWORK ACCESS TO PRIVILEGED ACCOUNTS - REPLAY RESISTANT

Description

The information system implements replay-resistant authentication mechanisms for network access to privileged accounts.

Supplemental

Authentication processes resist replay attacks if it is impractical to achieve successful authentications by replaying previous authentication messages. Replay-resistant techniques include, for example, protocols that use nonces or challenges such as Transport Layer Security (TLS) and time synchronous or challenge-response one-time authenticators.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.	Unix	DISA STIG AIX 7.x v2r9
AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
APPL-11-000011 - The macOS system must disable the SSHD service.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000011 - The macOS system must disable the SSHD service.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-14-000080 - The macOS system must enable SSH server for remote access sessions.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-001150 - The macOS system must disable password authentication for SSH.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-003020 - The macOS system must enforce smart card authentication.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-003030 - The macOS system must allow smart card authentication.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-003050 - The macOS system must enforce multifactor authentication for logon.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-003051 - The macOS system must enforce multifactor authentication for the su command.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-003052 - The macOS system must enforce multifactor authentication for privilege escalation through the sudo command.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-15-001150 - The macOS system must disable password authentication for SSH.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-003020 - The macOS system must enforce smart card authentication.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-003030 - The macOS system must allow smart card authentication.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-003050 - The macOS system must enforce multifactor authentication for login.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-003051 - The macOS system must enforce multifactor authentication for the su command.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-003052 - The macOS system must enforce multifactor authentication for privilege escalation through the sudo command.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
ARST-ND-000690 - The Arista network devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions.	Arista	DISA STIG Arista MLS EOS 4.2x NDM v2r1
Big Sur - Disable Password Authentication for SSH	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable SSH Server for Remote Access Sessions	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable SSH Server for Remote Access Sessions	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable SSH Server for Remote Access Sessions	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable SSH Server for Remote Access Sessions	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable SSH Server for Remote Access Sessions	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable SSH Server for Remote Access Sessions	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable SSH Server for Remote Access Sessions	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable SSH Server for Remote Access Sessions	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable SSH Server for Remote Access Sessions	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Multifactor Authentication for Login	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Multifactor Authentication for Login	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Multifactor Authentication for Login	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Multifactor Authentication for Login	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Multifactor Authentication for Login	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Multifactor Authentication for Login	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Multifactor Authentication for Login	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Multifactor Authentication for Login	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Multifactor Authentication for Login	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo Command	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo Command	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo Command	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo Command	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo Command	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo Command	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo Command	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo Command	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo Command	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Multifactor Authentication for the su Command	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Multifactor Authentication for the su Command	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Multifactor Authentication for the su Command	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Multifactor Authentication for the su Command	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low

Detections

Analytics