800-53|IA-3

Title

DEVICE IDENTIFICATION AND AUTHENTICATION

Description

The information system uniquely identifies and authenticates [Assignment: organization-defined specific and/or types of devices] before establishing a [Selection (one or more): local; remote; network] connection.

Supplemental

Organizational devices requiring unique device-to-device identification and authentication may be defined by type, by device, or by a combination of type/device. Information systems typically use either shared known information (e.g., Media Access Control [MAC] or Transmission Control Protocol/Internet Protocol [TCP/IP] addresses) for device identification or organizational authentication solutions (e.g., IEEE 802.1x and Extensible Authentication Protocol [EAP], Radius server with EAP-Transport Layer Security [TLS] authentication, Kerberos) to identify/authenticate devices on local and/or wide area networks. Organizations determine the required strength of authentication mechanisms by the security categories of information systems. Because of the challenges of applying this control on large scale, organizations are encouraged to only apply the control to those limited number (and type) of devices that truly need to support this capability.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-17,AC-18,AC-19,CA-3,IA-4,IA-5

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3.11.3 Set 'Network security: Allow Local System to use computer identity for NTLM' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.27 Disable Automounting	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.28 Disable USB Storage - /bin/true	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.28 Disable USB Storage - blacklist	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.2.4.2.2.27 Set 'Allow Secure Boot for integrity validation' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.8.18 Ensure graphical user interface automounter is disabled - automount	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - automount-open	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - automount-open=false	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - automount=false	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - autorun-never	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - autorun-never=true	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.9.1.1 Ensure 'NTP authentication' is enabled	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.9.1.2 Ensure 'NTP authentication key' is configured correctly	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.11 Ensure Web Tier ELB is using HTTPS listener	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0
1.14 Ensure App Tier ELB is using HTTPS listener	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Windows Server 2012 DC L1 v3.0.0
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL

Detections

Analytics