800-53|IA-5(11)

Title

HARDWARE TOKEN-BASED AUTHENTICATION

Description

The information system, for hardware token-based authentication, employs mechanisms that satisfy [Assignment: organization-defined token quality requirements].

Supplemental

Hardware token-based authentication typically refers to the use of PKI-based tokens, such as the U.S. Government Personal Identity Verification (PIV) card. Organizations define specific requirements for tokens, such as working with a particular PKI.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: AUTHENTICATOR MANAGEMENT

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1.2.1.66 Set 'Interactive logon: Require smart card' to 'Disabled'	Windows	CIS Windows 2003 MS v3.1.0
1.1.1.2.1.66 Set 'Interactive logon: Require smart card' to 'Disabled'	Windows	CIS Windows 2003 DC v3.1.0
1.1.3.6.3 Configure 'Interactive logon: Require smart card'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.1.16 Set 'Require use of smart cards on fixed data drives' to 'True'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.3.15 Set 'Configure use of smart cards on removable data drives' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.3.16 Set 'Require use of smart cards on removable data drives' to 'True'	Windows	CIS Windows 8 L1 v1.0.0
1.5 Ensure MFA is enabled for the 'root user' account - root user account	amazon_aws	CIS Amazon Web Services Foundations L1 1.3.0
1.6 Ensure hardware MFA is enabled for the 'root user' account - root user account	amazon_aws	CIS Amazon Web Services Foundations L2 1.3.0
1.6.1 - The operating system must uniquely identify and authenticate users using multifactor authentication via graphical logon.	Unix	Tenable Fedora Linux Best Practices v2.0.0
1.9.29 Interactive logon: Require smart card	Windows	CIS Windows 2008 Enterprise v1.2.0
1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password	amazon_aws	CIS Amazon Web Services Foundations L1 1.3.0
1.500 - The system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication - module	Unix	Tenable Fedora Linux Best Practices v2.0.0
1.500 - The system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication - pam_pkcs11	Unix	Tenable Fedora Linux Best Practices v2.0.0
1.500 - The system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication - removal	Unix	Tenable Fedora Linux Best Practices v2.0.0
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLocker
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 BL
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.9.1.12 (L1) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLocker
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.9.1.13 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 BL
18.10.9.1.13 (L1) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.9.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLocker
18.10.9.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 BL
18.10.9.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.9.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG

Detections

Analytics