Detections
Analytics

800-53|IA-8

Title

IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)

Description

The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users).

Supplemental

Non-organizational users include information system users other than organizational users explicitly covered by IA-2. These individuals are uniquely identified and authenticated for accesses other than those accesses explicitly identified and documented in AC-14. In accordance with the E-Authentication E-Government initiative, authentication of non-organizational users accessing federal information systems may be required to protect federal, proprietary, or privacy-related information (with exceptions noted for national security systems). Organizations use risk assessments to determine authentication needs and consider scalability, practicality, and security in balancing the need to ensure ease of use for access to federal information and information systems with the need to protect and adequately mitigate risk. IA-2 addresses identification and authentication requirements for access to information systems by organizational users.

Reference Item Details

Related: AC-14,AC-17,AC-18,AC-2,IA-2,IA-4,IA-5,MA-4,RA-3,SA-12,SC-8

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.1.1 Set 'Accounts: Block Microsoft accounts' to 'Users can't add or log on with Microsoft accounts'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.11.12 Set 'Network Security: Allow PKU2U authentication requeststo this computer to use online identities' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.2.0
2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'WindowsCIS Windows Server 2012 R2 DC L1 v2.4.0
2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'WindowsCIS Microsoft Windows 8.1 L1 Bitlocker v2.3.0
2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'WindowsCIS Windows Server 2012 MS L1 v2.1.0
2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'WindowsCIS Microsoft Windows 8.1 L1 v2.3.0
2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'WindowsCIS Windows Server 2012 DC L1 v2.1.0
2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.2.0
2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'WindowsCIS Windows Server 2012 R2 MS L1 v2.4.0
2.3.11.2 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.1.0
2.3.11.2 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.1.0
2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.2.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 DC L1 v2.4.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.1.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.1.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 L1 Bitlocker v2.3.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.1.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Windows Server 2012 DC L1 v2.1.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Windows Server 2012 MS L1 v2.1.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 MS L1 v2.4.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.2.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 L1 v2.3.0
3.153 - PKU2U authentication using online identities must be prevented.WindowsDISA Windows 7 STIG v1r32
3.153 - PKU2U authentication using online identities will be prevented.WindowsDISA Windows Server 2008 R2 DC STIG v1r34
3.153 - PKU2U authentication using online identities will be prevented.WindowsDISA Windows Server 2008 R2 MS STIG v1r33
4.020 - The built-in guest account is not disabled.WindowsDISA Windows Vista STIG v6r41
8.3.2 Ensure use of the VM console is limitedVMwareCIS VMware ESXi 6.7 v1.1.0 Level 1
18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 L1 Bitlocker v2.3.0
18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.2.0
18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.2.0
18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 L1 v2.3.0
18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 DC L1 v2.4.0
18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 MS L1 v2.4.0
AIX7-00-001009 - All accounts on AIX must be assigned unique User Identification Numbers (UIDs) and must authenticate organizational and non-organizational users (or processes acting on behalf of these users).UnixDISA STIG AIX 7.x v2r9