800-53|IA-8(1)

Title

ACCEPTANCE OF PIV CREDENTIALS FROM OTHER AGENCIES

Description

The information system accepts and electronically verifies Personal Identity Verification (PIV) credentials from other federal agencies.

Supplemental

This control enhancement applies to logical access control systems (LACS) and physical access control systems (PACS). Personal Identity Verification (PIV) credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials.

Reference Item Details

Related: AU-2,PE-3,SA-4

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
DKER-EE-001100 - LDAP integration in Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
DKER-EE-002180 - SAML integration must be enabled in Docker Enterprise.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
TCAT-AS-001320 - Multifactor certificate-based tokens (CAC) must be used when accessing the management interface.UnixDISA STIG Apache Tomcat Application Server 9 v3r1 Middleware
VCSA-70-000060 - The vCenter Server must require multifactor authentication.VMwareDISA STIG VMware vSphere 7.0 vCenter v1r3
VCSA-70-000080 - The vCenter Server must enable revocation checking for certificate-based authentication.VMwareDISA STIG VMware vSphere 7.0 vCenter v1r3
VCSA-80-000060 The vCenter Server must require multifactor authentication.VMwareDISA VMware vSphere 8.0 vCenter STIG v2r1
VCSA-80-000080 The vCenter Server must enable revocation checking for certificate-based authentication.VMwareDISA VMware vSphere 8.0 vCenter STIG v2r1
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.UnixDISA IBM WebSphere Traditional 9 STIG v1r1
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.WindowsDISA IBM WebSphere Traditional 9 Windows STIG v1r1
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.UnixDISA IBM WebSphere Traditional 9 STIG v1r1 Middleware
WBSP-AS-001300 - The WebSphere Application Server must accept PIV credentials from other federal agencies to access management interface.UnixDISA IBM WebSphere Traditional 9 STIG v1r1 Middleware
WBSP-AS-001300 - The WebSphere Application Server must accept PIV credentials from other federal agencies to access management interface.UnixDISA IBM WebSphere Traditional 9 STIG v1r1
WBSP-AS-001300 - The WebSphere Application Server must accept PIV credentials from other federal agencies to access management interface.WindowsDISA IBM WebSphere Traditional 9 Windows STIG v1r1