Detections
Analytics

800-53|IA-8(1)

Title

ACCEPTANCE OF PIV CREDENTIALS FROM OTHER AGENCIES

Description

The information system accepts and electronically verifies Personal Identity Verification (PIV) credentials from other federal agencies.

Supplemental

This control enhancement applies to logical access control systems (LACS) and physical access control systems (PACS). Personal Identity Verification (PIV) credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials.

Reference Item Details

Related: AU-2,PE-3,SA-4

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
DKER-EE-001100 - LDAP integration in Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-001100 - LDAP integration in Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v1r1
DKER-EE-002180 - SAML integration must be enabled in Docker Enterprise.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v1r1
DKER-EE-002180 - SAML integration must be enabled in Docker Enterprise.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
F5BI-AP-000205 - The BIG-IP APM module must accept Personal Identity Verification (PIV) credentials from other federal agencies.F5DISA F5 BIG-IP Access Policy Manager 11.x STIG V1R1
F5BI-AP-000207 - The BIG-IP APM must electronically verify Personal Identity Verification (PIV) credentials from other federal agencies.F5DISA F5 BIG-IP Access Policy Manager 11.x STIG V1R1
F5BI-LT-000205 - The BIG-IP Core implementation must be able to accept Personal Identity Verification (PIV) credentials from other federal agencies when connecting to member pools/nodes.F5DISA F5 BIG-IP Local Traffic Manager 11.x STIG v1r3
F5BI-LT-000207 - The BIG-IP Core implementation must be able to electronically verify Personal Identity Verification (PIV) credentials from other federal agencies when authenticating to virtual servers.F5DISA F5 BIG-IP Local Traffic Manager 11.x STIG v1r3
TCAT-AS-001320 - Multifactor certificate-based tokens (CAC) must be used when accessing the management interface.UnixDISA STIG Apache Tomcat Application Server 9 v2r7
TCAT-AS-001320 - Multifactor certificate-based tokens (CAC) must be used when accessing the management interface.UnixDISA STIG Apache Tomcat Application Server 9 v2r7 Middleware
VCSA-70-000060 - The vCenter Server must require multifactor authentication.VMwareDISA STIG VMware vSphere 7.0 vCenter v1r3
VCSA-70-000080 - The vCenter Server must enable revocation checking for certificate-based authentication.VMwareDISA STIG VMware vSphere 7.0 vCenter v1r3
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.UnixDISA IBM WebSphere Traditional 9 STIG v1r1
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.UnixDISA IBM WebSphere Traditional 9 STIG v1r1 Middleware
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.WindowsDISA IBM WebSphere Traditional 9 Windows STIG v1r1
WBSP-AS-001300 - The WebSphere Application Server must accept PIV credentials from other federal agencies to access management interface.UnixDISA IBM WebSphere Traditional 9 STIG v1r1 Middleware
WBSP-AS-001300 - The WebSphere Application Server must accept PIV credentials from other federal agencies to access management interface.WindowsDISA IBM WebSphere Traditional 9 Windows STIG v1r1
WBSP-AS-001300 - The WebSphere Application Server must accept PIV credentials from other federal agencies to access management interface.UnixDISA IBM WebSphere Traditional 9 STIG v1r1