CCI|CCI-000765

Title

Implement multifactor authentication for network access to privileged accounts.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIOS-16-014800 - Apple iOS/iPadOS 16 must be configured to disable Auto Unlock of the iPhone by an Apple Watch.MDMAirWatch - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-014800 - Apple iOS/iPadOS 16 must be configured to disable Auto Unlock of the iPhone by an Apple Watch.MDMMobileIron - DISA Apple iOS/iPadOS 16 v2r1
AIOS-17-014800 - Apple iOS/iPadOS 17 must be configured to disable 'Auto Unlock' of the iPhone by an Apple Watch - Auto Unlock of the iPhone by an Apple Watch.MDMMobileIron - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-014800 - Apple iOS/iPadOS 17 must be configured to disable 'Auto Unlock' of the iPhone by an Apple Watch - Auto Unlock of the iPhone by an Apple Watch.MDMAirWatch - DISA Apple iOS/iPadOS 17 v2r1
AIOS-18-014800 - Apple iOS/iPadOS 18 must be configured to disable 'Auto Unlock' of the iPhone by an Apple Watch - Auto Unlock of the iPhone by an Apple Watch.MDMMobileIron - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-014800 - Apple iOS/iPadOS 18 must be configured to disable 'Auto Unlock' of the iPhone by an Apple Watch - Auto Unlock of the iPhone by an Apple Watch.MDMAirWatch - DISA Apple iOS/iPadOS 18 v1r1
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication.UnixDISA STIG AIX 7.x v3r1
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - ChallengeResponseAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - enforceSmartCardUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - PasswordAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r6
APPL-14-001150 - The macOS system must disable password authentication for SSH.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-003050 - The macOS system must enforce multifactor authentication for logon.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-003051 - The macOS system must enforce multifactor authentication for the su command.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-003052 - The macOS system must enforce multifactor authentication for privilege escalation through the sudo command.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-001150 - The macOS system must disable password authentication for SSH.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-003050 - The macOS system must enforce multifactor authentication for login.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-003051 - The macOS system must enforce multifactor authentication for the su command.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-003052 - The macOS system must enforce multifactor authentication for privilege escalation through the sudo command.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
Big Sur - Enforce multifactor authentication for network access to privileged accountsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Enforce multifactor authentication for network access to privileged accountsUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
DKER-EE-002180 - SAML integration must be enabled in Docker Enterprise.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
ESXI-80-000052 The ESXi host Secure Shell (SSH) daemon must ignore .rhosts files.UnixDISA VMware vSphere 8.0 ESXi STIG OS v2r1
GOOG-13-007200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.MDMMobileIron - DISA Google Android 13 COPE v2r1
GOOG-13-007200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.MDMAirWatch - DISA Google Android 13 COBO v2r1
GOOG-13-007200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.MDMMobileIron - DISA Google Android 13 COBO v2r1
GOOG-13-007200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.MDMAirWatch - DISA Google Android 13 COPE v2r1
GOOG-14-007200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.MDMAirWatch - DISA Google Android 14 COBO v2r1
GOOG-14-007200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.MDMMobileIron - DISA Google Android 14 COPE v2r1
GOOG-14-007200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.MDMMobileIron - DISA Google Android 14 COBO v2r1
GOOG-14-007200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.MDMAirWatch - DISA Google Android 14 COPE v2r1
JBOS-AS-000265 - The JBoss Server must be configured to use certificates to authenticate admins.UnixDISA JBoss EAP 6.3 STIG v2r5
Monterey - Enforce multifactor authentication for network access to privileged accountsUnixNIST macOS Monterey v1.0.0 - All Profiles
O112-C2-012900 - The DBMS must use multifactor authentication for access to user accounts.UnixDISA STIG Oracle 11.2g v2r5 Linux
O112-C2-012900 - The DBMS must use multifactor authentication for access to user accounts.WindowsDISA STIG Oracle 11.2g v2r5 Windows
O121-C2-012900 - The DBMS must use multifactor authentication for access to user accounts.UnixDISA STIG Oracle 12c v3r2 Linux
O121-C2-012900 - The DBMS must use multifactor authentication for access to user accounts.WindowsDISA STIG Oracle 12c v3r2 Windows
OL07-00-010500 - The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.UnixDISA Oracle Linux 7 STIG v3r1