Detections
Analytics

1.20 UBTU-24-100660

Information

The operating system must use the "SSSD" package for multifactor authentication services.

GROUP ID: V-270663
RULE ID: SV-270663r1066478

Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased.

Multifactor authentication requires using two or more factors to achieve authentication.

Factors include:

 - Something a user knows (e.g., password/PIN);
 - Something a user has (e.g., cryptographic identification device, token); and
 - Something a user is (e.g., biometric).

A privileged account is defined as an information system account with authorizations of a privileged user.

Network access is defined as access to an information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, or the internet).

The DOD common access card (CAC) with DOD-approved PKI is an example of multifactor authentication.

Satisfies: SRG-OS-000705-GPOS-00150, SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055, SRG-OS-000375-GPOS-00160

Solution

Enable the "sssd.service to start automatically on reboot with the following command:

$ sudo systemctl enable sssd.service

ensure the "sssd" service is running

$ sudo systemctl start sssd.service

See Also

https://workbench.cisecurity.org/benchmarks/22775

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(1), 800-53|IA-2(2), CAT|II, CCI|CCI-000765, CCI|CCI-000766, CCI|CCI-004046, CCI|CCI-004047, Rule-ID|SV-270663r1066478_rule, STIG-ID|UBTU-24-100660, Vuln-ID|V-270663

Plugin: Unix

Control ID: 0608df382be75bfa3ea63382a04b0768938c7a3b02e377d5793976ebd7b5d1c7