800-53|AC-14

Title

PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION

Description

The organization:

Supplemental

This control addresses situations in which organizations determine that no identification or authentication is required in organizational information systems. Organizations may allow a limited number of user actions without identification or authentication including, for example, when individuals access public websites or other publicly accessible federal information systems, when individuals use mobile phones to receive calls, or when facsimiles are received. Organizations also identify actions that normally require identification or authentication but may under certain circumstances (e.g., emergencies), allow identification or authentication mechanisms to be bypassed. Such bypasses may occur, for example, via a software-readable physical switch that commands bypass of the logon functionality and is protected from accidental or unmonitored use. This control does not apply to situations where identification and authentication have already occurred and are not repeated, but rather to situations where identification and authentication have not yet occurred. Organizations may decide that there are no user actions that can be performed on organizational information systems without identification and authentication and thus, the values for assignment statements can be none.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: CP-2,IA-2

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Priority: P3

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AIOS-02-080009 - Apple iOS must not display notifications when the device is locked.	MDM	AirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080009 - Apple iOS must not display notifications when the device is locked.	MDM	MobileIron - DISA Apple iOS 10 v1r3
AIOS-02-080010 - Apple iOS must not display notifications (calendar information) when the device is locked.	MDM	AirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080010 - Apple iOS must not display notifications (calendar information) when the device is locked.	MDM	MobileIron - DISA Apple iOS 10 v1r3
ESXI-06-000012 - The SSH daemon must ignore .rhosts files.	Unix	DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix
ESXI-06-000013 - The SSH daemon must not allow host-based authentication.	Unix	DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix
ESXI5-VM-000014 - The unexposed feature keyword isolation.tools.ghi.autologon.disable must be initialized to decrease the VMs potential attack vectors.	VMware	DISA VMware ESXi Version 5 Virtual Machine STIG v2r1
GEN005538 - The SSH daemon must not allow rhosts RSA authentication.	Unix	DISA AIX 5.3 STIG v1r2
GEN005820 - The Network File System (NFS) anonymous UID and GID must be configured to values without permissions - 'anongid'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN005820 - The Network File System (NFS) anonymous UID and GID must be configured to values without permissions - 'anonuid'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN005820 - The NFS anonymous UID and GID must be configured to values that have no permissions - 'anongid'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN005820 - The NFS anonymous UID and GID must be configured to values that have no permissions - 'anonuid'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN005820 - The NFS anonymous UID and GID must be configured to values without permissions.	Unix	DISA STIG AIX 6.1 v1r14
VMCH-06-000009 - The unexposed feature keyword isolation.tools.ghi.autologon.disable must be set.	VMware	DISA VMware vSphere Virtual Machine Version 6 STIG v1r1

Detections

Analytics