Detections
Analytics

800-53|IA-2(12)

Title

ACCEPTANCE OF PIV CREDENTIALS

Description

The information system accepts and electronically verifies Personal Identity Verification (PIV) credentials.

Supplemental

This control enhancement applies to organizations implementing logical access control systems (LACS) and physical access control systems (PACS). Personal Identity Verification (PIV) credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials.

Reference Item Details

Related: AU-2,PE-3,SA-4

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.8.8 Ensure users must authenticate users using MFA via a graphical user logonUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.10 Ensure required packages for multifactor authentication are installedUnixCIS Amazon Linux 2 STIG v2.0.0 STIG
1.10 Ensure required packages for multifactor authentication are installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.12 Ensure the operating system accepts PIV credentialsUnixCIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG
1.29 UBTU-24-100900UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.51 APPL-14-001060UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.62 RHEL-09-215075UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.73 OL08-00-010400UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.74 OL08-00-010410UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.80 UBTU-24-400060UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.103 UBTU-22-612015UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.105 UBTU-22-612025UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.124 APPL-14-003020UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.125 APPL-14-003030UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.341 RHEL-09-611170UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.344 RHEL-09-611185UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
5.4.9 Ensure multifactor authentication for access to privileged accountsUnixCIS Amazon Linux 2 STIG v2.0.0 STIG
5.4.9 Ensure multifactor authentication for access to privileged accounts - PAM.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.10 Ensure certificate status checking for PKI authenticationUnixCIS Amazon Linux 2 STIG v2.0.0 STIG
5.4.10 Ensure certificate status checking for PKI authenticationUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-003205 - The AIX operating system must accept and verify Personal Identity Verification (PIV) credentials.UnixDISA STIG AIX 7.x v3r1
ALMA-09-034010 - AlmaLinux OS 9 must have the openssl-pkcs11 package installed.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
APPL-14-001060 - The macOS system must set smart card certificate trust to moderate.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-14-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-14-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-15-001060 - The macOS system must set smart card certificate trust to moderate.UnixDISA Apple macOS 15 Sequoia STIG v1r5
APPL-15-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 15 Sequoia STIG v1r5
APPL-15-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 15 Sequoia STIG v1r5
APPL-26-001060 - The macOS system must set smart card certificate trust to moderate.UnixDISA Apple macOS 26 Tahoe STIG v1r1
APPL-26-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 26 Tahoe STIG v1r1
APPL-26-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 26 Tahoe STIG v1r1
AZLX-23-001125 - Amazon Linux 2023 must have the opensc package installed.UnixDISA Amazon Linux 2023 STIG v1r2
AZLX-23-001130 - Amazon Linux 2023 must have the openssl-pkcs11 package installed.UnixDISA Amazon Linux 2023 STIG v1r2
AZLX-23-001300 - Amazon Linux 2023 must implement certificate status checking for multifactor authentication.UnixDISA Amazon Linux 2023 STIG v1r2
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253