800-53|IA-2(3)

Title

LOCAL ACCESS TO PRIVILEGED ACCOUNTS

Description

The information system implements multifactor authentication for local access to privileged accounts.

Reference Item Details

Related: AC-6

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.8 - /etc/security/user - 'sugroups=ALL su=true'UnixCIS AIX 5.3/6.1 L1 v1.1.0
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.licenseUnixDISA STIG AIX 7.x v2r1
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.licenseUnixDISA STIG AIX 7.x v2r3
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.pam.baseUnixDISA STIG AIX 7.x v2r3
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.pam.baseUnixDISA STIG AIX 7.x v2r1
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.pam.fallbackUnixDISA STIG AIX 7.x v2r1
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.pam.fallbackUnixDISA STIG AIX 7.x v2r3
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.pam.pmfamapperUnixDISA STIG AIX 7.x v2r1
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.pam.pmfamapperUnixDISA STIG AIX 7.x v2r3
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.pam.usbsmartcardUnixDISA STIG AIX 7.x v2r1
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.pam.usbsmartcardUnixDISA STIG AIX 7.x v2r3
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication.UnixDISA STIG AIX 7.x v2r9
AMLS-NM-000220 - The Arista Multilayer Switch must use multifactor authentication for local access to privileged accounts.AristaDISA STIG Arista MLS DCS-7000 Series NDM v1r4
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - ChallengeResponseAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r1
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - ChallengeResponseAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r4
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - ChallengeResponseAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - ChallengeResponseAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r5
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - enforceSmartCardUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - PasswordAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r4
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - PasswordAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r5
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - PasswordAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r1
AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - PasswordAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - ChallengeResponseAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r1
AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - ChallengeResponseAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r5
AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - ChallengeResponseAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r4
AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - PasswordAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r4
AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - PasswordAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r1
AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - PasswordAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r5
APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.UnixDISA STIG Apple macOS 11 v1r8
APPL-12-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-003020 - The macOS system must use multifactor authentication for local access to privileged and nonprivileged accounts.UnixDISA STIG Apple macOS 13 v1r4
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - CNSSI 1253