800-53|IA-2(5)

Title

GROUP AUTHENTICATION

Description

The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.

Supplemental

Requiring individuals to use individual authenticators as a second level of authentication helps organizations to mitigate the risk of using group authenticators.

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIX7-00-001011 - Direct logins to the AIX system must not be permitted to shared accounts, default accounts, application accounts, and utility accounts.UnixDISA STIG AIX 7.x v2r6
AOSX-13-000565 - The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-001100 - The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001100 - The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.UnixDISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-001100 - The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.UnixDISA STIG Apple macOS 11 v1r6
APPL-11-001100 - The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.UnixDISA STIG Apple macOS 11 v1r5
APPL-12-001100 - The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.UnixDISA STIG Apple macOS 12 v1r4
Big Sur - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable Root LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable Root LoginUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable Root LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable Root LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable Root LoginUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable Root LoginUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable Root LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable Root LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable Root LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable Root Login for SSHUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Disable Login to Other User's Active and Locked SessionsUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Disable Root LoginUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Disable Root LoginUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Disable Root LoginUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Disable Root LoginUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Disable Root LoginUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Disable Root LoginUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Disable Root LoginUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Disable Root LoginUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Disable Root LoginUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Disable Root Login for SSHUnixNIST macOS Catalina v1.5.0 - All Profiles
DKER-EE-002180 - SAML integration must be enabled in Docker Enterprise.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
ESXI-06-100037 - The VMM must require individuals to be authenticated with an individual authenticator prior to using a group authenticator by using Active Directory for local user authentication.VMwareDISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-06-100038 - The VMM must require individuals to be authenticated with an individual authenticator prior to using a group authenticator by using the vSphere Authentication Proxy.VMwareDISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-06-100039 - The VMM must require individuals to be authenticated with an individual authenticator prior to using a group authenticator by restricting use of Active Directory ESX Admin group membership.VMwareDISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-65-100037 - The ESXi host must require individuals to be authenticated with an individual authenticator prior to using a group authenticator by using Active Directory for local user authentication.VMwareDISA STIG VMware vSphere ESXi 6.5 v2r3