800-53|IA-2(6)

Title

NETWORK ACCESS TO PRIVILEGED ACCOUNTS - SEPARATE DEVICE

Description

The information system implements multifactor authentication for network access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access and the device meets [Assignment: organization-defined strength of mechanism requirements].

Reference Item Details

Related: AC-6

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
Big Sur - Disable Password Authentication for SSHUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Catalina - Disable Password Authentication for SSHUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Monterey - Disable Password Authentication for SSHUnixNIST macOS Monterey v1.0.0 - 800-171
Monterey - Disable Password Authentication for SSHUnixNIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Disable Password Authentication for SSHUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Disable Password Authentication for SSHUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Disable Password Authentication for SSHUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Disable Password Authentication for SSHUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Disable Password Authentication for SSHUnixNIST macOS Monterey v1.0.0 - 800-53r5 Low
Monterey - Disable Password Authentication for SSHUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Disable Password Authentication for SSHUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - 800-171
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - 800-53r5 Low
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Enforce Smartcard AuthenticationUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Salesforce.com : Setting Session Security - 'Enable SMS-based identity confirmation = true'Salesforce.comTNS Salesforce Best Practices Audit v1.2.0
WN11-CC-000165 - Unauthenticated RPC clients must be restricted from connecting to the RPC server.WindowsDISA Windows 11 STIG v1r1