Detections
Analytics

800-53|IA-2(8)

Title

NETWORK ACCESS TO PRIVILEGED ACCOUNTS - REPLAY RESISTANT

Description

The information system implements replay-resistant authentication mechanisms for network access to privileged accounts.

Supplemental

Authentication processes resist replay attacks if it is impractical to achieve successful authentications by replaying previous authentication messages. Replay-resistant techniques include, for example, protocols that use nonces or challenges such as Transport Layer Security (TLS) and time synchronous or challenge-response one-time authenticators.

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.8.1 Enable FIPS ModeCiscoCIS Cisco NX-OS v1.2.0 L2
1.59 APPL-14-001150UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT I
1.124 APPL-14-003020UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.125 APPL-14-003030UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.126 APPL-14-003050UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.127 APPL-14-003051UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.128 APPL-14-003052UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.339 RHEL-09-611160UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.UnixDISA STIG AIX 7.x v3r1
ALMA-09-034340 - AlmaLinux OS 9 must use the CAC smart card driver.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r3
AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.UnixDISA STIG Apple Mac OSX 10.13 v2r5
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r5
APPL-14-001150 - The macOS system must disable password authentication for SSH.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-003050 - The macOS system must enforce multifactor authentication for logon.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-003051 - The macOS system must enforce multifactor authentication for the su command.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-003052 - The macOS system must enforce multifactor authentication for privilege escalation through the sudo command.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-15-001150 - The macOS system must disable password authentication for SSH.UnixDISA Apple macOS 15 (Sequoia) STIG v1r4
APPL-15-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 15 (Sequoia) STIG v1r4
APPL-15-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 15 (Sequoia) STIG v1r4
APPL-15-003050 - The macOS system must enforce multifactor authentication for login.UnixDISA Apple macOS 15 (Sequoia) STIG v1r4
APPL-15-003051 - The macOS system must enforce multifactor authentication for the su command.UnixDISA Apple macOS 15 (Sequoia) STIG v1r4
APPL-15-003052 - The macOS system must enforce multifactor authentication for privilege escalation through the sudo command.UnixDISA Apple macOS 15 (Sequoia) STIG v1r4
ARST-ND-000690 - The Arista network devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions.AristaDISA STIG Arista MLS EOS 4.2x NDM v2r1
ARST-ND-000690 - The Arista network devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions.AristaDISA STIG Arista MLS EOS 4.x NDM v2r2
AZLX-23-001180 - Amazon Linux 2023 must have SSH installed.UnixDISA Amazon Linux 2023 STIG v1r1
AZLX-23-001185 - Amazon Linux 2023 must implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.UnixDISA Amazon Linux 2023 STIG v1r1
Big Sur - Disable Password Authentication for SSHUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate