800-53|IA-2(8)

Title

NETWORK ACCESS TO PRIVILEGED ACCOUNTS - REPLAY RESISTANT

Description

The information system implements replay-resistant authentication mechanisms for network access to privileged accounts.

Supplemental

Authentication processes resist replay attacks if it is impractical to achieve successful authentications by replaying previous authentication messages. Replay-resistant techniques include, for example, protocols that use nonces or challenges such as Transport Layer Security (TLS) and time synchronous or challenge-response one-time authenticators.

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts - lssrc sshdUnixDISA STIG AIX 7.x v2r5
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts - openssh.base.serverUnixDISA STIG AIX 7.x v2r5
AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.UnixDISA STIG Apple Mac OSX 10.13 v2r5
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r6
Big Sur - Disable Password Authentication for SSHUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable SSH Server for Remote Access SessionsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo CommandUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo CommandUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo CommandUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Multifactor Authentication for the su CommandUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Multifactor Authentication for the su CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Multifactor Authentication for the su CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Multifactor Authentication for the su CommandUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Multifactor Authentication for the su CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Multifactor Authentication for the su CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Multifactor Authentication for the su CommandUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Multifactor Authentication for the su CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Multifactor Authentication for the su CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253