800-53|IA-3

Title

DEVICE IDENTIFICATION AND AUTHENTICATION

Description

The information system uniquely identifies and authenticates [Assignment: organization-defined specific and/or types of devices] before establishing a [Selection (one or more): local; remote; network] connection.

Supplemental

Organizational devices requiring unique device-to-device identification and authentication may be defined by type, by device, or by a combination of type/device. Information systems typically use either shared known information (e.g., Media Access Control [MAC] or Transmission Control Protocol/Internet Protocol [TCP/IP] addresses) for device identification or organizational authentication solutions (e.g., IEEE 802.1x and Extensible Authentication Protocol [EAP], Radius server with EAP-Transport Layer Security [TLS] authentication, Kerberos) to identify/authenticate devices on local and/or wide area networks. Organizations determine the required strength of authentication mechanisms by the security categories of information systems. Because of the challenges of applying this control on large scale, organizations are encouraged to only apply the control to those limited number (and type) of devices that truly need to support this capability.

Reference Item Details

Related: AC-17,AC-18,AC-19,CA-3,IA-4,IA-5

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.11.3 Set 'Network security: Allow Local System to use computer identity for NTLM' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.27 Disable AutomountingUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.28 Disable USB Storage - /bin/trueUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.28 Disable USB Storage - blacklistUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.2.4.2.2.27 Set 'Allow Secure Boot for integrity validation' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.8.18 Ensure graphical user interface automounter is disabled - automountUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - automount-openUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - automount-open=falseUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - automount=falseUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - autorun-neverUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.8.18 Ensure graphical user interface automounter is disabled - autorun-never=trueUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.9.1.1 Ensure 'NTP authentication' is enabledCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.9.1.2 Ensure 'NTP authentication key' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.11 Ensure Web Tier ELB is using HTTPS listeneramazon_awsCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0
1.14 Ensure App Tier ELB is using HTTPS listeneramazon_awsCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGONWindowsCIS Microsoft Windows Server 2019 DC L1 v1.3.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGONWindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGONWindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGONWindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGONWindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 DC
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGONWindowsCIS Microsoft Windows Server 2019 MS L1 v1.3.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGONWindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGONWindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGONWindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOLWindowsCIS Microsoft Windows Server 2019 DC L1 v1.3.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOLWindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOLWindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOLWindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 DC
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOLWindowsCIS Microsoft Windows Server 2019 MS L1 v1.3.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOLWindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOLWindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOLWindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOLWindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L2 MS
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L2 DC
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'WindowsCIS Microsoft Windows Server 2019 MS L2 v1.3.0
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'WindowsCIS Microsoft Windows Server 2019 DC L2 v1.3.0
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL + NG
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + NG
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL + NG
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + NG
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' - BehaviorWindowsCIS Microsoft Windows Server 2019 STIG DC L2 v1.0.1
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' - BehaviorWindowsCIS Microsoft Windows Server 2016 STIG MS L2 v1.1.0
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' - BehaviorWindowsCIS Windows Server 2016 DC L2 v1.3.0
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' - BehaviorWindowsCIS Microsoft Windows Server 2016 MS L2 v1.3.0
18.8.25.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' - BehaviorWindowsCIS Microsoft Windows Server 2019 STIG MS L2 v1.0.1