800-53|IA-3

Title

DEVICE IDENTIFICATION AND AUTHENTICATION

Description

The information system uniquely identifies and authenticates [Assignment: organization-defined specific and/or types of devices] before establishing a [Selection (one or more): local; remote; network] connection.

Supplemental

Organizational devices requiring unique device-to-device identification and authentication may be defined by type, by device, or by a combination of type/device. Information systems typically use either shared known information (e.g., Media Access Control [MAC] or Transmission Control Protocol/Internet Protocol [TCP/IP] addresses) for device identification or organizational authentication solutions (e.g., IEEE 802.1x and Extensible Authentication Protocol [EAP], Radius server with EAP-Transport Layer Security [TLS] authentication, Kerberos) to identify/authenticate devices on local and/or wide area networks. Organizations determine the required strength of authentication mechanisms by the security categories of information systems. Because of the challenges of applying this control on large scale, organizations are encouraged to only apply the control to those limited number (and type) of devices that truly need to support this capability.

Reference Item Details

Related: AC-17,AC-18,AC-19,CA-3,IA-4,IA-5

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 CISC-L2-000020CiscoCIS Cisco NX OS Switch L2S STIG v1.0.0 CAT I
1.1 CISC-L2-000020CiscoCIS Cisco IOS Switch L2S STIG v1.0.0 CAT I
1.1 CISC-L2-000020CiscoCIS Cisco IOS XE Switch L2S STIG v1.0.0 CAT I
1.1.1.9 Ensure usb-storage kernel module is not availableUnixCIS Ubuntu Linux 22.04 LTS v3.0.0 L1 Server
1.1.1.9 Ensure usb-storage kernel module is not availableUnixCIS Linux Mint 22 v1.0.0 L2 Workstation
1.1.1.9 Ensure usb-storage kernel module is not availableUnixCIS Ubuntu Linux 22.04 LTS v3.0.0 L2 Workstation
1.1.1.10 Ensure usb-storage kernel module is not availableUnixCIS Debian Linux 13 v1.0.0 L1 Server
1.1.1.10 Ensure usb-storage kernel module is not availableUnixCIS Rocky Linux 10 v1.0.0 L2 Workstation
1.1.1.10 Ensure usb-storage kernel module is not availableUnixCIS Rocky Linux 10 v1.0.0 L1 Server
1.1.1.10 Ensure usb-storage kernel module is not availableUnixCIS Debian Linux 13 v1.0.0 L2 Workstation
1.1.3.11.3 Set 'Network security: Allow Local System to use computer identity for NTLM' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.27 Disable AutomountingUnixCIS Amazon Linux 2 STIG v2.0.1 L1 Server
1.1.27 Disable AutomountingUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.27 Disable AutomountingUnixCIS Amazon Linux 2 STIG v2.0.1 STIG
1.1.28 Disable USB StorageUnixCIS Amazon Linux 2 STIG v2.0.1 STIG
1.1.28 Disable USB StorageUnixCIS Amazon Linux 2 STIG v2.0.1 L1 Server
1.1.28 Disable USB Storage - /bin/trueUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.28 Disable USB Storage - blacklistUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.2.4.2.2.27 Set 'Allow Secure Boot for integrity validation' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.11 Ensure Web Tier ELB is using HTTPS listeneramazon_awsCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0
1.14 Create HostnameArubaOSCIS HPE Aruba Networking CX Switch v1.0.1 L1
1.14 Create HostnameArubaOSCIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations
1.14 Ensure App Tier ELB is using HTTPS listeneramazon_awsCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0
1.14 VCSA-80-000077VMwareCIS VMware vSphere 8.0 vCenter STIG v1.0.0 CAT I
1.17 CISC-ND-001130CiscoCIS Cisco IOS XR Router NDM STIG v1.0.0 CAT II
1.19 CISC-ND-001150CiscoCIS Cisco IOS XR Router NDM STIG v1.0.0 CAT II
1.20 OL09-00-000047UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.23 SLES-15-010240UnixCIS SUSE Linux Enterprise Server 15 STIG v1.0.0 CAT II
1.25 PHTN-40-000047UnixCIS VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1.0.0 CAT II
1.132 WN10-CC-000165WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.150 APPL-26-005090UnixCIS Apple macOS 26 Tahoe STIG v1.0.0 CAT II
1.151 APPL-14-005090UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT II
1.187 AZLX-23-002600UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.192 WN16-MS-000040WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.194 WN19-MS-000040WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.194 WN22-MS-000040WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.204 OL09-00-002000UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.214 WN16-SO-000110WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.214 WN16-SO-000110WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.216 WN19-SO-000090WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.216 WN19-SO-000090WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.216 WN22-SO-000090WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.216 WN22-SO-000090WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.234 OL09-00-002100UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.239 RHEL-09-271020UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.240 RHEL-09-271025UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.241 OL09-00-002120UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.242 OL09-00-002121UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.242 RHEL-09-271035UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.251 ALMA-09-031370UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II