800-53|IA-8

Title

IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)

Description

The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users).

Supplemental

Non-organizational users include information system users other than organizational users explicitly covered by IA-2. These individuals are uniquely identified and authenticated for accesses other than those accesses explicitly identified and documented in AC-14. In accordance with the E-Authentication E-Government initiative, authentication of non-organizational users accessing federal information systems may be required to protect federal, proprietary, or privacy-related information (with exceptions noted for national security systems). Organizations use risk assessments to determine authentication needs and consider scalability, practicality, and security in balancing the need to ensure ease of use for access to federal information and information systems with the need to protect and adequately mitigate risk. IA-2 addresses identification and authentication requirements for access to information systems by organizational users.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-14,AC-17,AC-18,AC-2,IA-2,IA-4,IA-5,MA-4,RA-3,SA-12,SC-8

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3.1.1 Set 'Accounts: Block Microsoft accounts' to 'Users can't add or log on with Microsoft accounts'	Windows	CIS Windows 8 L1 v1.0.0
1.1.3.11.12 Set 'Network Security: Allow PKU2U authentication requeststo this computer to use online identities' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.75 UBTU-22-411015	Unix	CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.77 UBTU-24-400000	Unix	CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.133 WN10-CC-000170	Windows	CIS Microsoft Windows 10 STIG v1.0.0 CAT III
1.184 OL08-00-020240	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.214 WN10-SO-000185	Windows	CIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.233 WN16-SO-000340	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.233 WN16-SO-000340	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.235 WN19-SO-000280	Windows	CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.235 WN19-SO-000280	Windows	CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.235 WN22-SO-000280	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.235 WN22-SO-000280	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.270 RHEL-09-411030	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
4.020 - The built-in guest account is not disabled.	Windows	DISA Windows Vista STIG v6r41
AIX7-00-001009 - All accounts on AIX must be assigned unique User Identification Numbers (UIDs) and must authenticate organizational and non-organizational users (or processes acting on behalf of these users).	Unix	DISA STIG AIX 7.x v3r1
Allow Microsoft accounts to be optional	Windows	MSCT Windows Server 2012 R2 MS v1.0.0
Allow Microsoft accounts to be optional	Windows	MSCT Windows 10 1909 v1.0.0
Allow Microsoft accounts to be optional	Windows	MSCT Windows 10 v21H2 v1.0.0
Allow Microsoft accounts to be optional	Windows	MSCT Windows 10 v22H2 v1.0.0
Allow Microsoft accounts to be optional	Windows	MSCT Windows Server 2012 R2 DC v1.0.0
Allow Microsoft accounts to be optional	Windows	MSCT Windows 11 v23H2 v1.0.0
Allow Microsoft accounts to be optional	Windows	MSCT Windows 10 v21H1 v1.0.0
Allow Microsoft accounts to be optional	Windows	MSCT Windows 11 v1.0.0
Allow Microsoft accounts to be optional	Windows	MSCT Windows 10 1903 v1.19.9
Allow Microsoft accounts to be optional	Windows	MSCT Windows 10 v2004 v1.0.0
Allow Microsoft accounts to be optional	Windows	MSCT Windows 10 v20H2 v1.0.0
Allow Microsoft accounts to be optional	Windows	MSCT Windows 11 v22H2 v1.0.0
Allow Microsoft accounts to be optional	Windows	MSCT Windows 11 v24H2 v1.0.0
Allow Microsoft accounts to be optional	Windows	MSCT Windows 10 1803 v1.0.0
Allow Microsoft accounts to be optional	Windows	MSCT Windows 10 1809 v1.0.0
Allow Microsoft accounts to be optional	Windows	MSCT Windows 10 v1507 v1.0.0
ALMA-09-033020 - Duplicate User IDs (UIDs) must not exist for interactive users.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r3
AZLX-23-002480 - Amazon Linux 2023 must insure all interactive users have a primary group that exists.	Unix	DISA Amazon Linux 2023 STIG v1r1
AZLX-23-002485 - Amazon Linux 2023 must ensure all interactive users have unique User IDs (UIDs).	Unix	DISA Amazon Linux 2023 STIG v1r1
Big Sur - Configure the System to Uniquely Identify and Authenticate Non-Organizational Users	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Configure the System to Uniquely Identify and Authenticate Non-Organizational Users	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure the System to Uniquely Identify and Authenticate Non-Organizational Users	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure the System to Uniquely Identify and Authenticate Non-Organizational Users	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Configure the System to Uniquely Identify and Authenticate Non-Organizational Users	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure the System to Uniquely Identify and Authenticate Non-Organizational Users	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure the System to Uniquely Identify and Authenticate Non-Organizational Users	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High

Detections

Analytics