800-53|IA-8(1)

Title

ACCEPTANCE OF PIV CREDENTIALS FROM OTHER AGENCIES

Description

The information system accepts and electronically verifies Personal Identity Verification (PIV) credentials from other federal agencies.

Supplemental

This control enhancement applies to logical access control systems (LACS) and physical access control systems (PACS). Personal Identity Verification (PIV) credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AU-2,PE-3,SA-4

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
DKER-EE-001100 - LDAP integration in Docker Enterprise must be configured.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-002180 - SAML integration must be enabled in Docker Enterprise.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
TCAT-AS-001320 - Multifactor certificate-based tokens (CAC) must be used when accessing the management interface.	Unix	DISA STIG Apache Tomcat Application Server 9 v2r6
TCAT-AS-001320 - Multifactor certificate-based tokens (CAC) must be used when accessing the management interface.	Unix	DISA STIG Apache Tomcat Application Server 9 v2r6 Middleware
VCSA-70-000060 - The vCenter Server must require multifactor authentication.	VMware	DISA STIG VMware vSphere 7.0 vCenter v1r2
VCSA-70-000080 - The vCenter Server must enable revocation checking for certificate-based authentication.	VMware	DISA STIG VMware vSphere 7.0 vCenter v1r2
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.	Unix	DISA IBM WebSphere Traditional 9 STIG v1r1
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.	Windows	DISA IBM WebSphere Traditional 9 Windows STIG v1r1
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.	Unix	DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware
WBSP-AS-001300 - The WebSphere Application Server must accept PIV credentials from other federal agencies to access management interface.	Unix	DISA IBM WebSphere Traditional 9 STIG v1r1
WBSP-AS-001300 - The WebSphere Application Server must accept PIV credentials from other federal agencies to access management interface.	Unix	DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware
WBSP-AS-001300 - The WebSphere Application Server must accept PIV credentials from other federal agencies to access management interface.	Windows	DISA IBM WebSphere Traditional 9 Windows STIG v1r1

Detections

Analytics