800-53|IA-8(2)

Title

ACCEPTANCE OF THIRD-PARTY CREDENTIALS

Description

The information system accepts only FICAM-approved third-party credentials.

Supplemental

This control enhancement typically applies to organizational information systems that are accessible to the general public, for example, public-facing websites. Third-party credentials are those credentials issued by nonfederal government entities approved by the Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions initiative. Approved third-party credentials meet or exceed the set of minimum federal government-wide technical, security, privacy, and organizational maturity requirements. This allows federal government relying parties to trust such credentials at their approved assurance levels.

Reference Item Details

Related: AU-2

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.3 Ensure authentication is enabled in the sharded clusterUnixCIS MongoDB 3.6 L2 Unix Audit v1.1.0
2.3 Ensure authentication is enabled in the sharded clusterWindowsCIS MongoDB 3.6 L2 Windows Audit v1.1.0
2.3 Ensure authentication is enabled in the sharded cluster - authenticationMechanismsWindowsCIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - authenticationMechanismsWindowsCIS MongoDB 5 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - authenticationMechanismsUnixCIS MongoDB 5 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - authenticationMechanismsUnixCIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - CAFileUnixCIS MongoDB 5 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - CAFileWindowsCIS MongoDB 5 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - CAFileWindowsCIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - CAFileUnixCIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterAuthModeWindowsCIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterAuthModeUnixCIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterAuthModeWindowsCIS MongoDB 5 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterAuthModeUnixCIS MongoDB 5 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterFileWindowsCIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterFileUnixCIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterFileWindowsCIS MongoDB 5 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - clusterFileUnixCIS MongoDB 5 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - PEMKeyFileWindowsCIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - PEMKeyFileUnixCIS MongoDB 4 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - PEMKeyFileWindowsCIS MongoDB 5 L1 OS Windows v1.0.0
2.3 Ensure authentication is enabled in the sharded cluster - PEMKeyFileUnixCIS MongoDB 5 L1 OS Windows v1.0.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 MS L1 v1.3.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 DC L1 v1.3.0
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 DC
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
Allow Microsoft accounts to be optionalWindowsMSCT Windows Server 2012 R2 DC v1.0.0
Allow Microsoft accounts to be optionalWindowsMSCT Windows 10 v2004 v1.0.0
Allow Microsoft accounts to be optionalWindowsMSCT Windows 10 1809 v1.0.0
Allow Microsoft accounts to be optionalWindowsMSCT Windows 10 v21H2 v1.0.0
Allow Microsoft accounts to be optionalWindowsMSCT Windows 10 1909 v1.0.0
Allow Microsoft accounts to be optionalWindowsMSCT Windows 10 1803 v1.0.0
Allow Microsoft accounts to be optionalWindowsMSCT Windows 10 v20H2 v1.0.0
Allow Microsoft accounts to be optionalWindowsMSCT Windows 10 v1507 v1.0.0
Allow Microsoft accounts to be optionalWindowsMSCT Windows 10 1903 v1.19.9
Allow Microsoft accounts to be optionalWindowsMSCT Windows 11 v1.0.0
Allow Microsoft accounts to be optionalWindowsMSCT Windows 10 v21H1 v1.0.0
Allow Microsoft accounts to be optionalWindowsMSCT Windows Server 2012 R2 MS v1.0.0
DKER-EE-001100 - LDAP integration in Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-002180 - SAML integration must be enabled in Docker Enterprise.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
Network security: Allow PKU2U authentication requests to this computer to use online identities.WindowsMSCT Windows 10 v1507 v1.0.0
Network security: Allow PKU2U authentication requests to this computer to use online identities.WindowsMSCT Windows 10 1803 v1.0.0
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.UnixDISA IBM WebSphere Traditional 9 STIG v1r1
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.WindowsDISA IBM WebSphere Traditional 9 Windows STIG v1r1
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.UnixDISA IBM WebSphere Traditional 9 STIG v1r1 Middleware