CCI|CCI-001948

Title

The information system implements multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.8.8 Ensure users must authenticate users using MFA via a graphical user logonUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.10 Ensure required packages for multifactor authentication are installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.9 Ensure multifactor authentication for access to privileged accounts - PAM.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.10 Ensure certificate status checking for PKI authenticationUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.licenseUnixDISA STIG AIX 7.x v2r6
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.pam.baseUnixDISA STIG AIX 7.x v2r6
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.pam.fallbackUnixDISA STIG AIX 7.x v2r6
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.pam.pmfamapperUnixDISA STIG AIX 7.x v2r6
AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication - powerscMFA.pam.usbsmartcardUnixDISA STIG AIX 7.x v2r6
AOSX-14-003025 - The macOS system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.UnixDISA STIG Apple Mac OSX 10.14 v2r6
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
OL07-00-010061 - The Oracle Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon.UnixDISA Oracle Linux 7 STIG v2r9
OL07-00-041001 - The Oracle Linux operating system must have the required packages for multifactor authentication installed.UnixDISA Oracle Linux 7 STIG v2r9
OL07-00-041002 - The Oracle Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM) - PAM.UnixDISA Oracle Linux 7 STIG v2r9
OL07-00-041003 - The Oracle Linux operating system must implement certificate status checking for PKI authentication.UnixDISA Oracle Linux 7 STIG v2r9
OL08-00-010390 - OL 8 must have the package required for multifactor authentication installed.UnixDISA Oracle Linux 8 STIG v1r2
OL08-00-010400 - OL 8 must implement certificate status checking for multifactor authentication.UnixDISA Oracle Linux 8 STIG v1r2
RHEL-07-010061 - The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon.UnixDISA Red Hat Enterprise Linux 7 STIG v3r9
RHEL-07-041001 - The Red Hat Enterprise Linux operating system must have the required packages for multifactor authentication installed.UnixDISA Red Hat Enterprise Linux 7 STIG v3r9
RHEL-07-041002 - The Red Hat Enterprise Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).UnixDISA Red Hat Enterprise Linux 7 STIG v3r9
RHEL-07-041003 - The Red Hat Enterprise Linux operating system must implement certificate status checking for PKI authentication.UnixDISA Red Hat Enterprise Linux 7 STIG v3r9
RHEL-08-010390 - RHEL 8 must have the packages required for multifactor authentication installed.UnixDISA Red Hat Enterprise Linux 8 STIG v1r7
RHEL-08-010400 - RHEL 8 must implement certificate status checking for multifactor authentication.UnixDISA Red Hat Enterprise Linux 8 STIG v1r7
SLES-12-030500 - The SUSE operating system must have the packages required for multifactor authentication to be installed - coolkeyUnixDISA SLES 12 STIG v2r7
SLES-12-030500 - The SUSE operating system must have the packages required for multifactor authentication to be installed - mozilla-nssUnixDISA SLES 12 STIG v2r7
SLES-12-030500 - The SUSE operating system must have the packages required for multifactor authentication to be installed - mozilla-nss-toolsUnixDISA SLES 12 STIG v2r7
SLES-12-030500 - The SUSE operating system must have the packages required for multifactor authentication to be installed - openscUnixDISA SLES 12 STIG v2r7
SLES-12-030500 - The SUSE operating system must have the packages required for multifactor authentication to be installed - pam_pkcs11UnixDISA SLES 12 STIG v2r7
SLES-12-030500 - The SUSE operating system must have the packages required for multifactor authentication to be installed - pcsc-ccidUnixDISA SLES 12 STIG v2r7
SLES-12-030500 - The SUSE operating system must have the packages required for multifactor authentication to be installed - pcsc-liteUnixDISA SLES 12 STIG v2r7
SLES-12-030500 - The SUSE operating system must have the packages required for multifactor authentication to be installed - pcsc-toolsUnixDISA SLES 12 STIG v2r7
SLES-12-030510 - The SUSE operating system must implement certificate status checking for multifactor authentication.UnixDISA SLES 12 STIG v2r7
SLES-12-030520 - The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM) - PAM.UnixDISA SLES 12 STIG v2r7
SLES-15-010460 - The SUSE operating system must have the packages required for multifactor authentication to be installed - coolkeyUnixDISA SLES 15 STIG v1r6
SLES-15-010460 - The SUSE operating system must have the packages required for multifactor authentication to be installed - mozilla-nssUnixDISA SLES 15 STIG v1r6
SLES-15-010460 - The SUSE operating system must have the packages required for multifactor authentication to be installed - mozilla-nss-toolsUnixDISA SLES 15 STIG v1r6
SLES-15-010460 - The SUSE operating system must have the packages required for multifactor authentication to be installed - openscUnixDISA SLES 15 STIG v1r6
SLES-15-010460 - The SUSE operating system must have the packages required for multifactor authentication to be installed - pam_pkcs11UnixDISA SLES 15 STIG v1r6
SLES-15-010460 - The SUSE operating system must have the packages required for multifactor authentication to be installed - pcsc-ccidUnixDISA SLES 15 STIG v1r6
SLES-15-010460 - The SUSE operating system must have the packages required for multifactor authentication to be installed - pcsc-liteUnixDISA SLES 15 STIG v1r6
SLES-15-010460 - The SUSE operating system must have the packages required for multifactor authentication to be installed - pcsc-toolsUnixDISA SLES 15 STIG v1r6
SLES-15-010470 - The SUSE operating system must implement certificate status checking for multifactor authentication - which includes status information to an accepted trust anchor.UnixDISA SLES 15 STIG v1r6