CCI|CCI-001953

Title

Accepts Personal Identity Verification-compliant credentials.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.8.8 Ensure users must authenticate users using MFA via a graphical user logonUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.10 Ensure required packages for multifactor authentication are installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.9 Ensure multifactor authentication for access to privileged accounts - PAM.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.10 Ensure certificate status checking for PKI authenticationUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-003205 - The AIX operating system must accept and verify Personal Identity Verification (PIV) credentials.UnixDISA STIG AIX 7.x v3r1
APPL-14-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
CASA-VN-000660 - The Cisco VPN remote access server must be configured to accept Common Access Card (CAC) credential credentials.CiscoDISA STIG Cisco ASA VPN v2r2
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
DKER-EE-001100 - LDAP integration in Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
DKER-EE-002180 - SAML integration must be enabled in Docker Enterprise.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
ESXI-06-100040 - The VMM must accept Personal Identity Verification (PIV) credentials.VMwareDISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000040 - The ESXi host must use multifactor authentication for local DCUI access to privileged accounts.VMwareDISA STIG VMware vSphere 6.7 ESXi v1r3
EX13-CA-000135 - Exchange Outlook Anywhere (OA) clients must use NTLM authentication to access email.WindowsDISA Microsoft Exchange 2013 Client Access Server STIG v2r2
EX13-MB-000305 - Exchange Outlook Anywhere (OA) clients must use NTLM authentication to access email.WindowsDISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX16-MB-000610 - Exchange Outlook Anywhere clients must use NTLM authentication to access email.WindowsDISA Microsoft Exchange 2016 Mailbox Server STIG v2r6
EX19-MB-000203 - Exchange Outlook Anywhere clients must use NTLM authentication to access email.WindowsDISA Microsoft Exchange 2019 Mailbox Server STIG v2r2
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - All Profiles
OL07-00-041001 - The Oracle Linux operating system must have the required packages for multifactor authentication installed.UnixDISA Oracle Linux 7 STIG v2r14
OL07-00-041002 - The Oracle Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM) - PAM.UnixDISA Oracle Linux 7 STIG v2r14
OL07-00-041003 - The Oracle Linux operating system must implement certificate status checking for PKI authentication.UnixDISA Oracle Linux 7 STIG v2r14
OL08-00-010410 - OL 8 must accept Personal Identity Verification (PIV) credentials.UnixDISA Oracle Linux 8 STIG v2r2
PANW-NM-000110 - The Palo Alto Networks security platform must accept and verify Personal Identity Verification (PIV) credentialsPalo_AltoDISA STIG Palo Alto NDM v3r2
RHEL-07-010061 - The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon.UnixDISA Red Hat Enterprise Linux 7 STIG v3r15
RHEL-07-041001 - The Red Hat Enterprise Linux operating system must have the required packages for multifactor authentication installed.UnixDISA Red Hat Enterprise Linux 7 STIG v3r15
RHEL-07-041002 - The Red Hat Enterprise Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).UnixDISA Red Hat Enterprise Linux 7 STIG v3r15
RHEL-07-041003 - The Red Hat Enterprise Linux operating system must implement certificate status checking for PKI authentication.UnixDISA Red Hat Enterprise Linux 7 STIG v3r15
RHEL-08-010410 - RHEL 8 must accept Personal Identity Verification (PIV) credentials.UnixDISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-09-215075 - RHEL 9 must have the openssl-pkcs11 package installed.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-611185 - RHEL 9 must have the opensc package installed.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
SLES-12-030500 - The SUSE operating system must have the packages required for multifactor authentication to be installed.UnixDISA SLES 12 STIG v3r1
SLES-12-030510 - The SUSE operating system must implement certificate status checking for multifactor authentication.UnixDISA SLES 12 STIG v3r1
SLES-12-030520 - The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).UnixDISA SLES 12 STIG v3r1
SLES-15-010460 - The SUSE operating system must have the packages required for multifactor authentication to be installed.UnixDISA SLES 15 STIG v2r2
SLES-15-010470 - The SUSE operating system must implement certificate status checking for multifactor authentication - which includes status information to an accepted trust anchor.UnixDISA SLES 15 STIG v2r2
SLES-15-020030 - The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).UnixDISA SLES 15 STIG v2r2
SPLK-CL-000045 - Splunk Enterprise must use an SSO proxy service, F5 device, or SAML implementation to accept the DOD common access card (CAC) or other smart card credential for identity management, personal authentication, and multifactor authentication.SplunkDISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API
SPLK-CL-000490 - Splunk Enterprise must accept the DOD CAC or other PKI credential for identity management and personal authentication.SplunkDISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST API