CCI|CCI-001954

Title

The information system electronically verifies Personal Identity Verification (PIV) credentials.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.8.8 Ensure users must authenticate users using MFA via a graphical user logonUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.10 Ensure required packages for multifactor authentication are installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.9 Ensure multifactor authentication for access to privileged accounts - PAM.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.10 Ensure certificate status checking for PKI authenticationUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-003205 - The AIX operating system must accept and verify Personal Identity Verification (PIV) credentialsUnixDISA STIG AIX 7.x v2r8
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
DKER-EE-001100 - LDAP integration in Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-002180 - SAML integration must be enabled in Docker Enterprise.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
ESXI-06-200040 - The VMM must electronically verify Personal Identity Verification (PIV) credentials.VMwareDISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000040 - The ESXi host must use multifactor authentication for local DCUI access to privileged accounts.VMwareDISA STIG VMware vSphere 6.7 ESXi v1r3
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Set Smartcard Certificate Trust to ModerateUnixNIST macOS Monterey v1.0.0 - All Profiles
OL07-00-041001 - The Oracle Linux operating system must have the required packages for multifactor authentication installed.UnixDISA Oracle Linux 7 STIG v2r12
OL07-00-041002 - The Oracle Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM) - PAM.UnixDISA Oracle Linux 7 STIG v2r12
OL07-00-041003 - The Oracle Linux operating system must implement certificate status checking for PKI authentication.UnixDISA Oracle Linux 7 STIG v2r12
OL08-00-010400 - OL 8 must implement certificate status checking for multifactor authentication.UnixDISA Oracle Linux 8 STIG v1r7
RHEL-07-010061 - The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon.UnixDISA Red Hat Enterprise Linux 7 STIG v3r12
RHEL-07-041001 - The Red Hat Enterprise Linux operating system must have the required packages for multifactor authentication installed.UnixDISA Red Hat Enterprise Linux 7 STIG v3r12
RHEL-07-041002 - The Red Hat Enterprise Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).UnixDISA Red Hat Enterprise Linux 7 STIG v3r12
RHEL-07-041003 - The Red Hat Enterprise Linux operating system must implement certificate status checking for PKI authentication.UnixDISA Red Hat Enterprise Linux 7 STIG v3r12
RHEL-09-215075 - RHEL 9 must have the openssl-pkcs11 package installed.UnixDISA Red Hat Enterprise Linux 9 STIG v1r1
RHEL-09-611170 - RHEL 9 must implement certificate status checking for multifactor authentication.UnixDISA Red Hat Enterprise Linux 9 STIG v1r1
SLES-12-030500 - The SUSE operating system must have the packages required for multifactor authentication to be installed.UnixDISA SLES 12 STIG v2r11
SLES-12-030510 - The SUSE operating system must implement certificate status checking for multifactor authentication.UnixDISA SLES 12 STIG v2r11
SLES-12-030520 - The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).UnixDISA SLES 12 STIG v2r11
SLES-15-010460 - The SUSE operating system must have the packages required for multifactor authentication to be installedUnixDISA SLES 15 STIG v1r10
SLES-15-010470 - The SUSE operating system must implement certificate status checking for multifactor authentication - which includes status information to an accepted trust anchor.UnixDISA SLES 15 STIG v1r10
SLES-15-020030 - The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).UnixDISA SLES 15 STIG v1r10
TCAT-AS-001320 - Multifactor certificate-based tokens (CAC) must be used when accessing the management interface.UnixDISA STIG Apache Tomcat Application Server 9 v2r6
TCAT-AS-001320 - Multifactor certificate-based tokens (CAC) must be used when accessing the management interface.UnixDISA STIG Apache Tomcat Application Server 9 v2r6 Middleware
UBTU-16-030800 - The Ubuntu operating system must have the packages required for multifactor authentication to be installed.UnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-16-030820 - The Ubuntu operating system must implement certificate status checking for multifactor authentication.UnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-16-030840 - The Ubuntu operating system must implement smart card logins for multifactor authentication for access to accounts.UnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-18-010427 - The Ubuntu operating system must implement smart card logins for multifactor authentication for access to accounts.UnixDISA STIG Ubuntu 18.04 LTS v2r11
UBTU-18-010434 - The Ubuntu operating system must implement certificate status checking for multifactor authentication.UnixDISA STIG Ubuntu 18.04 LTS v2r11
UBTU-20-010065 - The Ubuntu operating system must electronically verify Personal Identity Verification (PIV) credentials.UnixDISA STIG Ubuntu 20.04 LTS v1r7
UBTU-20-010065 - The Ubuntu operating system must electronically verify Personal Identity Verification (PIV) credentials.UnixDISA STIG Ubuntu 20.04 LTS v1r10
VCSA-70-000080 - The vCenter Server must enable revocation checking for certificate-based authentication.VMwareDISA STIG VMware vSphere 7.0 vCenter v1r2
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.UnixDISA IBM WebSphere Traditional 9 STIG v1r1
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.WindowsDISA IBM WebSphere Traditional 9 Windows STIG v1r1
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.UnixDISA IBM WebSphere Traditional 9 STIG v1r1 Middleware