CCI-000766
Implement multifactor authentication for network access to non-privileged accounts.
1 rule found Severity: High
The ALG providing user authentication intermediary services must use multifactor authentication for network access to non-privileged accounts.
2 rules found Severity: Medium
IBM Aspera Console must be configured with a preestablished trust relationship and mechanisms with appropriate authorities (e.g., Active Directory or AAA server) which validate user account access authorizations and privileges.
1 rule found Severity: Medium
IBM Aspera Faspex must be configured to uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).
1 rule found Severity: Medium
IBM Aspera Shares must be configured to uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).
1 rule found Severity: Medium
The DataPower Gateway providing user authentication intermediary services must use multifactor authentication for network access to non-privileged accounts.
1 rule found Severity: Medium
The Sentry providing mobile device authentication intermediary services must use multifactor authentication for network access to non-privileged accounts.
2 rules found Severity: Medium
Symantec ProxySG providing user authentication intermediary services must use multifactor authentication for network access to nonprivileged accounts.
1 rule found Severity: Medium
Common Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
2 rules found Severity: Medium
Multi-factor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
1 rule found Severity: Medium
The Tanium Operating System (TanOS) must use multifactor authentication for network access to nonprivileged accounts.
2 rules found Severity: Medium
The Ubuntu operating system must implement smart card logins for multifactor authentication for access to accounts.
1 rule found Severity: Medium
2 rules found Severity: High
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not allow authentication using an empty password.
1 rule found Severity: High
The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.
1 rule found Severity: Medium
The BIG-IP APM module must use multifactor authentication for network access to non-privileged accounts.
1 rule found Severity: Medium
The BIG-IP Core implementation providing user authentication intermediary services must use multifactor authentication for network access to non-privileged accounts when granting access to virtual servers.
1 rule found Severity: Medium
The Ubuntu operating system must implement smart card logins for multifactor authentication for local and network access to privileged and nonprivileged accounts.
1 rule found Severity: Medium
The Cisco ASA remote access VPN server must be configured to enforce certificate-based authentication before granting access to the network.
1 rule found Severity: High
The Enterprise Voice, Video, and Messaging Endpoint must use multifactor authentication for network access to nonprivileged (nonadmin) accounts.
1 rule found Severity: Medium
The F5 BIG-IP appliance providing user authentication intermediary services must uniquely identify and authenticate users using redundant authentication servers and multifactor authentication (MFA).
1 rule found Severity: High
1 rule found Severity: Medium
The ICS must be configured to use multifactor authentication (e.g., DOD PKI) for network access to nonprivileged accounts.
1 rule found Severity: High
1 rule found Severity: Medium
Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.
1 rule found Severity: Medium
The Oracle Linux operating system must be configured so that the SSH daemon does not allow authentication using an empty password.
1 rule found Severity: High
The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.
1 rule found Severity: Medium
SLEM 5 must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).
1 rule found Severity: Medium
Multifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
2 rules found Severity: Medium
TOSS must use multifactor authentication for network and local access to privileged and nonprivileged accounts.
1 rule found Severity: Medium
1 rule found Severity: Medium
AAA Services must be configured to require multifactor authentication using Common Access Card (CAC) Personal Identity Verification (PIV) credentials for authenticating non-privileged user accounts.
1 rule found Severity: Medium
2 rules found Severity: Medium
The macOS system must enforce multifactor authentication for privilege escalation through the sudo command.
2 rules found Severity: Medium
The application must use multifactor (e.g., CAC, Alt. Token) authentication for network access to non-privileged accounts.
1 rule found Severity: Medium
The application must use multifactor (e.g., CAC, Alt. Token) authentication for local access to nonprivileged accounts.
1 rule found Severity: Medium
Ubuntu 22.04 LTS must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.
1 rule found Severity: Medium
Ubuntu 22.04 LTS must implement smart card logins for multifactor authentication for local and network access to privileged and nonprivileged accounts.
1 rule found Severity: Medium
The Central Log Server must use multifactor authentication for network access to non-privileged user accounts.
1 rule found Severity: Medium
The container platform must use multifactor authentication for network access to non-privileged accounts.
1 rule found Severity: Medium
The container platform must use multifactor authentication for local access to nonprivileged accounts.
1 rule found Severity: Medium
1 rule found Severity: Medium
The operating system must use multifactor authentication for network access to non-privileged accounts.
1 rule found Severity: Medium
The operating system must use multifactor authentication for local access to nonprivileged accounts.
1 rule found Severity: Medium
The Mainframe Product must use multifactor authentication for network access to non-privileged accounts.
1 rule found Severity: Medium
The Mainframe Product must use multifactor authentication for local access to nonprivileged accounts.
1 rule found Severity: Medium
The Juniper SRX Services Gateway VPN must use multifactor authentication (e.g., DoD PKI) for network access to non-privileged accounts.
1 rule found Severity: High
Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.
1 rule found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).
2 rules found Severity: Medium
1 rule found Severity: Medium
1 rule found Severity: Medium
The VPN Gateway must use multifactor authentication (e.g., DoD PKI) for network access to non-privileged accounts.
1 rule found Severity: High
Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.
1 rule found Severity: High