Capacity
CCI-000767
The information system implements multifactor authentication for local access to privileged accounts.
10
Rule
Severity: Medium
Enable the GNOME3 Login Smartcard Authentication
14
Rule
Severity: Medium
Configure opensc Smart Card Drivers
5
Rule
Severity: Medium
Configure NSS DB To Use opensc
14
Rule
Severity: Medium
Force opensc To Use Defined Smart Card Driver
5
Rule
Severity: Medium
Enable Smart Card Login
29
Rule
Severity: Medium
Enable Public Key Authentication
15
Rule
Severity: Medium
Enable Smartcards in SSSD
3
Rule
Severity: Medium
Enable Smart Card Logins in PAM
1
Rule
Severity: Medium
The Arista Multilayer Switch must use multifactor authentication for local access to privileged accounts.
1
Rule
Severity: High
The application server must use multifactor authentication for local access to privileged accounts.
2
Rule
Severity: Medium
The application must use multifactor (Alt. Token) authentication for local access to privileged accounts.
1
Rule
Severity: Medium
The Central Log Server must use multifactor authentication for local access using privileged user accounts.
1
Rule
Severity: Medium
The DBN-6300 must use multifactor authentication for local access to privileged accounts.
1
Rule
Severity: Medium
SAML integration must be enabled in Docker Enterprise.
2
Rule
Severity: Medium
Google Android 12 must be configured to disable trust agents.
Note: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.
6
Rule
Severity: Medium
Google Android 13 must be configured to disable trust agents.
1
Rule
Severity: High
Multifactor authentication for network access to privileged accounts must be used.
1
Rule
Severity: Medium
The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.
1
Rule
Severity: Medium
The Mainframe Product must use multifactor authentication for local access to privileged accounts.
2
Rule
Severity: Medium
Suggestions of similar web pages in the event of a navigation error must be disabled.
1
Rule
Severity: Medium
Nutanix AOS must use multifactor authentication for account access.
1
Rule
Severity: Medium
Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.
1
Rule
Severity: Medium
The Samsung SDS EMM must use multifactor authentication for local access to privileged accounts.
6
Rule
Severity: Medium
Samsung Android must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor, including face recognition.
11
Rule
Severity: Medium
Samsung Android must be configured to enable a screen-lock policy that will lock the display after a period of inactivity - Disable trust agents.
1
Rule
Severity: High
Common Access Card (CAC)-based authentication must be enforced and enabled on the Tanium Server for network and local access with privileged and non-privileged accounts.
2
Rule
Severity: High
Multifactor authentication must be enabled on the Tanium Server for network access with privileged accounts.
1
Rule
Severity: High
Common Access Card (CAC)-based authentication must be enabled on the Tanium Server for network access with privileged accounts.
1
Rule
Severity: Medium
Common Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
1
Rule
Severity: Medium
Multi-factor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
1
Rule
Severity: Medium
All UEM server local accounts created during application installation and configuration must be removed.
Note: In this context local accounts refers to user and or administrator accounts on the server that use user name and password for user access and authentication.
1
Rule
Severity: High
The Workspace ONE UEM must use multifactor authentication for local access to privileged accounts.
2
Rule
Severity: Medium
Apple iOS/iPadOS 17 must be configured to disable "Auto Unlock" of the iPhone by an Apple Watch.
2
Rule
Severity: Medium
Apple iOS/iPadOS 16 must be configured to disable Auto Unlock of the iPhone by an Apple Watch.
1
Rule
Severity: High
The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.
3
Rule
Severity: High
The macOS system must use multifactor authentication for local access to privileged and nonprivileged accounts.
2
Rule
Severity: High
The macOS system must disable password authentication for SSH.
2
Rule
Severity: Medium
The macOS system must enforce smart card authentication.
2
Rule
Severity: Medium
The macOS system must allow smart card authentication.
2
Rule
Severity: Medium
The macOS system must enforce multifactor authentication for logon.
2
Rule
Severity: Medium
The macOS system must enforce multifactor authentication for the su command.
2
Rule
Severity: Medium
The macOS system must enforce multifactor authentication for privilege escalation through the sudo command.
1
Rule
Severity: Medium
The Ubuntu operating system must implement smart card logins for multifactor authentication for access to accounts.
1
Rule
Severity: Medium
The Ubuntu operating system must implement smart card logins for multifactor authentication for local and network access to privileged and non-privileged accounts.
1
Rule
Severity: Medium
The container platform must use multifactor authentication for local access to privileged accounts.
3
Rule
Severity: Medium
Google Android 14 must be configured to disable trust agents.
1
Rule
Severity: Medium
The operating system must use multifactor authentication for local access to privileged accounts.
2
Rule
Severity: Medium
The AIX operating system must use Multi Factor Authentication.
2
Rule
Severity: Medium
The Windows PAW must be configured to enforce two-factor authentication and use Active Directory for authentication management.
2
Rule
Severity: Medium
Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.
3
Rule
Severity: Medium
Windows Server 2019 Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.
4
Rule
Severity: Medium
Windows Server 2022 Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.
3
Rule
Severity: High
The DBMS must use multifactor authentication for access to user accounts.
2
Rule
Severity: Medium
The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.
2
Rule
Severity: Medium
OL 8 must implement multifactor authentication for access to interactive accounts.
1
Rule
Severity: Medium
Automation Controller must be configured to use an enterprise user management system.
2
Rule
Severity: High
OpenShift must use FIPS validated LDAP or OpenIDConnect.
4
Rule
Severity: Medium
The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).
2
Rule
Severity: Medium
RHEL 9 SSHD must accept public key authentication.
1
Rule
Severity: Medium
RHEL 9 must use the CAC smart card driver.
5
Rule
Severity: Medium
Samsung Android must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor: Face recognition.
1
Rule
Severity: Medium
The VMM must use multifactor authentication for local access to privileged accounts.
1
Rule
Severity: Medium
The ESXi host Secure Shell (SSH) daemon must ignore ".rhosts" files.
3
Rule
Severity: Medium
The ESXi host Secure Shell (SSH) daemon must ignore .rhosts files.
1
Rule
Severity: Medium
The Ubuntu operating system must implement smart card logins for multifactor authentication for local and network access to privileged and nonprivileged accounts.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must implement smart card logins for multifactor authentication for local and network access to privileged and nonprivileged accounts.
1
Rule
Severity: Medium
Dragos Platform must use an Identity Provider (IDP) for authentication and authorization processes.
2
Rule
Severity: Medium
Google Android 15 must be configured to disable trust agents.
1
Rule
Severity: Medium
MKE must be configured to integrate with an Enterprise Identity Provider.
1
Rule
Severity: Medium
Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.
1
Rule
Severity: Medium
RHEL 9 must use the common access card (CAC) smart card driver.
1
Rule
Severity: Medium
SLEM 5 must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).
1
Rule
Severity: Medium
Multifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules