CCI-000768

Enable the GNOME3 Login Smartcard Authentication

Configure opensc Smart Card Drivers

Configure NSS DB To Use opensc

Force opensc To Use Defined Smart Card Driver

Enable Smart Card Login

Enable Public Key Authentication

Enable Smartcards in SSSD

Enable Smart Card Logins in PAM

The application must use multifactor (e.g., CAC, Alt. Token) authentication for local access to non-privileged accounts.

SAML integration must be enabled in Docker Enterprise.

The Mainframe Product must use multifactor authentication for local access to non-privileged accounts.

Access to Prisma Cloud Compute must be managed based on user need and least privileged  using external identity providers for authentication and grouping to role-based assignments when possible.

Common Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.

Multifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.

Multi-factor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.

The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.

The macOS system must use multifactor authentication for local access to privileged and nonprivileged accounts.

The macOS system must disable password authentication for SSH.

The macOS system must enforce smart card authentication.

The macOS system must allow smart card authentication.

The macOS system must enforce multifactor authentication for logon.

The macOS system must enforce multifactor authentication for the su command.

The macOS system must enforce multifactor authentication for privilege escalation through the sudo command.

The Ubuntu operating system must implement smart card logins for multifactor authentication for access to accounts.

The Ubuntu operating system must implement smart card logins for multifactor authentication for local and network access to privileged and non-privileged accounts.

The container platform must use multifactor authentication for local access to non-privileged accounts.

The operating system must use multifactor authentication for local access to non-privileged accounts.

The AIX operating system must use Multi Factor Authentication.

Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.

Windows Server 2019 Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.

Windows Server 2022 Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.

The DBMS must use multifactor authentication for access to user accounts.

The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.

OL 8 must implement multifactor authentication for access to interactive accounts.

OpenShift must use FIPS validated LDAP or OpenIDConnect.

The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).

RHEL 9 SSHD must accept public key authentication.

RHEL 9 must use the CAC smart card driver.

The VMM must use multifactor authentication for local access to non-privileged accounts.

The application must use multifactor (e.g., CAC, Alt. Token) authentication for local access to nonprivileged accounts.

The Ubuntu operating system must implement smart card logins for multifactor authentication for local and network access to privileged and nonprivileged accounts.

Ubuntu 22.04 LTS must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.

Ubuntu 22.04 LTS must implement smart card logins for multifactor authentication for local and network access to privileged and nonprivileged accounts.

Dragos Platform must use an Identity Provider (IDP) for authentication and authorization processes.

MKE must be configured to integrate with an Enterprise Identity Provider.

Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.

RHEL 9 must use the common access card (CAC) smart card driver.

SLEM 5 must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).