Capacity
CCI-001948
The information system implements multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
10
Rule
Severity: Medium
Enable the GNOME3 Login Smartcard Authentication
14
Rule
Severity: Medium
Install Smart Card Packages For Multifactor Authentication
8
Rule
Severity: Medium
Configure Smart Card Certificate Status Checking
8
Rule
Severity: Medium
Configure PAM in SSSD Services
7
Rule
Severity: Medium
Certificate status checking in SSSD
3
Rule
Severity: Medium
Enable Smart Card Logins in PAM
1
Rule
Severity: Medium
The ALG providing user authentication intermediary services must implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
1
Rule
Severity: Medium
The CA API Gateway providing user authentication intermediary services must implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
1
Rule
Severity: Medium
IBM Aspera Console must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
1
Rule
Severity: Medium
IBM Aspera Faspex must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
1
Rule
Severity: Medium
IBM Aspera Shares must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
1
Rule
Severity: Medium
Symantec ProxySG providing user authentication intermediary services must implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
2
Rule
Severity: High
The macOS system must disable password authentication for SSH.
2
Rule
Severity: Medium
The macOS system must enforce smart card authentication.
3
Rule
Severity: Medium
The Ubuntu operating system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.
1
Rule
Severity: Medium
The operating system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.
2
Rule
Severity: Medium
The AIX operating system must use Multi Factor Authentication.
2
Rule
Severity: Medium
Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.
3
Rule
Severity: Medium
Windows Server 2019 Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.
4
Rule
Severity: Medium
Windows Server 2022 Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.
2
Rule
Severity: Medium
The Oracle Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon.
2
Rule
Severity: Medium
The Oracle Linux operating system must have the required packages for multifactor authentication installed.
2
Rule
Severity: Medium
The Oracle Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).
2
Rule
Severity: Medium
The Oracle Linux operating system must implement certificate status checking for PKI authentication.
2
Rule
Severity: Low
OL 8 must have the package required for multifactor authentication installed.
2
Rule
Severity: Medium
OL 8 must implement certificate status checking for multifactor authentication.
2
Rule
Severity: Medium
RHEL 8 must have the packages required for multifactor authentication installed.
2
Rule
Severity: Medium
RHEL 8 must implement certificate status checking for multifactor authentication.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must have the required packages for multifactor authentication installed.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must implement certificate status checking for PKI authentication.
2
Rule
Severity: Medium
RHEL 9 must have the openssl-pkcs11 package installed.
4
Rule
Severity: Medium
The SUSE operating system must have the packages required for multifactor authentication to be installed.
4
Rule
Severity: Medium
The SUSE operating system must implement certificate status checking for multifactor authentication.
4
Rule
Severity: Medium
The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).
2
Rule
Severity: Medium
RHEL 9 must enable certificate based smart card authentication.
2
Rule
Severity: Medium
RHEL 9 must implement certificate status checking for multifactor authentication.
2
Rule
Severity: Medium
RHEL 9 must have the pcsc-lite package installed.
2
Rule
Severity: Medium
The pcscd service on RHEL 9 must be active.
2
Rule
Severity: Medium
RHEL 9 must have the opensc package installed.
1
Rule
Severity: Medium
The VMM must implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
1
Rule
Severity: Medium
The BIG-IP APM module must be configured to require multifactor authentication for remote access with privileged accounts to virtual servers in such a way that one of the factors is provided by a device separate from the system gaining access.
1
Rule
Severity: Medium
The BIG-IP Core implementation providing user authentication intermediary services must be configured to require multifactor authentication for remote access with privileged accounts to virtual servers in such a way that one of the factors is provided by a device separate from the system gaining access.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.
1
Rule
Severity: High
The F5 BIG-IP appliance providing user authentication intermediary services must uniquely identify and authenticate users using redundant authentication servers and multifactor authentication (MFA).
1
Rule
Severity: Medium
SLEM 5 must have the packages required for multifactor authentication to be installed.
1
Rule
Severity: Medium
SLEM 5 must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).
1
Rule
Severity: Medium
SLEM 5 must implement certificate status checking for multifactor authentication.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules