The underlying IIS platform must be configured for Smart Card (CAC) Authorization.
An XCCDF Rule
Description
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. Factors include: (i) Something a user knows (e.g., password/PIN); (ii) Something a user has (e.g., cryptographic identification device, token); or (iii) Something a user is (e.g., biometric). Multifactor authentication decreases the attack surface by virtue of the fact that attackers must obtain two factors, a physical token or a biometric and a PIN, in order to authenticate. It is not enough to simply steal a user's password to obtain access. A privileged account is defined as an information system account with authorizations of a privileged user. Network access is defined as access to an information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, or the internet).
- ID
- SV-253516r836523_rule
- Version
- DCAV-00-000057
- Severity
- High
- References
- Updated
Remediation Templates
A Manual Procedure
Install the Web Server (IIS) features required for Client Certificate Authentication.
- On the DocAve 6 Manager server, open Server Manager, then click add/remove roles.
- Expand Web Server (IIS) >> Web Server >> Security.
- Install the "Client Certificate Mapping Authentication" and "Windows Authentication" features.
On the DocAve Manager server, open IIS Manager.