Skip to content
Catalogs
XCCDF
IBM DataPower ALG Security Technical Implementation Guide
SRG-NET-000140-ALG-000094
The DataPower Gateway providing user authentication intermediary services must use multifactor authentication for network access to non-privileged accounts.
The DataPower Gateway providing user authentication intermediary services must use multifactor authentication for network access to non-privileged accounts. An XCCDF Rule
The DataPower Gateway providing user authentication intermediary services must use multifactor authentication for network access to non-privileged accounts.
Medium Severity
<VulnDiscussion>To assure accountability and prevent unauthenticated access, non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system.
Multifactor authentication uses two or more factors to achieve authentication. Factors include:
1) Something you know (e.g., password/PIN),
2) Something you have (e.g., cryptographic, identification device, token), and
3) Something you are (e.g., biometric)
Non-privileged accounts are not authorized access to the network element regardless of access method.
Network access is any access to an application by a user (or process acting on behalf of a user) where said access is obtained through a network connection.
Authenticating with a PKI credential and entering the associated PIN is an example of multifactor authentication.
This requirement applies to ALGs that provide user authentication intermediary services.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>