STIGQter STIGQter: STIG Summary: VMware ESX 3 Server Version: 1 Release: 2 Benchmark Date: 22 Jul 2016: The system, if capable, must be configured to require the use of a CAC, PIV compliant hardware token, or Alternate Logon Token (ALT) for authentication.

DISA Rule

SV-30004r2_rule

Vulnerability Number

V-24347

Group Title

GEN009120

Rule Version

GEN009120

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Consult vendor documentation to determine the procedures necessary for configuring CAC authentication. Configure all accounts required by policy to use CAC authentication.

Check Contents

Consult vendor documentation to determine if the system is capable of CAC authentication. If it is not, this is not applicable.

Interview the SA to determine if all accounts not exempted by policy are using CAC authentication. If non-exempt accounts are not using CAC authentication, this is a finding.

Vulnerability Number

V-24347

Documentable

False

Rule Version

GEN009120

Severity Override Guidance

Consult vendor documentation to determine if the system is capable of CAC authentication. If it is not, this is not applicable.

Interview the SA to determine if all accounts not exempted by policy are using CAC authentication. If non-exempt accounts are not using CAC authentication, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

1386

Comments