STIGQter: STIG Summary: Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:

AAA Services must be configured to require multifactor authentication using Personal Identity Verification (PIV) credentials for authenticating privileged user accounts.

DISA Rule

SV-95603r1_rule

Vulnerability Number

V-80893

Group Title

SRG-APP-000149-AAA-000400

Rule Version

SRG-APP-000149-AAA-000400

Severity

CAT II

CCI(s)

CCI-000765 - The information system implements multifactor authentication for network access to privileged accounts.

Weight

Fix Recommendation

Configure AAA Services to require multifactor authentication using PIV credentials for authenticating privileged user accounts. Although the CAC is a PIV credential, it should not be used for privileged accounts, but rather only for non-privileged accounts.

Check Contents

Verify AAA Services are configured to require multifactor authentication using PIV credentials for authenticating privileged user accounts. Although the Common Access Card (CAC) is a PIV credential, it should not be used for privileged accounts, but rather only for non-privileged accounts. Administrative smart cards and tokens, separate from the CAC, are the preferred solution for privileged accounts.

If AAA Services are not configured to require multifactor authentication using PIV credentials for authenticating privileged user accounts, this is a finding.

AAA Services must be configured to require multifactor authentication using Personal Identity Verification (PIV) credentials for authenticating privileged user accounts.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments