STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-2 (4) — Identification and Authentication (Organizational Users)

CCI-000768

Definition

The information system implements multifactor authentication for local access to non-privileged accounts.

Parent Control

IA-2 (4)Identification and Authentication (Organizational Users)Identification and Authentication

Linked STIG Checks (29)

V-252527CAT IThe macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257233CAT IThe macOS system must use multifactor authentication for local access to privileged and nonprivileged accounts.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-222528CAT IIThe application must use multifactor (e.g., CAC, Alt. Token) authentication for local access to nonprivileged accounts.Application Security and Development Security Technical Implementation Guide V-237322CAT IThe ArcGIS Server must use Windows authentication to enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.ArcGIS for Server 10.3 Security Technical Implementation Guide V-219317CAT IIThe Ubuntu operating system must implement smart card logins for multifactor authentication for access to accounts.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238210CAT IIThe Ubuntu operating system must implement smart card logins for multifactor authentication for local and network access to privileged and nonprivileged accounts.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260573CAT IIUbuntu 22.04 LTS must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260575CAT IIUbuntu 22.04 LTS must implement smart card logins for multifactor authentication for local and network access to privileged and nonprivileged accounts.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-235821CAT IISAML integration must be enabled in Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-270910CAT IIDragos Platform must use an Identity Provider (IDP) for authentication and authorization processes.Dragos Platform 2.x Security Technical Implementation Guide V-215436CAT IIThe AIX operating system must use Multi Factor Authentication.IBM AIX 7.x Security Technical Implementation Guide V-224994CAT IIActive Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205701CAT IIWindows Server 2019 Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254415CAT IIWindows Server 2022 Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.Microsoft Windows Server 2022 Security Technical Implementation Guide V-238458CAT IThe DBMS must use multifactor authentication for access to user accounts.Oracle Database 11.2g Security Technical Implementation Guide V-237723CAT IThe DBMS must use multifactor authentication for access to user accounts.Oracle Database 12c Security Technical Implementation Guide V-221703CAT IIThe Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.Oracle Linux 7 Security Technical Implementation Guide V-248702CAT IIOL 8 must implement multifactor authentication for access to interactive accounts.Oracle Linux 8 Security Technical Implementation Guide V-253523CAT IIAccess to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-257983CAT IIRHEL 9 SSHD must accept public key authentication.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258121CAT IIRHEL 9 must use the common access card (CAC) smart card driver.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257543CAT IOpenShift must use FIPS validated LDAP or OpenIDConnect.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-261397CAT IISLEM 5 must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217301CAT IIThe SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-241005CAT IICommon Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.0 Security Technical Implementation Guide V-234066CAT IICommon Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.3 Security Technical Implementation Guide V-254897CAT IIMultifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-253828CAT IIMultifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.x Security Technical Implementation Guide V-252952CAT IITOSS must use multifactor authentication for network and local access to privileged and nonprivileged accounts.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide