STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-2 (5) — Identification and Authentication (Organizational Users)

CCI-000770

Definition

The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.

Parent Control

IA-2 (5)Identification and Authentication (Organizational Users)Identification and Authentication

Linked STIG Checks (47)

V-222964CAT ITLS must be enabled on JMX.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252478CAT IIThe macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257184CAT IIThe macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-222529CAT IIThe application must ensure users are authenticated with an individual authenticator prior to using a group authenticator.Application Security and Development Security Technical Implementation Guide V-237322CAT IThe ArcGIS Server must use Windows authentication to enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.ArcGIS for Server 10.3 Security Technical Implementation Guide V-272627CAT IIICylanceON-PREM must be configured to use a third-party identity provider.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-219168CAT IIThe Ubuntu operating system must prevent direct login into the root account.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238329CAT IIThe Ubuntu operating system must prevent direct login into the root account.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260542CAT IIUbuntu 22.04 LTS must prevent direct login into the root account.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-235821CAT IISAML integration must be enabled in Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-217397CAT IIThe BIG-IP appliance must be configured to ensure administrators are authenticated with an individual authenticator prior to using a group authenticator.F5 BIG-IP Device Management Security Technical Implementation Guide V-266085CAT IThe F5 BIG-IP appliance must be configured to use multifactor authentication (MFA) for interactive logins.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-266929CAT IAOS must be configured to use DOD public key infrastructure (PKI) as multifactor authentication (MFA) for interactive logins.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-215178CAT IIDirect logins to the AIX system must not be permitted to shared accounts, default accounts, application accounts, and utility accounts.IBM AIX 7.x Security Technical Implementation Guide V-255828CAT IIThe WebSphere Application Server users in a local user registry group must be authorized for that group.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-213528CAT IIThe JBoss server must be configured to use individual accounts and not generic or shared accounts.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-246947CAT IIONTAP must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-243139CAT IIThe network device must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.Network WLAN AP-IG Management Security Technical Implementation Guide V-243157CAT IIThe network device must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.Network WLAN AP-NIPR Management Security Technical Implementation Guide V-243175CAT IIThe network device must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.Network WLAN Bridge Management Security Technical Implementation Guide V-243193CAT IIThe network device must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.Network WLAN Controller Management Security Technical Implementation Guide V-221703CAT IIThe Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.Oracle Linux 7 Security Technical Implementation Guide V-248613CAT IIOL 8 must not permit direct logons to the root account using remote access via SSH.Oracle Linux 8 Security Technical Implementation Guide V-235965CAT IOracle WebLogic must authenticate users individually prior to using a group authenticator.Oracle WebLogic Server 12c Security Technical Implementation Guide V-253537CAT IIPrisma Cloud Compute must be configured with unique user accounts.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-256906CAT IIAutomation Controller must be configured to authenticate users individually, prior to using a group authenticator.Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide V-230296CAT IIRHEL 8 must not permit direct logons to the root account using remote access via SSH.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-257985CAT IIRHEL 9 must not permit direct logons to the root account using remote access via SSH.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258121CAT IIRHEL 9 must use the common access card (CAC) smart card driver.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257513CAT IOpenShift role-based access controls (RBAC) must be enforced.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-261337CAT IISLEM 5 must deny direct logons to the root account using remote access via SSH.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217267CAT IIThe SUSE operating system must deny direct logons to the root account using remote access via SSH.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-1047CAT IIThe system must not permit root logins using remote access programs such as ssh.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-11979CAT IIThe root account must not be used for direct log in.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-760CAT IIDirect logins must not be permitted to shared, default, application, or utility accounts.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-778CAT IIThe system must prevent the root account from directly logging in except from the system console.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-216340CAT IIThe operating system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.Solaris 11 SPARC Security Technical Implementation Guide V-216105CAT IIThe operating system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.Solaris 11 X86 Security Technical Implementation Guide V-241191CAT ITrend Deep Security must ensure users are authenticated with an individual authenticator prior to using a group authenticator.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242254CAT IThe TippingPoint SMS must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access and to enforce access restrictions.Trend Micro TippingPoint NDM Security Technical Implementation Guide V-252915CAT IITOSS must not permit direct logons to the root account using remote access from outside of the system via SSH.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-240458CAT IThe SLES for vRealize must prevent direct logon into the root account.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-239552CAT IThe SLES for vRealize must prevent direct logon into the root account.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256402CAT IIIThe ESXi host must use Active Directory for local user authentication.VMware vSphere 7.0 ESXi Security Technical Implementation Guide V-256323CAT IIThe vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258737CAT IIIThe ESXi host must uniquely identify and must authenticate organizational users by using Active Directory.VMware vSphere 8.0 ESXi Security Technical Implementation Guide V-258909CAT IIThe vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users.VMware vSphere 8.0 vCenter Security Technical Implementation Guide