STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 5 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-2 (9) — Identification and Authentication (Organizational Users)

CCI-000776

Definition

The information system uses organization-defined replay-resistant authentication mechanisms for network access to non-privileged accounts.

Parent Control

IA-2 (9)Identification and Authentication (Organizational Users)Identification and Authentication

Linked STIG Checks (1)

V-254415CAT IIWindows Server 2022 Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.Microsoft Windows Server 2022 Security Technical Implementation Guide