STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-3 — Device Identification and Authentication

CCI-000778

Definition

Uniquely identify organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection.

Parent Control

IA-3Device Identification and AuthenticationIdentification and Authentication

Linked STIG Checks (91)

V-204663CAT IIAAA Services used for 802.1x must be configured to uniquely identify network endpoints (supplicants) before the authenticator establishes any connection.AAA Services Security Requirements Guide V-268139CAT IINixOS must enable USBguard.Anduril NixOS Security Technical Implementation Guide V-222532CAT IIThe application must utilize mutual authentication when endpoint device non-repudiation protections are required by DoD policy or by the data owner.Application Security and Development Security Technical Implementation Guide V-237322CAT IThe ArcGIS Server must use Windows authentication to enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.ArcGIS for Server 10.3 Security Technical Implementation Guide V-255968CAT IThe Arista MLS layer 2 switch must uniquely identify all network-connected endpoint devices before establishing any connection.Arista MLS EOS 4.2x L2S Security Technical Implementation Guide V-255968CAT IThe Arista MLS layer 2 switch must uniquely identify all network-connected endpoint devices before establishing any connection.Arista MLS EOS 4.X L2S Security Technical Implementation Guide V-214664CAT IIThe Arista Multilayer Switch must uniquely identify all network-connected endpoint devices before establishing any connection.Arista Multilayer Switch DCS-7000 Series L2S Security Technical Implementation Guide V-276005CAT IIAx-OS must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-272421CAT IIThe BIND 9.x server implementation must use separate TSIG key-pairs when securing server-to-server transactions.BIND 9.x Security Technical Implementation Guide V-272435CAT IThe BIND 9.x server implementation must uniquely identify and authenticate the other DNS server before responding to a server-to-server transaction, zone transfer, and/or dynamic update request using cryptographically based bidirectional authentication to protect the integrity of the information in transit.BIND 9.x Security Technical Implementation Guide V-274872CAT IIUbuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user interface autorun function.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-272029CAT IThe Cisco ACI layer 2 switch must uniquely identify all network-connected endpoint devices before establishing any connection.Cisco ACI Layer 2 Switch Security Technical Implementation Guide V-239961CAT IIThe Cisco ASA VPN gateway must be configured to identify all peers before establishing a connection.Cisco ASA VPN Security Technical Implementation Guide V-220623CAT IThe Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection.Cisco IOS Switch L2S Security Technical Implementation Guide V-220649CAT IThe Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection.Cisco IOS XE Switch L2S Security Technical Implementation Guide V-242600CAT IIThe Cisco ISE must deny network connection for endpoints that cannot be authenticated using an approved method. This is required for compliance with C2C Step 4.Cisco ISE NAC Security Technical Implementation Guide V-220675CAT IThe Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection.Cisco NX OS Switch L2S Security Technical Implementation Guide V-269357CAT IIAlmaLinux OS 9 must be configured to disable USB mass storage.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269377CAT IIAlmaLinux OS 9 must disable the graphical user interface automount function unless required.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269378CAT IIAlmaLinux OS 9 must prevent a user from overriding the disabling of the graphical user interface automount function.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269379CAT IIAlmaLinux OS 9 must prevent a user from overriding the disabling of the graphical user interface autorun function.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269383CAT IIAlmaLinux OS 9 must not have the autofs package installed.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233086CAT IIThe container platform must uniquely identify all network-connected nodes before establishing any connection.Container Platform Security Requirements Guide V-269953CAT IThe Dell OS10 Switch must uniquely identify all network-connected endpoint devices before establishing any connection.Dell OS10 Switch Layer 2 Switch Security Technical Implementation Guide V-205169CAT IIThe DNS server implementation must uniquely identify the other DNS server before responding to a server-to-server transaction.Domain Name System (DNS) Security Requirements Guide V-279955CAT IIA unique TSIG key must be generated for each pair of communicating hosts.Domain Name System (DNS) Security Requirements Guide V-260012CAT IIThe Enterprise Voice, Video, and Messaging Session Manager must be configured to uniquely identify each Voice Video Endpoint device before registration.Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide V-266171CAT IIThe F5 BIG-IP must be configured to identify and authenticate all endpoint devices or peers before establishing a connection.F5 BIG-IP TMOS ALG Security Technical Implementation Guide V-265982CAT IIAn authoritative name server must be configured to enable DNSSEC Resource Records.F5 BIG-IP TMOS DNS Security Technical Implementation Guide V-233338CAT IIForescout must deny network connection for endpoints that cannot be authenticated using an approved method. This is required for compliance with C2C Step 4.Forescout Network Access Control Security Technical Implementation Guide V-203647CAT IIThe operating system must uniquely identify peripherals before establishing a connection.General Purpose Operating System Security Requirements Guide V-266987CAT IIAOS, when used as a VPN Gateway, must uniquely identify all network-connected endpoint devices before establishing a connection.HPE Aruba Networking AOS VPN Security Technical Implementation Guide V-215186CAT IIAIX must configure the ttys value for all interactive users.IBM AIX 7.x Security Technical Implementation Guide V-255797CAT IIThe MQ Appliance messaging server must uniquely identify all network-connected endpoint devices before establishing any connection.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-255831CAT IThe WebSphere Application Server Single Sign On (SSO) must have SSL enabled for Web and SIP Security.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-214164CAT IIInfoblox systems which are configured to perform zone transfers to non-Grid name servers must utilize transaction signatures (TSIG).Infoblox 7.x DNS Security Technical Implementation Guide V-233899CAT IIWhen using third-party DNS servers for zone transfers, each DNS server must use TSIG to uniquely identify the other server.Infoblox 8.x DNS Security Technical Implementation Guide V-217099CAT IIThe JBoss server must be configured to bind the management interfaces to only management networks.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-253949CAT IThe Juniper EX switch must be configured to uniquely identify all network-connected endpoint devices before establishing any connection.Juniper EX Series Switches Layer 2 Switch Security Technical Implementation Guide V-206647CAT IThe layer 2 switch must uniquely identify all network-connected endpoint devices before establishing any connection.Layer 2 Switch Security Requirements Guide V-215600CAT IIThe Windows 2012 DNS Server must uniquely identify the other DNS server before responding to a server-to-server transaction.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide V-259363CAT IIThe Windows DNS Server must uniquely identify the other DNS server before responding to a server-to-server transaction.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V-260931CAT IIIPSec network encryption must be configured.Mirantis Kubernetes Engine Security Technical Implementation Guide V-254206CAT IINutanix AOS must be configured to disable USB mass storage devices.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279601CAT IINutanix OS must not install autofs.service.Nutanix Acropolis GPOS Security Technical Implementation Guide V-279602CAT IINutanix OS must disable the ability to use USB mass storage devices.Nutanix Acropolis GPOS Security Technical Implementation Guide V-221712CAT IIThe Oracle Linux operating system must be configured to disable USB mass storage.Oracle Linux 7 Security Technical Implementation Guide V-221714CAT IIThe Oracle Linux operating system must disable the file system automounter unless required.Oracle Linux 7 Security Technical Implementation Guide V-228567CAT IIThe Oracle Linux operating system must disable the graphical user interface automounter unless required.Oracle Linux 7 Security Technical Implementation Guide V-248836CAT IIThe OL 8 file system automounter must be disabled.Oracle Linux 8 Security Technical Implementation Guide V-248837CAT IIOL 8 must be configured to disable the ability to use USB mass storage devices.Oracle Linux 8 Security Technical Implementation Guide V-271450CAT IIOL 9 must be configured to disable USB mass storage.Oracle Linux 9 Security Technical Implementation Guide V-271639CAT IIOL 9 file system automount function must be disabled unless required.Oracle Linux 9 Security Technical Implementation Guide V-271670CAT IIOL 9 must disable the graphical user interface automount function unless required.Oracle Linux 9 Security Technical Implementation Guide V-271678CAT IIOL 9 must prevent a user from overriding the disabling of the graphical user interface automount function.Oracle Linux 9 Security Technical Implementation Guide V-271679CAT IIOL 9 must prevent a user from overriding the disabling of the graphical user interface autorun function.Oracle Linux 9 Security Technical Implementation Guide V-273673CAT IThe RUCKUS ICX switch must uniquely identify all network-connected endpoint devices before establishing any connection.RUCKUS ICX Layer 2 Switch Security Technical Implementation Guide V-281273CAT IIRHEL 10 must prevent a user from overriding the disabling of the graphical user interface automount function.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281274CAT IIRHEL 10 must prevent a user from overriding the disabling of the graphical user interface autorun function.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281288CAT IIRHEL 10 must be configured to disable USB mass storage.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281291CAT IIRHEL 10 must disable the graphical user interface automounter unless required.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281292CAT IIIRHEL 10 must disable the graphical user interface autorunner unless required.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281323CAT IIRHEL 10 must disable file system automount function unless required.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204449CAT IIThe Red Hat Enterprise Linux operating system must be configured to disable USB mass storage.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204451CAT IIThe Red Hat Enterprise Linux operating system must disable the file system automounter unless required.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-219059CAT IIThe Red Hat Enterprise Linux operating system must disable the graphical user interface automounter unless required.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-230502CAT IIThe RHEL 8 file system automounter must be disabled.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-230503CAT IIRHEL 8 must be configured to disable USB mass storage.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-257849CAT IIRHEL 9 file system automount function must be disabled unless required.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258014CAT IIRHEL 9 must disable the graphical user interface automount function unless required.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258015CAT IIRHEL 9 must prevent a user from overriding the disabling of the graphical user interface automount function.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258017CAT IIRHEL 9 must prevent a user from overriding the disabling of the graphical user interface autorun function.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258034CAT IIRHEL 9 must be configured to disable USB mass storage.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-92263CAT IThe SEL-2740S must uniquely identify all network-connected endpoint devices before establishing any connection.SEL-2740S L2S Security Technical Implementation Guide V-261286CAT IISLEM 5 must disable the file system automounter.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217156CAT IIThe SUSE operating system must disable the file system automounter.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-240976CAT IIThe Tanium endpoint must have the Tanium Servers public key in its installation, which will allow it to authenticate and uniquely identify all network-connected endpoint devices before establishing any connection.Tanium 7.0 Security Technical Implementation Guide V-234035CAT IIThe Tanium endpoint must have the Tanium Servers public key in its installation.Tanium 7.3 Security Technical Implementation Guide V-254909CAT IIThe Tanium endpoint must have the Tanium Servers public key in its installation.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-253805CAT IIThe Tanium endpoint must have the Tanium Server's pki.db in its installation.Tanium 7.x Security Technical Implementation Guide V-252916CAT IIThe TOSS file system automounter must be disabled unless required.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-253082CAT IITOSS must be configured to disable USB mass storage.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282497CAT IITOSS 5 file system automount function must be disabled unless required.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282498CAT IITOSS 5 must disable the graphical user interface automount function unless required.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282499CAT IITOSS 5 must prevent a user from overriding the disabling of the graphical user interface automount function.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282500CAT IITOSS 5 must prevent a user from overriding the disabling of the graphical user interface autorun function.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282501CAT IITOSS 5 must be configured to disable USB mass storage.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-256509CAT IIThe Photon operating system must disable the loading of unnecessary kernel modules.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-258825CAT IIThe Photon operating system must disable unnecessary kernel modules.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-207394CAT IIThe VMM must uniquely identify peripherals before establishing a connection.Virtual Machine Manager Security Requirements Guide V-207213CAT IIThe VPN Gateway must uniquely identify all network-connected endpoint devices before establishing a connection.Virtual Private Network (VPN) Security Requirements Guide