STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← IA-8 — Identification and Authentication (Non-Organizational Users)

CCI-000804

Definition

Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.

Parent Control

IA-8Identification and Authentication (Non-Organizational Users)Identification and Authentication

Linked STIG Checks (89)

V-243486CAT IIThe Anonymous Logon and Everyone groups must not be members of the Pre-Windows 2000 Compatible Access group.Active Directory Domain Security Technical Implementation GuideV-76419CAT IIKona Site Defender must not strip origin-defined HTTP session headers.Akamai KSD Service Impact Level 2 ALG Security Technical Implementation GuideV-274159CAT IIAmazon Linux 2023 must insure all interactive users have a primary group that exists.Amazon Linux 2023 Security Technical Implementation GuideV-274160CAT IIAmazon Linux 2023 must ensure all interactive users have unique User IDs (UIDs).Amazon Linux 2023 Security Technical Implementation GuideV-268135CAT IINixOS must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users).Anduril NixOS Security Technical Implementation GuideV-204952CAT IIThe ALG providing user authentication intermediary services must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).Application Layer Gateway Security Requirements GuideV-222556CAT IIThe application must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).Application Security and Development Security Technical Implementation GuideV-237322CAT IThe ArcGIS Server must use Windows authentication to enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.ArcGIS for Server 10.3 Security Technical Implementation GuideV-276012CAT IAx-OS must have no local accounts for the user interface.Axonius Federal Systems Ax-OS Security Technical Implementation GuideV-237368CAT IIThe CA API Gateway providing user authentication intermediary services must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).CA API Gateway ALG Security Technical Implementation GuideV-251615CAT IIThe DBMS must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).CA IDMS Security Technical Implementation GuideV-219325CAT IIThe Ubuntu operating system must uniquely identify interactive users.Canonical Ubuntu 18.04 LTS Security Technical Implementation GuideV-238205CAT IIThe Ubuntu operating system must uniquely identify interactive users.Canonical Ubuntu 20.04 LTS Security Technical Implementation GuideV-260543CAT IIUbuntu 22.04 LTS must uniquely identify interactive users.Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-270720CAT IIUbuntu 24.04 LTS must uniquely identify interactive users.Canonical Ubuntu 24.04 LTS Security Technical Implementation GuideV-269365CAT IIDuplicate User IDs (UIDs) must not exist for interactive users.Cloud Linux AlmaLinux OS 9 Security Technical Implementation GuideV-233524CAT IIPostgreSQL must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).Crunchy Data PostgreSQL Security Technical Implementation GuideV-261897CAT IIPostgreSQL must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).Crunchy Data Postgres 16 Security Technical Implementation GuideV-206563CAT IIThe DBMS must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).Database Security Requirements GuideV-224175CAT IIThe DBMS must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).EDB Postgres Advanced Server v11 on Windows Security Technical Implementation GuideV-259256CAT IIThe EDB Postgres Advanced Server must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation GuideV-215723CAT IIThe BIG-IP APM module must be configured to uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users) when connecting to virtual servers.F5 BIG-IP Access Policy Manager Security Technical Implementation GuideV-215764CAT IIThe BIG-IP Core implementation must be configured to uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users) when connecting to virtual servers.F5 BIG-IP Local Traffic Manager Security Technical Implementation GuideV-266152CAT IThe F5 BIG-IP appliance providing user authentication intermediary services must uniquely identify and authenticate users using redundant authentication servers and multifactor authentication (MFA).F5 BIG-IP TMOS ALG Security Technical Implementation GuideV-203650CAT IIThe operating system must uniquely identify and must authenticate non-organizational users (or processes acting on behalf of non-organizational users).General Purpose Operating System Security Requirements GuideV-215176CAT IAll accounts on AIX must be assigned unique User Identification Numbers (UIDs) and must authenticate organizational and non-organizational users (or processes acting on behalf of these users).IBM AIX 7.x Security Technical Implementation GuideV-252584CAT IIIBM Aspera Faspex must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).IBM Aspera Platform 4.2 Security Technical Implementation GuideV-252602CAT IIIBM Aspera Shares must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).IBM Aspera Platform 4.2 Security Technical Implementation GuideV-65229CAT IIThe DataPower Gateway providing user authentication intermediary services must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).IBM DataPower ALG Security Technical Implementation GuideV-223497CAT IICA-ACF2 defined user accounts must uniquely identify system users.IBM z/OS ACF2 Security Technical Implementation GuideV-223722CAT IIIBM RACF user accounts must uniquely identify system users.IBM z/OS RACF Security Technical Implementation GuideV-223744CAT IIIBM z/OS startup parameters for the FTP server must have the INACTIVE statement properly set.IBM z/OS RACF Security Technical Implementation GuideV-223952CAT IICA-TSS user accounts must uniquely identify system users.IBM z/OS TSS Security Technical Implementation GuideV-237917CAT IICA VM:Secure product NORULE record in the SECURITY CONFIG file must be configured to REJECT.IBM zVM Using CA VM:Secure Security Technical Implementation GuideV-237921CAT IIThe IBM z/VM TCP/IP ANONYMOU statement must not be coded in FTP configuration.IBM zVM Using CA VM:Secure Security Technical Implementation GuideV-66669CAT IIThe Juniper SRX Services Gateway VPN must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).Juniper SRX SG VPN Security Technical Implementation GuideV-214688CAT IIThe Juniper SRX Services Gateway VPN must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).Juniper SRX Services Gateway VPN Security Technical Implementation GuideV-213853CAT IISQL Server must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).MS SQL Server 2014 Instance Security Technical Implementation GuideV-213970CAT IISQL Server must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).MS SQL Server 2016 Instance Security Technical Implementation GuideV-205510CAT IIThe Mainframe Product must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).Mainframe Product Security Requirements GuideV-253704CAT IIThe MariaDB must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).MariaDB Enterprise 10.x Security Technical Implementation GuideV-220369CAT IIMarkLogic Server must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).MarkLogic Server v9 Security Technical Implementation GuideV-255337CAT IIAzure SQL Database must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).Microsoft Azure SQL Database Security Technical Implementation GuideV-276249CAT IIAzure SQL Managed Instance must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).Microsoft Azure SQL Managed Instance Security Technical Implementation GuideV-271305CAT IISQL Server must uniquely identify and authenticate users (or processes acting on behalf of organizational users).Microsoft SQL Server 2022 Instance Security Technical Implementation GuideV-220909CAT IIThe built-in guest account must be disabled.Microsoft Windows 10 Security Technical Implementation GuideV-253261CAT IIWindows 11 systems must use a BitLocker PIN with a minimum length of six digits for pre-boot authentication.Microsoft Windows 11 Security Technical Implementation GuideV-253433CAT IIThe built-in guest account must be disabled.Microsoft Windows 11 Security Technical Implementation GuideV-225024CAT IIWindows Server 2016 built-in guest account must be disabled.Microsoft Windows Server 2016 Security Technical Implementation GuideV-205709CAT IIWindows Server 2019 must have the built-in guest account disabled.Microsoft Windows Server 2019 Security Technical Implementation GuideV-254445CAT IIWindows Server 2022 must have the built-in guest account disabled.Microsoft Windows Server 2022 Security Technical Implementation GuideV-278195CAT IIWindows Server 2025 must have the built-in guest account disabled.Microsoft Windows Server 2025 Security Technical Implementation GuideV-221175CAT IIMongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).MongoDB Enterprise Advanced 3.x Security Technical Implementation GuideV-252163CAT IIMongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).MongoDB Enterprise Advanced 4.x Security Technical Implementation GuideV-265923CAT IIMongoDB must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).MongoDB Enterprise Advanced 7.x Security Technical Implementation GuideV-279355CAT IIMongoDB must separate user functionality (including user interface services) from database management functionality.MongoDB Enterprise Advanced 8.x Security Technical Implementation GuideV-219795CAT IIThe DBMS must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).Oracle Database 11.2g Security Technical Implementation GuideV-220311CAT IIThe DBMS must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).Oracle Database 12c Security Technical Implementation GuideV-270570CAT IIOracle Database must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).Oracle Database 19c Security Technical Implementation GuideV-248701CAT IIOL 8 duplicate User IDs (UIDs) must not exist for interactive users.Oracle Linux 8 Security Technical Implementation GuideV-271832CAT IIOL 9 duplicate User IDs (UIDs) must not exist for interactive users.Oracle Linux 9 Security Technical Implementation GuideV-235149CAT IIThe MySQL Database Server 8.0 must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).Oracle MySQL 8.0 Security Technical Implementation GuideV-214061CAT IIPostgreSQL must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).PostgreSQL 9.x Security Technical Implementation GuideV-281172CAT IIRHEL 10 must not allow duplicate user IDs (UIDs) to exist for interactive users.Red Hat Enterprise Linux 10 Security Technical Implementation GuideV-258045CAT IIRHEL 9 duplicate User IDs (UIDs) must not exist for interactive users.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-251230CAT IIRedis Enterprise DBMS must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).Redis Enterprise 6.x Security Technical Implementation GuideV-275634CAT IIUbuntu OS must uniquely identify interactive users.Riverbed NetIM OS Security Technical Implementation GuideV-261361CAT IISLEM 5 must not have duplicate User IDs (UIDs) for interactive users.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation GuideV-217163CAT IIThe SUSE operating system must not have duplicate User IDs (UIDs) for interactive users.SUSE Linux Enterprise Server 12 Security Technical Implementation GuideV-216427CAT IIDuplicate UIDs must not exist for multiple non-organizational users.Solaris 11 SPARC Security Technical Implementation GuideV-216190CAT IIDuplicate UIDs must not exist for multiple non-organizational users.Solaris 11 X86 Security Technical Implementation GuideV-279166CAT IIThe ALG providing user authentication intermediary services must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).Symantec Edge SWG ALG Security Technical Implementation GuideV-254916CAT IIThe Tanium application must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).Tanium 7.x Application on TanOS Security Technical Implementation GuideV-253783CAT IIThe Tanium application must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).Tanium 7.x Security Technical Implementation GuideV-241140CAT IITrend Deep Security must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).Trend Micro Deep Security 9.x Security Technical Implementation GuideV-252951CAT IITOSS duplicate User IDs (UIDs) must not exist for interactive users.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation GuideV-282489CAT IITOSS 5 duplicate User IDs (UIDs) must not exist for interactive users.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation GuideV-240463CAT IIThe SLES for vRealize must uniquely identify and must authenticate non-organizational users (or processes acting on behalf of non-organizational users).VMware vRealize Automation 7.x SLES Security Technical Implementation GuideV-240464CAT IIAll GIDs referenced in /etc/passwd must be defined in /etc/group.VMware vRealize Automation 7.x SLES Security Technical Implementation GuideV-240465CAT IIThe SLES for vRealize must uniquely identify and must authenticate non-organizational users (or processes acting on behalf of non-organizational users).VMware vRealize Automation 7.x SLES Security Technical Implementation GuideV-239557CAT IIThe SLES for vRealize must uniquely identify and must authenticate non-organizational users (or processes acting on behalf of non-organizational users).VMware vRealize Operations Manager 6.x SLES Security Technical Implementation GuideV-239558CAT IIThe SLES for vRealize must uniquely identify and must authenticate non-organizational users (or processes acting on behalf of non-organizational users).VMware vRealize Operations Manager 6.x SLES Security Technical Implementation GuideV-256323CAT IIThe vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users.VMware vSphere 7.0 vCenter Security Technical Implementation GuideV-258909CAT IIThe vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users.VMware vSphere 8.0 vCenter Security Technical Implementation GuideV-207219CAT IIThe VPN Gateway must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).Virtual Private Network (VPN) Security Requirements GuideV-73809CAT IIWindows Server 2016 built-in guest account must be disabled.Windows Server 2016 Security Technical Implementation GuideV-73809CAT IIWindows Server 2016 built-in guest account must be disabled.Windows Server 2016 Security Technical Implementation GuideV-93497CAT IIWindows Server 2019 must have the built-in guest account disabled.Windows Server 2019 Security Technical Implementation GuideV-269574CAT IXylok Security Suite must use a centralized user management solution.Xylok Security Suite 20.x Security Technical Implementation Guide