The organization defines the strength of mechanism requirements for the device that is separate from the system gaining access to privileged accounts.
No STIG checks reference this CCI.