STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← IA-2 (11) — Identification and Authentication (Organizational Users)

CCI-001948

Definition

The information system implements multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

Parent Control

IA-2 (11)Identification and Authentication (Organizational Users)Identification and Authentication

Linked STIG Checks (40)

V-237394CAT IIThe CA API Gateway providing user authentication intermediary services must implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.CA API Gateway ALG Security Technical Implementation GuideV-219318CAT IIThe Ubuntu operating system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.Canonical Ubuntu 18.04 LTS Security Technical Implementation GuideV-238230CAT IIThe Ubuntu operating system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.Canonical Ubuntu 20.04 LTS Security Technical Implementation GuideV-260573CAT IIUbuntu 22.04 LTS must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.Canonical Ubuntu 22.04 LTS Security Technical Implementation GuideV-215729CAT IIThe BIG-IP APM module must be configured to require multifactor authentication for remote access with privileged accounts to virtual servers in such a way that one of the factors is provided by a device separate from the system gaining access.F5 BIG-IP Access Policy Manager Security Technical Implementation GuideV-215781CAT IIThe BIG-IP Core implementation providing user authentication intermediary services must be configured to require multifactor authentication for remote access with privileged accounts to virtual servers in such a way that one of the factors is provided by a device separate from the system gaining access.F5 BIG-IP Local Traffic Manager Security Technical Implementation GuideV-266152CAT IThe F5 BIG-IP appliance providing user authentication intermediary services must uniquely identify and authenticate users using redundant authentication servers and multifactor authentication (MFA).F5 BIG-IP TMOS ALG Security Technical Implementation GuideV-215436CAT IIThe AIX operating system must use Multi Factor Authentication.IBM AIX 7.x Security Technical Implementation GuideV-252558CAT IIIBM Aspera Console must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.IBM Aspera Platform 4.2 Security Technical Implementation GuideV-252580CAT IIIBM Aspera Faspex must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.IBM Aspera Platform 4.2 Security Technical Implementation GuideV-252599CAT IIIBM Aspera Shares must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.IBM Aspera Platform 4.2 Security Technical Implementation GuideV-224994CAT IIActive Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.Microsoft Windows Server 2016 Security Technical Implementation GuideV-205701CAT IIWindows Server 2019 Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.Microsoft Windows Server 2019 Security Technical Implementation GuideV-254415CAT IIWindows Server 2022 Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.Microsoft Windows Server 2022 Security Technical Implementation GuideV-221658CAT IIThe Oracle Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon.Oracle Linux 7 Security Technical Implementation GuideV-221895CAT IIThe Oracle Linux operating system must have the required packages for multifactor authentication installed.Oracle Linux 7 Security Technical Implementation GuideV-221896CAT IIThe Oracle Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).Oracle Linux 7 Security Technical Implementation GuideV-221897CAT IIThe Oracle Linux operating system must implement certificate status checking for PKI authentication.Oracle Linux 7 Security Technical Implementation GuideV-248586CAT IIIOL 8 must have the package required for multifactor authentication installed.Oracle Linux 8 Security Technical Implementation GuideV-248587CAT IIOL 8 must implement certificate status checking for multifactor authentication.Oracle Linux 8 Security Technical Implementation GuideV-204397CAT IIThe Red Hat Enterprise Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon.Red Hat Enterprise Linux 7 Security Technical Implementation GuideV-204631CAT IIThe Red Hat Enterprise Linux operating system must have the required packages for multifactor authentication installed.Red Hat Enterprise Linux 7 Security Technical Implementation GuideV-204632CAT IIThe Red Hat Enterprise Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).Red Hat Enterprise Linux 7 Security Technical Implementation GuideV-204633CAT IIThe Red Hat Enterprise Linux operating system must implement certificate status checking for PKI authentication.Red Hat Enterprise Linux 7 Security Technical Implementation GuideV-230273CAT IIRHEL 8 must have the packages required for multifactor authentication installed.Red Hat Enterprise Linux 8 Security Technical Implementation GuideV-230274CAT IIRHEL 8 must implement certificate status checking for multifactor authentication.Red Hat Enterprise Linux 8 Security Technical Implementation GuideV-257838CAT IIRHEL 9 must have the openssl-pkcs11 package installed.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-258122CAT IIRHEL 9 must enable certificate based smart card authentication.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-258123CAT IIRHEL 9 must implement certificate status checking for multifactor authentication.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-258124CAT IIRHEL 9 must have the pcsc-lite package installed.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-258125CAT IIThe pcscd service on RHEL 9 must be active.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-258126CAT IIRHEL 9 must have the opensc package installed.Red Hat Enterprise Linux 9 Security Technical Implementation GuideV-261396CAT IISLEM 5 must have the packages required for multifactor authentication to be installed.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation GuideV-261397CAT IISLEM 5 must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation GuideV-261398CAT IISLEM 5 must implement certificate status checking for multifactor authentication.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation GuideV-217299CAT IIThe SUSE operating system must have the packages required for multifactor authentication to be installed.SUSE Linux Enterprise Server 12 Security Technical Implementation GuideV-217300CAT IIThe SUSE operating system must implement certificate status checking for multifactor authentication.SUSE Linux Enterprise Server 12 Security Technical Implementation GuideV-217301CAT IIThe SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).SUSE Linux Enterprise Server 12 Security Technical Implementation GuideV-94287CAT IISymantec ProxySG providing user authentication intermediary services must implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.Symantec ProxySG ALG Security Technical Implementation GuideV-252932CAT IITOSS must have the packages required for multifactor authentication installed.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide