STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← IA-2 (11) — Identification and Authentication (Organizational Users)

CCI-001951

Definition

The information system implements multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

Parent Control

IA-2 (11)Identification and Authentication (Organizational Users)Identification and Authentication

Linked STIG Checks (11)

V-237393CAT IIThe CA API Gateway providing user authentication intermediary services must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.CA API Gateway ALG Security Technical Implementation GuideV-215728CAT IIThe BIG-IP APM module must be configured to require multifactor authentication for remote access with non-privileged accounts to virtual servers in such a way that one of the factors is provided by a device separate from the system gaining access.F5 BIG-IP Access Policy Manager Security Technical Implementation GuideV-215780CAT IIA BIG-IP Core implementation providing user authentication intermediary services must be configured to require multifactor authentication for remote access to non-privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.F5 BIG-IP Local Traffic Manager Security Technical Implementation GuideV-266152CAT IThe F5 BIG-IP appliance providing user authentication intermediary services must uniquely identify and authenticate users using redundant authentication servers and multifactor authentication (MFA).F5 BIG-IP TMOS ALG Security Technical Implementation GuideV-237581CAT IICounterACT, when providing user authentication intermediary services, must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.ForeScout CounterACT ALG Security Technical Implementation GuideV-252558CAT IIIBM Aspera Console must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.IBM Aspera Platform 4.2 Security Technical Implementation GuideV-252580CAT IIIBM Aspera Faspex must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.IBM Aspera Platform 4.2 Security Technical Implementation GuideV-252599CAT IIIBM Aspera Shares must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.IBM Aspera Platform 4.2 Security Technical Implementation GuideV-251031CAT IIThe Sentry providing mobile device authentication intermediary services must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.Ivanti MobileIron Sentry 9.x ALG Security Technical Implementation GuideV-251031CAT IIThe Sentry providing mobile device authentication intermediary services must implement multifactor authentication for remote access to nonprivileged accounts such that one of the factors is provided by a device separate from the system gaining access.Ivanti Sentry 9.x ALG Security Technical Implementation GuideV-94285CAT IISymantec ProxySG providing user authentication intermediary services must implement multifactor authentication for remote access to nonprivileged accounts such that one of the factors is provided by a device separate from the system gaining access.Symantec ProxySG ALG Security Technical Implementation Guide