STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-2 (12) — Identification and Authentication (Organizational Users)

CCI-001953

Definition

Accept Personal Identity Verification-compliant credentials.

Parent Control

IA-2 (12)Identification and Authentication (Organizational Users)Identification and Authentication

Linked STIG Checks (86)

V-279055CAT IColdFusion must be using an enterprise solution for authentication.Adobe ColdFusion Security Technical Implementation Guide V-274036CAT IIAmazon Linux 2023 must have the opensc package installed.Amazon Linux 2023 Security Technical Implementation Guide V-274037CAT IIAmazon Linux 2023 must have the openssl-pkcs11 package installed.Amazon Linux 2023 Security Technical Implementation Guide V-268177CAT IINixOS must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.Anduril NixOS Security Technical Implementation Guide V-222993CAT IIMultifactor certificate-based tokens (CAC) must be used when accessing the management interface.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252477CAT IIThe macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257183CAT IIThe macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DOD PKI-established certificate authorities for verification of the establishment of protected sessions.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268542CAT IIThe macOS system must enforce smart card authentication.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268543CAT IIThe macOS system must allow smart card authentication.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277150CAT IIThe macOS system must enforce smart card authentication.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277151CAT IIThe macOS system must allow smart card authentication.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222524CAT IIThe application must accept Personal Identity Verification (PIV) credentials.Application Security and Development Security Technical Implementation Guide V-204800CAT IThe application server must accept Personal Identity Verification (PIV) credentials to access the management interface.Application Server Security Requirements Guide V-237336CAT IIThe ArcGIS Server must accept and electronically verify Personal Identity Verification (PIV) credentials.ArcGIS for Server 10.3 Security Technical Implementation Guide V-272639CAT IICylanceON-PREM must be configured with a DOD issued certificate (or another authorizing official [AO]-approved certificate).Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-256844CAT ICompliance Guardian must use multifactor authentication for network access to privileged accounts.AvePoint Compliance Guardian Security Technical Implementation Guide V-276012CAT IAx-OS must have no local accounts for the user interface.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-219319CAT IIThe Ubuntu operating system must accept Personal Identity Verification (PIV) credentials.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238231CAT IIThe Ubuntu operating system must accept Personal Identity Verification (PIV) credentials.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260574CAT IIUbuntu 22.04 LTS must accept personal identity verification (PIV) credentials.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270672CAT IIUbuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270673CAT IIUbuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials managed through the Privileged Access Management (PAM) framework.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-206506CAT IIThe Central Log Server must be configured to accept the DoD CAC credential to support identity management and personal authentication.Central Log Server Security Requirements Guide V-239981CAT IIThe Cisco VPN remote access server must be configured to accept Common Access Card (CAC) credential credentials.Cisco ASA VPN Security Technical Implementation Guide V-234252CAT IICitrix StoreFront server must accept Personal Identity Verification (PIV) credentials.Citrix Virtual Apps and Desktop 7.x StoreFront Security Technical Implementation Guide V-234262CAT IICitrix Workspace must accept Personal Identity Verification (PIV) credentials.Citrix Virtual Apps and Desktop 7.x Workspace App Security Technical Implementation Guide V-234262CAT IICitrix Workspace must accept Personal Identity Verification (PIV) credentials.Citrix Virtual Apps and Desktop 7.x Workspace App Security Technical Implementation Guide V-213209CAT IICitrix Receiver must accept Personal Identity Verification (PIV) credentials.Citrix XenDesktop 7.x Receiver Security Technical Implementation Guide V-213211CAT IIXenDesktop StoreFront must accept Personal Identity Verification (PIV) credentials.Citrix XenDesktop 7.x StoreFront Security Technical Implementation Guide V-269373CAT IIAlmaLinux OS 9 must have the openssl-pkcs11 package installed.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233195CAT IIThe container platform must be configured to use multi-factor authentication for user authentication.Container Platform Security Requirements Guide V-235780CAT IILDAP integration in Docker Enterprise must be configured.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235821CAT IISAML integration must be enabled in Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-271034CAT IIDragos Platform must accept the DOD CAC or other PKI credential for identity management and personal authentication.Dragos Platform 2.x Security Technical Implementation Guide V-278400CAT IINGINX must accept Personal Identity Verification (PIV) credentials.F5 NGINX Security Technical Implementation Guide V-203728CAT IIThe operating system must accept Personal Identity Verification (PIV) credentials.General Purpose Operating System Security Requirements Guide V-266995CAT IIThe VPN Gateway must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).HPE Aruba Networking AOS VPN Security Technical Implementation Guide V-215441CAT IIThe AIX operating system must accept and verify Personal Identity Verification (PIV) credentials.IBM AIX 7.x Security Technical Implementation Guide V-255762CAT IIWebGUI access to the MQ Appliance network device must accept Personal Identity Verification (PIV) credentials.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-255865CAT IIThe WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-224769CAT IIIThe ISEC7 SPHERE must accept Personal Identity Verification (PIV) credentials.ISEC7 Sphere Security Technical Implementation Guide V-205570CAT IIThe Mainframe Product must accept Personal Identity Verification (PIV) credentials.Mainframe Product Security Requirements Guide V-228404CAT IIExchange Outlook Anywhere clients must use NTLM authentication to access email.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-259703CAT IIExchange Outlook Anywhere clients must use NTLM authentication to access email.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-260909CAT IIMKE must be configured to integrate with an Enterprise Identity Provider.Mirantis Kubernetes Engine Security Technical Implementation Guide V-254111CAT IINutanix AOS must accept Personal Identity Verification (PIV) credentials to access the management interface.Nutanix AOS 5.20.x Application Security Technical Implementation Guide V-273204CAT IIOkta must be configured to accept Personal Identity Verification (PIV) credentials.Okta Identity as a Service (IDaaS) Security Technical Implementation Guide V-221895CAT IIThe Oracle Linux operating system must have the required packages for multifactor authentication installed.Oracle Linux 7 Security Technical Implementation Guide V-221896CAT IIThe Oracle Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).Oracle Linux 7 Security Technical Implementation Guide V-221897CAT IIThe Oracle Linux operating system must implement certificate status checking for PKI authentication.Oracle Linux 7 Security Technical Implementation Guide V-248588CAT IIOL 8 must accept Personal Identity Verification (PIV) credentials.Oracle Linux 8 Security Technical Implementation Guide V-271491CAT IIOL 9 must have the openssl-pkcs11 package installed.Oracle Linux 9 Security Technical Implementation Guide V-271515CAT IIOL 9 must have the opensc package installed.Oracle Linux 9 Security Technical Implementation Guide V-228667CAT IIThe Palo Alto Networks security platform must accept and verify Personal Identity Verification (PIV) credentials.Palo Alto Networks NDM Security Technical Implementation Guide V-253538CAT IIPrisma Cloud Compute local accounts must enforce strong password requirements.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-253539CAT IIPrisma Cloud Compute must be configured to require local user accounts to use x.509 multifactor authentication.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-280975CAT IIRHEL 10 must have the "opensc" package installed.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204397CAT IIThe Red Hat Enterprise Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204631CAT IIThe Red Hat Enterprise Linux operating system must have the required packages for multifactor authentication installed.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204632CAT IIThe Red Hat Enterprise Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204633CAT IIThe Red Hat Enterprise Linux operating system must implement certificate status checking for PKI authentication.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-230275CAT IIRHEL 8 must accept Personal Identity Verification (PIV) credentials.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-257838CAT IIRHEL 9 must have the openssl-pkcs11 package installed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258126CAT IIRHEL 9 must have the opensc package installed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257543CAT IOpenShift must use FIPS validated LDAP or OpenIDConnect.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-254093CAT IInnoslate must use multifactor authentication for network access to privileged and non-privileged accounts.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-261396CAT IISLEM 5 must have the packages required for multifactor authentication to be installed.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261397CAT IISLEM 5 must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261398CAT IISLEM 5 must implement certificate status checking for multifactor authentication.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217299CAT IIThe SUSE operating system must have the packages required for multifactor authentication to be installed.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217300CAT IIThe SUSE operating system must implement certificate status checking for multifactor authentication.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217301CAT IIThe SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-281377CAT IITCMax must accept personal identity verification (PIV) credentials.Soaring Software Solutions TCMax 9.x Security Technical Implementation Guide V-221605CAT IISplunk Enterprise must use an SSO proxy service, F5 device, or SAML implementation to accept the DOD common access card (CAC) or other smart card credential for identity management, personal authentication, and multifactor authentication.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251692CAT ISplunk Enterprise must accept the DOD CAC or other PKI credential for identity management and personal authentication.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-241005CAT IICommon Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.0 Security Technical Implementation Guide V-234066CAT IICommon Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.3 Security Technical Implementation Guide V-254897CAT IIMultifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-253798CAT IIThe Tanium application must accept Personal Identity Verification (PIV) credentials.Tanium 7.x Security Technical Implementation Guide V-253090CAT IITOSS must accept Personal Identity Verification (PIV) credentials.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282592CAT IITOSS 5 must have the opensc package installed.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-256324CAT IIThe vCenter Server must require multifactor authentication.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258910CAT IIThe vCenter Server must require multifactor authentication.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-207481CAT IIThe VMM must accept Personal Identity Verification (PIV) credentials.Virtual Machine Manager Security Requirements Guide V-207239CAT IIThe VPN Gateway must accept the Common Access Card (CAC) credential.Virtual Private Network (VPN) Security Requirements Guide V-269574CAT IXylok Security Suite must use a centralized user management solution.Xylok Security Suite 20.x Security Technical Implementation Guide