STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-2 (12) — Identification and Authentication (Organizational Users)

CCI-001954

Definition

Electronically verify Personal Identity Verification-compliant credentials.

Parent Control

IA-2 (12)Identification and Authentication (Organizational Users)Identification and Authentication

Linked STIG Checks (71)

V-279055CAT IColdFusion must be using an enterprise solution for authentication.Adobe ColdFusion Security Technical Implementation Guide V-274037CAT IIAmazon Linux 2023 must have the openssl-pkcs11 package installed.Amazon Linux 2023 Security Technical Implementation Guide V-274061CAT IIAmazon Linux 2023 must implement certificate status checking for multifactor authentication.Amazon Linux 2023 Security Technical Implementation Guide V-268177CAT IINixOS must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.Anduril NixOS Security Technical Implementation Guide V-222993CAT IIMultifactor certificate-based tokens (CAC) must be used when accessing the management interface.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252477CAT IIThe macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257183CAT IIThe macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DOD PKI-established certificate authorities for verification of the establishment of protected sessions.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268471CAT IIThe macOS system must set smart card certificate trust to moderate.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277078CAT IIThe macOS system must set smart card certificate trust to moderate.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222525CAT IIThe application must electronically verify Personal Identity Verification (PIV) credentials.Application Security and Development Security Technical Implementation Guide V-204801CAT IThe application server must electronically verify Personal Identity Verification (PIV) credentials for access to the management interface.Application Server Security Requirements Guide V-237336CAT IIThe ArcGIS Server must accept and electronically verify Personal Identity Verification (PIV) credentials.ArcGIS for Server 10.3 Security Technical Implementation Guide V-272639CAT IICylanceON-PREM must be configured with a DOD issued certificate (or another authorizing official [AO]-approved certificate).Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-256844CAT ICompliance Guardian must use multifactor authentication for network access to privileged accounts.AvePoint Compliance Guardian Security Technical Implementation Guide V-276012CAT IAx-OS must have no local accounts for the user interface.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-219317CAT IIThe Ubuntu operating system must implement smart card logins for multifactor authentication for access to accounts.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219320CAT IIThe Ubuntu operating system must implement certificate status checking for multifactor authentication.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238232CAT IIThe Ubuntu operating system must electronically verify Personal Identity Verification (PIV) credentials.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260576CAT IIUbuntu 22.04 LTS must electronically verify personal identity verification (PIV) credentials.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270723CAT IIUbuntu 24.04 LTS must electronically verify Personal Identity Verification (PIV) credentials.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-206507CAT IIThe Central Log Server must be configured to electronically verify the DoD CAC credential.Central Log Server Security Requirements Guide V-234252CAT IICitrix StoreFront server must accept Personal Identity Verification (PIV) credentials.Citrix Virtual Apps and Desktop 7.x StoreFront Security Technical Implementation Guide V-234262CAT IICitrix Workspace must accept Personal Identity Verification (PIV) credentials.Citrix Virtual Apps and Desktop 7.x Workspace App Security Technical Implementation Guide V-213209CAT IICitrix Receiver must accept Personal Identity Verification (PIV) credentials.Citrix XenDesktop 7.x Receiver Security Technical Implementation Guide V-213211CAT IIXenDesktop StoreFront must accept Personal Identity Verification (PIV) credentials.Citrix XenDesktop 7.x StoreFront Security Technical Implementation Guide V-259875CAT IIThe cloud service offering (CSO) must be configured to use DOD public key infrastructure (PKI) to uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).Cloud Computing Mission Owner Operating System Security Requirements Guide V-269373CAT IIAlmaLinux OS 9 must have the openssl-pkcs11 package installed.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-235780CAT IILDAP integration in Docker Enterprise must be configured.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235821CAT IISAML integration must be enabled in Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-271034CAT IIDragos Platform must accept the DOD CAC or other PKI credential for identity management and personal authentication.Dragos Platform 2.x Security Technical Implementation Guide V-278400CAT IINGINX must accept Personal Identity Verification (PIV) credentials.F5 NGINX Security Technical Implementation Guide V-203729CAT IIThe operating system must electronically verify Personal Identity Verification (PIV) credentials.General Purpose Operating System Security Requirements Guide V-215441CAT IIThe AIX operating system must accept and verify Personal Identity Verification (PIV) credentials.IBM AIX 7.x Security Technical Implementation Guide V-255763CAT IIWebGUI access to the MQ Appliance network device must electronically verify Personal Identity Verification (PIV) credentials.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-255865CAT IIThe WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-258589CAT IThe ICS must be configured to use multifactor authentication (e.g., DOD PKI) for network access to nonprivileged accounts.Ivanti Connect Secure VPN Security Technical Implementation Guide V-205571CAT IIThe Mainframe Product must electronically verify Personal Identity Verification (PIV) credentials.Mainframe Product Security Requirements Guide V-223042CAT IIPrevent ignoring certificate errors option must be enabled.Microsoft Internet Explorer 11 Security Technical Implementation Guide V-254111CAT IINutanix AOS must accept Personal Identity Verification (PIV) credentials to access the management interface.Nutanix AOS 5.20.x Application Security Technical Implementation Guide V-221895CAT IIThe Oracle Linux operating system must have the required packages for multifactor authentication installed.Oracle Linux 7 Security Technical Implementation Guide V-221896CAT IIThe Oracle Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).Oracle Linux 7 Security Technical Implementation Guide V-221897CAT IIThe Oracle Linux operating system must implement certificate status checking for PKI authentication.Oracle Linux 7 Security Technical Implementation Guide V-248587CAT IIOL 8 must implement certificate status checking for multifactor authentication.Oracle Linux 8 Security Technical Implementation Guide V-271491CAT IIOL 9 must have the openssl-pkcs11 package installed.Oracle Linux 9 Security Technical Implementation Guide V-271608CAT IIOL 9 must implement certificate status checking for multifactor authentication (MFA).Oracle Linux 9 Security Technical Implementation Guide V-281005CAT IIRHEL 10 must have the "pkcs11-provider" package installed.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281325CAT IIRHEL 10 must implement certificate status checking for multifactor authentication.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204397CAT IIThe Red Hat Enterprise Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204631CAT IIThe Red Hat Enterprise Linux operating system must have the required packages for multifactor authentication installed.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204632CAT IIThe Red Hat Enterprise Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204633CAT IIThe Red Hat Enterprise Linux operating system must implement certificate status checking for PKI authentication.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-257838CAT IIRHEL 9 must have the openssl-pkcs11 package installed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258123CAT IIRHEL 9 must implement certificate status checking for multifactor authentication.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-254093CAT IInnoslate must use multifactor authentication for network access to privileged and non-privileged accounts.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-261396CAT IISLEM 5 must have the packages required for multifactor authentication to be installed.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261397CAT IISLEM 5 must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-261398CAT IISLEM 5 must implement certificate status checking for multifactor authentication.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217299CAT IIThe SUSE operating system must have the packages required for multifactor authentication to be installed.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217300CAT IIThe SUSE operating system must implement certificate status checking for multifactor authentication.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-217301CAT IIThe SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-281377CAT IITCMax must accept personal identity verification (PIV) credentials.Soaring Software Solutions TCMax 9.x Security Technical Implementation Guide V-241005CAT IICommon Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.0 Security Technical Implementation Guide V-234066CAT IICommon Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.3 Security Technical Implementation Guide V-254897CAT IIMultifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-253799CAT IIThe Tanium application must electronically verify Personal Identity Verification (PIV) credentials.Tanium 7.x Security Technical Implementation Guide V-282592CAT IITOSS 5 must have the opensc package installed.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-256333CAT IIThe vCenter Server must enable revocation checking for certificate-based authentication.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258919CAT IIThe vCenter Server must enable revocation checking for certificate-based authentication.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-207482CAT IIThe VMM must electronically verify Personal Identity Verification (PIV) credentials.Virtual Machine Manager Security Requirements Guide V-207240CAT IIThe VPN Gateway must electronically verify the Common Access Card (CAC) credential.Virtual Private Network (VPN) Security Requirements Guide V-269574CAT IXylok Security Suite must use a centralized user management solution.Xylok Security Suite 20.x Security Technical Implementation Guide