STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 4 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-8 (1) — Identification and Authentication (Non-Organizational Users)

CCI-002009

Definition

Accept Personal Identity Verification-compliant credentials from other federal agencies.

Parent Control

IA-8 (1)Identification and Authentication (Non-Organizational Users)Identification and Authentication

Linked STIG Checks (29)

V-279055CAT IColdFusion must be using an enterprise solution for authentication.Adobe ColdFusion Security Technical Implementation Guide V-222993CAT IIMultifactor certificate-based tokens (CAC) must be used when accessing the management interface.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-222557CAT IIThe application must accept Personal Identity Verification (PIV) credentials from other federal agencies.Application Security and Development Security Technical Implementation Guide V-204806CAT IIThe application server must accept Personal Identity Verification (PIV) credentials from other federal agencies to access the management interface.Application Server Security Requirements Guide V-272639CAT IICylanceON-PREM must be configured with a DOD issued certificate (or another authorizing official [AO]-approved certificate).Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-256844CAT ICompliance Guardian must use multifactor authentication for network access to privileged accounts.AvePoint Compliance Guardian Security Technical Implementation Guide V-276012CAT IAx-OS must have no local accounts for the user interface.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-233202CAT IIThe container platform must accept Personal Identity Verification (PIV) credentials from other federal agencies.Container Platform Security Requirements Guide V-235821CAT IISAML integration must be enabled in Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-271034CAT IIDragos Platform must accept the DOD CAC or other PKI credential for identity management and personal authentication.Dragos Platform 2.x Security Technical Implementation Guide V-278400CAT IINGINX must accept Personal Identity Verification (PIV) credentials.F5 NGINX Security Technical Implementation Guide V-250335CAT IMultifactor authentication for network access to privileged accounts must be used.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255865CAT IIThe WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255876CAT IIThe WebSphere Application Server must accept Personal Identity Verification (PIV) credentials from other federal agencies to access the management interface.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-205574CAT IIThe Mainframe Product must accept Personal Identity Verification (PIV) credentials from other federal agencies.Mainframe Product Security Requirements Guide V-260909CAT IIMKE must be configured to integrate with an Enterprise Identity Provider.Mirantis Kubernetes Engine Security Technical Implementation Guide V-254111CAT IINutanix AOS must accept Personal Identity Verification (PIV) credentials to access the management interface.Nutanix AOS 5.20.x Application Security Technical Implementation Guide V-279434CAT INutanix AOS must use multifactor authentication for access to privileged and nonprivileged accounts by enabling common access card (CAC) authentication.Nutanix Acropolis Application Server Security Technical Implementation Guide V-273204CAT IIOkta must be configured to accept Personal Identity Verification (PIV) credentials.Okta Identity as a Service (IDaaS) Security Technical Implementation Guide V-253539CAT IIPrisma Cloud Compute must be configured to require local user accounts to use x.509 multifactor authentication.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-257543CAT IOpenShift must use FIPS validated LDAP or OpenIDConnect.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-254093CAT IInnoslate must use multifactor authentication for network access to privileged and non-privileged accounts.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-241005CAT IICommon Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.0 Security Technical Implementation Guide V-234066CAT IICommon Access Card (CAC)-based authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.3 Security Technical Implementation Guide V-254897CAT IIMultifactor authentication must be enabled and enforced on the Tanium Server for all access and all accounts.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-253800CAT IIThe Tanium application must accept Personal Identity Verification (PIV) credentials from other federal agencies.Tanium 7.x Security Technical Implementation Guide V-256324CAT IIThe vCenter Server must require multifactor authentication.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258910CAT IIThe vCenter Server must require multifactor authentication.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-269574CAT IXylok Security Suite must use a centralized user management solution.Xylok Security Suite 20.x Security Technical Implementation Guide