Rule ID
SV-279439r1191103_rule
Version
V1R1
Requiring a device separate from the system to which the user is attempting to gain access for one of the factors during MFA is to reduce the likelihood of compromising authenticators or credentials stored on the system. Adversaries may be able to compromise authenticators or credentials and subsequently impersonate authorized users. Implementing one of the factors on a separate device (e.g., a hardware token), provides a greater strength mechanism and an increased level of assurance in the authentication process. Satisfies: SRG-APP-000825-AS-000180, SRG-APP-000820-AS-000170
Confirm the Prism Element WebUI requires client authentication. 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to Authentication. 4. Click the "Client" tab. 5. Verify client authentication is enabled. If client authentication is not enabled, this is a finding.
Configure the Prism Element WebUI to require client authentication. 1. Log in to Prism Element. 2. Click the gear in the upper-right corner and navigate to Authentication. 3. Click the "Client" tab. 4. Select the "Configure Client Chain Certificate" check box. 5. Click "Choose File", browse to and select a client chain certificate to upload, and then click "Open" to upload the certificate. 6. Click "Enable Client Authentication".