Rule ID
SV-276010r1122680_rule
Version
V1R2
CCIs
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. Factors include: (i) something a user knows (e.g., password/PIN); (ii) something a user has (e.g., cryptographic identification device, token); or (iii) something a user is (e.g., biometric). A privileged account is defined as an information system account with authorizations of a privileged user. Network access is defined as access to an information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, or the internet).
Have the system administrator (SA) demonstrate logging in to the Axonius host via Secure File Transfer Protocol (SFTP). Verify the SA is using a password-protected Secure Shell (SSH) key to log in to the system. If the SA is not using a password-protected SSH key to log in to the system, this is a finding.
From the Axonius Toolbox (accessed via SSH) Main Actions Menu, select the following options: System Actions >> Update files account SSH key Follow the on-screen prompts to configure key-based authentication.