UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

All users must use PKI authentication for login and privileged access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-67673 AOSX-11-002055 SV-82163r2_rule Medium
Description
Password-based authentication has become a prime target for malicious actors. Multifactor authentication using PKI technologies mitigates most, if not all, risks associated with traditional password use. (Use of username and password for last-resort emergency access to a system for maintenance is acceptable, however.)
STIG Date
Apple OS X 10.11 Security Technical Implementation Guide 2018-01-04

Details

Check Text ( C-68239r2_chk )
Ask the SA or ISSO if an approved PKI authentication solution is implemented on the system for user logins and privileged access.

If an account can log in to the system or gain privileged access without a smart card, and it is not an emergency account, this is a finding.
Fix Text (F-73787r1_fix)
Implement PKI authentication using approved third-party PKI tools, to integrate with an existing directory services infrastructure or local password database, where no directory services infrastructure exists.