All users must use PKI authentication for login and privileged access.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-58479 | AOSX-09-002055 | SV-72909r1_rule | Medium |
| Description |
|---|
| Password-based authentication has become a prime target for malicious actors. Multifactor authentication using PKI technologies mitigates most, if not all, risks associated with traditional password use. (Use of username and password for last-resort emergency access to a system for maintenance is acceptable, however.) |
| STIG | Date |
|---|---|
| Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide | 2017-01-05 |
Details
| Check Text ( C-59329r1_chk ) |
|---|
| Ask the SA or ISSO if an approved PKI authentication solution is implemented on the system for user logins and privileged access. If a non-emergency account can log into the system or gain privileged access without a smart card, this is a finding. |
| Fix Text (F-63817r1_fix) |
|---|
| Implement PKI authentication using approved third-party PKI tools, to integrate with an existing directory services infrastructure or local password database, where no directory services infrastructure exists. |