The firewall implementation must use multifactor authentication for local access to privileged accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37173 | SRG-NET-000141-FW-000080 | SV-48934r1_rule | Medium |
| Description |
|---|
| Single-factor authentication poses unnecessary risk to the information system since most single-factor authentication methods use only a userid and password. Passwords are, in most cases, easily hacked with the right tools. Multifactor authentication utilizes multiple levels of identification and authorization criteria and provides a much stronger level of security than single-factor. As privileged users have access to most of the files on the platform, using a single-factor authentication approach provides an easy avenue of attack for a malicious user. Factors include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45498r1_chk ) |
|---|
| If authentication functionality is provided by the underlying platform's account management system or by a network authentication server rather than the firewall application itself, this is not a finding. Verify the configuration for the firewall requires access using a multifactor authentication mechanism (e.g., PKI or DoD Alternate Token). If multifactor authentication is not used for local access to privileged accounts, this is a finding. |
| Fix Text (F-42111r1_fix) |
|---|
| Configure local access to privileged accounts to use multifactor authentication (e.g., PKI or DoD Alternate Token). |