The operating system must accept only external credentials that are NIST-compliant.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-263657	SRG-OS-000745-GPOS-00210	SV-263657r982559_rule		Medium

Description
Acceptance of only NIST-compliant external authenticators applies to organizational systems that are accessible to the public (e.g., public-facing websites). External authenticators are issued by nonfederal government entities and are compliant with [SP 800-63B]. Approved external authenticators meet or exceed the minimum federal government-wide technical, security, privacy, and organizational maturity requirements. Meeting or exceeding federal requirements allows federal government relying parties to trust external authenticators in connection with an authentication transaction at a specified authenticator assurance level.

Description

Acceptance of only NIST-compliant external authenticators applies to organizational systems that are accessible to the public (e.g., public-facing websites). External authenticators are issued by nonfederal government entities and are compliant with [SP 800-63B]. Approved external authenticators meet or exceed the minimum federal government-wide technical, security, privacy, and organizational maturity requirements. Meeting or exceeding federal requirements allows federal government relying parties to trust external authenticators in connection with an authentication transaction at a specified authenticator assurance level.

STIG	Date
General Purpose Operating System Security Requirements Guide	2024-07-02

Details

Check Text ( C-67570r982558_chk )
Verify the operating system is configured to accept only external credentials that are NIST-compliant. If the operating system is not configured to accept only external credentials that are NIST-compliant, this is a finding.

Fix Text (F-67478r982240_fix)
Configure the operating system to accept only external credentials that are NIST-compliant.