Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The operating system must accept only external credentials that are NIST-compliant.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-263657 | SRG-OS-000745-GPOS-00210 | SV-263657r982559_rule | Medium |
| Description |
|---|
| Acceptance of only NIST-compliant external authenticators applies to organizational systems that are accessible to the public (e.g., public-facing websites). External authenticators are issued by nonfederal government entities and are compliant with [SP 800-63B]. Approved external authenticators meet or exceed the minimum federal government-wide technical, security, privacy, and organizational maturity requirements. Meeting or exceeding federal requirements allows federal government relying parties to trust external authenticators in connection with an authentication transaction at a specified authenticator assurance level. |
| STIG | Date |
|---|---|
| General Purpose Operating System Security Requirements Guide | 2024-07-02 |
Details
| Check Text ( C-67570r982558_chk ) |
|---|
| Verify the operating system is configured to accept only external credentials that are NIST-compliant. If the operating system is not configured to accept only external credentials that are NIST-compliant, this is a finding. |
| Fix Text (F-67478r982240_fix) |
|---|
| Configure the operating system to accept only external credentials that are NIST-compliant. |