The IDPS must use multifactor authentication for network access to privileged accounts.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34633	SRG-NET-000139-IDPS-00103	SV-45508r1_rule		Medium

Description
Multifactor authentication uses two or more factors to achieve authentication. Factors include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). A privileged account is defined as: An information system account with authorizations of a privileged user. Network Access is defined as: Access to an information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet). Multifactor authentication provides strong protection for authentication mechanisms. Without a strong authentication method, the system is more easily breached by standard access control attacks.

Description

Multifactor authentication uses two or more factors to achieve authentication. Factors include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). A privileged account is defined as: An information system account with authorizations of a privileged user. Network Access is defined as: Access to an information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet). Multifactor authentication provides strong protection for authentication mechanisms. Without a strong authentication method, the system is more easily breached by standard access control attacks.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42857r1_chk )
If authentication functionality is provided by the underlying platform's account management system or by a network authentication server rather than the IDPS application itself, this is not a finding. Verify the configuration for the management console and sensors requires access by a DoD approved multifactor authentication (e.g., PKI, SecureID, or DoD Alternate Token) mechanism. If multifactor authentication is not used for network access to privileged accounts, this is a finding.

Check Text ( C-42857r1_chk )

If authentication functionality is provided by the underlying platform's account management system or by a network authentication server rather than the IDPS application itself, this is not a finding.

Verify the configuration for the management console and sensors requires access by a DoD approved multifactor authentication (e.g., PKI, SecureID, or DoD Alternate Token) mechanism.

If multifactor authentication is not used for network access to privileged accounts, this is a finding.

Fix Text (F-38905r1_fix)
Configure all accounts accessing the IDPS to use multifactor authentication (e.g., PKI, SecureID, or DoD Alternate Token).