The ALG providing user authentication intermediary services must use multifactor authentication for network access to non-privileged accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-204948 | SRG-NET-000140-ALG-000094 | SV-204948r954210_rule | CCI-000766 | medium |
| Description | ||||
| To assure accountability and prevent unauthenticated access, non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: 1) Something you know (e.g., password/PIN), 2) Something you have (e.g., cryptographic, identification device, token), and 3) Something you are (e.g., biometric) Non-privileged accounts are not authorized access to the network element regardless of access method. Network access is any access to an application by a user (or process acting on behalf of a user) where said access is obtained through a network connection. Authenticating with a PKI credential and entering the associated PIN is an example of multifactor authentication. This requirement applies to ALGs that provide user authentication intermediary services. | ||||
| STIG | Date | |||
| Application Layer Gateway Security Requirements Guide | 2024-12-04 | |||
Details
Check Text (C-204948r954210_chk)
If the ALG does not provide user authentication intermediary services, this is not applicable.
Verify the ALG is configured to use multifactor authentication for network access to non-privileged accounts.
If the ALG does not use multifactor authentication for network access to non-privileged accounts, this is a finding.
Fix Text (F-5216r395978_fix)
If user authentication intermediary services are provided, configure the ALG to use multifactor authentication for network access to non-privileged accounts.