Dragos Platform must accept the DOD CAC or other PKI credential for identity management and personal authentication.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-271034	DRAG-OT-001750	SV-271034r1057745_rule		Medium

Description

The use of Personal Identity Verification (PIV) credentials facilitates standardization and reduces the risk of unauthorized access. PIV credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials. Satisfies: SRG-APP-000402, SRG-APP-000403, SRG-APP-000391, SRG-APP-000392, SRG-APP-000402, SRG-APP-000403, SRG-APP-000177, SRG-APP-000176, SRG-APP-000175, SRG-APP-000401

STIG	Date
Dragos Platform 2.x Security Technical Implementation Guide	2024-12-23

Details

Check Text (C-75077r1057743_chk)

Verify that Dragos is configured to use the DOD CAC or other PKI credential to log in to the application.

Log in to the application.

If DOD CAC or other PKI is not configured, this is a finding.

Fix Text (F-74978r1057744_fix)

Configure an SSO proxy service using LDAP to provide PKI credentials.