Check: OSX8-00-02055
Apple OSX 10.8 STIG:
OSX8-00-02055
(in version v1 r2)
Title
All users must use PKI authentication for login and privileged access. (Cat II impact)
Discussion
Password-based authentication has become a prime target for malicious actors. Multifactor authentication using PKI technologies mitigates most, if not all, risks associated with traditional password use. (Use of username and password for last-resort emergency access to a system for maintenance is acceptable, however.)
Check Content
Ask the SA or IAO if an approved PKI authentication solution is implemented on the system for user logins and privileged access. If a non-emergency account can log into the system or gain privileged access without a smart card, this is a finding.
Fix Text
Implement PKI authentication using approved third-party PKI tools, to integrate with an existing directory services infrastructure or local password database, where no directory services infrastructure exists.
Additional Identifiers
Rule ID: SV-68083r1_rule
Vulnerability ID: V-53865
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |