An error occurred:

Check: SRG-APP-000154-AU-002360

Central Log Server SRG: SRG-APP-000154-AU-002360 (in versions v2 r2 through v1 r1)

Title

The Central Log Server must be configured to use multifactor authentication for network access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access. (Cat II impact)

Discussion

Using an authentication device, such as a CAC or token that is separate from the information system, ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device. Multifactor solutions that require devices separate from information systems gaining access include, for example, hardware tokens providing time-based or challenge-response authenticators and smart cards, such as the U.S. Government Personal Identity Verification card and the DoD common access card. A privileged account is any information system account with authorizations of a privileged user. Network access is any access to an application by a user (or process acting on behalf of a user) where said access is obtained through a network connection.

Check Content

Examine the configuration. Verify the Central Log Server is configured to use DoD PKI or another form of multifactor authentication for network access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access. If the Central Log Server is not configured to use multifactor authentication for network access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access, this is a finding.

Fix Text

This requirement applies to all privileged user accounts used for network logon to the application. Configure the Central Log Server to use DoD PKI or another form of multifactor authentication for network access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

Additional Identifiers

Rule ID: SV-206464r855294_rule

Vulnerability ID: V-206464

Group Title: SRG-APP-000154

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001936

The information system implements multifactor authentication for network access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-2 (6)

Network Access To Privileged Accounts - Separate Device