Check: OKTA-APP-001670
Okta Identity as a Service (IDaaS) STIG:
OKTA-APP-001670
(in version v1 r1)
Title
Okta must be configured to accept Personal Identity Verification (PIV) credentials. (Cat II impact)
Discussion
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DOD has mandated the use of the common access card (CAC) to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems. Satisfies: SRG-APP-000391, SRG-APP-000402, SRG-APP-000403
Check Content
From the Admin Console: 1. Go to Security >> Authenticators. 2. Verify that "Smart Card Authenticator" is listed and has "Status" listed as "Active". If "Smart Card Authenticator" is not listed or is not listed as "Active", this is a finding.
Fix Text
From the Admin Console: 1. Go to Security >> Authenticators. 2. In the "Setup" tab, click "Add authenticator". 3. Select the configured Smart Card Identity Provider and finish configuration.
Additional Identifiers
Rule ID: SV-273204r1098879_rule
Vulnerability ID: V-273204
Group Title: SRG-APP-000391
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001953 |
Accept Personal Identity Verification-compliant credentials. |
| CCI-002009 |
Accept Personal Identity Verification-compliant credentials from other federal agencies. |
| CCI-002010 |
Electronically verify Personal Identity Verification-compliant credentials from other federal agencies. |