Title

The Unified Communications Endpoint must use multifactor authentication for network access to nonprivileged accounts. (Cat II impact)

Discussion

To ensure accountability and prevent unauthenticated access, nonprivileged users must use multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: (i) Something you know (e.g., password/PIN); (ii) Something you have (e.g., cryptographic identification device, token); or (iii) Something you are (e.g., biometric). The DOD CAC with DOD-approved PKI is an example of multifactor authentication. Multifactor authentication is implemented most often with software type endpoints, as this can be implemented at the operating system level. More recent advances in hardware may allow implementation at the hardware endpoint.

Check Content

Verify the Unified Communications Endpoint uses multifactor authentication for network access to nonprivileged accounts. If the Unified Communications Endpoint does not use multifactor authentication for network access to nonprivileged accounts, this is a finding.

Fix Text

Configure the Unified Communications Endpoint to use multifactor authentication for network access to nonprivileged accounts.

Additional Identifiers

Rule ID: SRG-NET-000140-VVEP-00010_rule

Vulnerability ID: SRG-NET-000140-VVEP-00010

Group Title: SRG-NET-000140-VVEP-00010

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.