Navigate

CCI-001938

CCI-001938 Definition

The organization defines the strength of mechanism requirements for the device that is separate from the system gaining access to non-privileged accounts.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

For the strength of mechanism requirements DoD has defined requirements as DoD PKI or a technology approved by their Authorizing Official, FIPS 140-2, NIAP Certification, or NSA approval.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. For the strength of mechanism requirements DoD has defined requirements as DoD PKI or a technology approved by their Authorizing Official, FIPS 140-2, NIAP Certification, or NSA approval.

Compelling Evidence

Automatically Compliant

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001938.

Control	Description
IA-2 (7)	The information system implements multifactor authentication for network access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access and the device meets [Assignment: organization-defined strength of mechanism requirements].