Dragos Platform must accept the DOD CAC or other PKI credential for identity management and personal authentication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-271034 | DRAG-OT-001750 | SV-271034r1057745_rule | CCI-002009 | medium |
| Description | ||||
| The use of Personal Identity Verification (PIV) credentials facilitates standardization and reduces the risk of unauthorized access. PIV credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials. Satisfies: SRG-APP-000402, SRG-APP-000403, SRG-APP-000391, SRG-APP-000392, SRG-APP-000402, SRG-APP-000403, SRG-APP-000177, SRG-APP-000176, SRG-APP-000175, SRG-APP-000401 | ||||
| STIG | Date | |||
| Dragos Platform 2.x Security Technical Implementation Guide | 2025-05-15 | |||
Details
Check Text (C-271034r1057745_chk)
Verify that Dragos is configured to use the DOD CAC or other PKI credential to log in to the application.
Log in to the application.
If DOD CAC or other PKI is not configured, this is a finding.
Fix Text (F-74978r1057744_fix)
Configure an SSO proxy service using LDAP to provide PKI credentials.