The operating system must accept only external credentials that are NIST-compliant.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-263657 | SRG-OS-000745-GPOS-00210 | SV-263657r982559_rule | CCI-004083 | medium |
| Description | ||||
| Acceptance of only NIST-compliant external authenticators applies to organizational systems that are accessible to the public (e.g., public-facing websites). External authenticators are issued by nonfederal government entities and are compliant with [SP 800-63B]. Approved external authenticators meet or exceed the minimum federal government-wide technical, security, privacy, and organizational maturity requirements. Meeting or exceeding federal requirements allows federal government relying parties to trust external authenticators in connection with an authentication transaction at a specified authenticator assurance level. | ||||
| STIG | Date | |||
| General Purpose Operating System Security Requirements Guide | 2024-12-04 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
IA-8(2)
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-004083
1.00
- DISA · 3 · disa_xccdf · related
Details
Check Text (C-263657r982559_chk)
Verify the operating system is configured to accept only external credentials that are NIST-compliant.
If the operating system is not configured to accept only external credentials that are NIST-compliant, this is a finding.
Fix Text (F-67478r982240_fix)
Configure the operating system to accept only external credentials that are NIST-compliant.