Okta must be configured to accept Personal Identity Verification (PIV) credentials.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-273204 | OKTA-APP-001670 | SV-273204r1098879_rule | CCI-001953 | medium |
| Description | ||||
| The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DOD has mandated the use of the common access card (CAC) to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems. Satisfies: SRG-APP-000391, SRG-APP-000402, SRG-APP-000403 | ||||
| STIG | Date | |||
| Okta Identity as a Service (IDaaS) Security Technical Implementation Guide | 2025-05-06 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
IA-2(12)
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-001953
1.00
- DISA · 1 · disa_xccdf · related
Details
Check Text (C-273204r1098879_chk)
From the Admin Console:
1. Go to Security >> Authenticators.
2. Verify that "Smart Card Authenticator" is listed and has "Status" listed as "Active".
If "Smart Card Authenticator" is not listed or is not listed as "Active", this is a finding.
Fix Text (F-77200r1098878_fix)
From the Admin Console:
1. Go to Security >> Authenticators.
2. In the "Setup" tab, click "Add authenticator".
3. Select the configured Smart Card Identity Provider and finish configuration.