TCMax must accept personal identity verification (PIV) credentials.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-281377 | SRG-APP-000391 | TCMA-09-000165 | SV-281377r1186158_rule | 2026-03-05 | 1 |
Description
Using PIV credentials facilitates standardization and reduces the risk of unauthorized access.
DOD has mandated using the common access card (CAC) to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems.
Satisfies: SRG-APP-000391, SRG-APP-000392
ℹ️ Check
Using an account of appropriate privileges to access TCMax, go to Settings >> Options.
Under "Login and User Options", if "Link Windows IDs to TCMax user accounts" is not checked, this is a finding.
If "Close TCMax when Windows user account is locked" is not checked, this is a finding.
✔️ Fix
1. Using an account of appropriate privileges to access TCMax, go to Settings >> Options.
2. Under "Login and User Options", check the box for "Link Windows IDs to TCMax user accounts".
3. Check the box for "Close TCMax when Windows user account is locked".
4. Click "Save".