The VMM must use multifactor authentication for network access to privileged accounts.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-207387 | SRG-OS-000105 | SRG-OS-000105-VMM-000510 | SV-207387r958484_rule | 2025-09-10 | 2 |
Description
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased.
Multifactor authentication requires using two or more factors to achieve authentication.
Factors include:
(i) something a user knows (e.g., password/PIN);
(ii) something a user has (e.g., cryptographic identification device, token); or
(iii) something a user is (e.g., biometric).
A privileged account is defined as a VMM account with authorizations of a privileged user.
Network access is defined as access to a VMM by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, or the Internet).
The DoD CAC with DoD-approved PKI is an example of multifactor authentication.
ℹ️ Check
Verify the VMM uses multifactor authentication for network access to privileged accounts.
If it does not, this is a finding.
✔️ Fix
Configure the VMM to use multifactor authentication for network access to privileged accounts.