| Checked | Name | Title |
|---|
| ☐ | SV-90593r1_rule | CounterACT, when providing user access control intermediary services, must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the network. |
| ☐ | SV-90619r1_rule | CounterACT, when providing user access control intermediary services, must retain the Standard Mandatory DoD-approved Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access. |
| ☐ | SV-90621r1_rule | CounterACT, when providing user access control intermediary services for publicly accessible applications, must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system. |
| ☐ | SV-90623r1_rule | CounterACT must send an alert to, at a minimum, the ISSO and SCA when an audit processing failure occurs. |
| ☐ | SV-90625r1_rule | If user authentication services are provided, CounterACT must be configured with a pre-established trust relationship and mechanisms with a central directory service that validates user account access authorizations and privileges. |
| ☐ | SV-90627r1_rule | If user authentication services are provided, CounterACT must restrict user authentication traffic to specific authentication server(s). |
| ☐ | SV-90629r1_rule | CounterACT, when providing user authentication intermediary services, must implement replay-resistant authentication mechanisms for network access to non-privileged accounts. |
| ☐ | SV-90631r1_rule | CounterACT must off-load audit records onto a centralized log server. |
| ☐ | SV-90873r1_rule | CounterACT, when providing user authentication intermediary services, must require users to reauthenticate when organization-defined circumstances or situations require reauthentication. |
| ☐ | SV-90875r1_rule | CounterACT, when providing user authentication intermediary services, must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access. |
| ☐ | SV-90877r1_rule | CounterACT must off-load audit records onto a centralized log server in real time. |
| ☐ | SV-90879r2_rule | CounterACT must use an Enterprise Manager or other high availability solution to ensure redundancy in case of audit failure in this critical network access control and security service. |
STIGQter: STIG Summary: