CAF Outcome B2.a: Identity Verification, Authentication and Authorisation
From the UK NCSC's Cyber Assessment Framework (version 3.1):
You robustly verify, authenticate and authorise access to the networks and information systems supporting your essential function.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
NCSC CAF Mapped to NIST CSF
B2.a: Identity Verification, Authentication and Authorisation to CSF mappings generated from UK Cabinet Office table.
ATT&CK Mitigations
MITRE ATT&CK mitigations which map to this CAF outcome, based on mappings by Ofgem.
User Account Management
Manage the creation, modification, use, and permissions associated to user accounts.Restrict File and Directory Permissions
Restrict access by setting directory and file permissions that are not specific to users or privileged accounts.Multi-factor Authentication
Use two or more pieces of evidence to authenticate to a system; such as username and password in addition to a token from a physical smart card or token generator.Environment Variable Permissions
Prevent modification of environment variables by unauthorized users and groups.Audit
Perform audits or scans of systems, permissions, insecure software, insecure configurations, etc. to identify potential weaknesses.Operating System Configuration
Make configuration changes related to the operating system or a common feature of the operating system that result in system hardening against techniques.Restrict Registry Permissions
Restrict the ability to modify certain hives or keys in the Windows Registry.Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.
-
Authorization enforcement (SR 2.1)
ISA/IEC 62443-3-3:2013 -
Session lock (SR 2.5)
ISA/IEC 62443-3-3:2013 -
Use control for portable and mobile devices (SR 2.3)
ISA/IEC 62443-3-3:2013 -
Wireless access management (SR 1.6)
ISA/IEC 62443-3-3:2013 -
Session integrity (SR 3.8)
ISA/IEC 62443-3-3:2013 -
Authenticator management (SR 1.5)
ISA/IEC 62443-3-3:2013 -
Identifier management (SR 1.4)
ISA/IEC 62443-3-3:2013 -
Access via untrusted networks (SR 1.13)
ISA/IEC 62443-3-3:2013 -
Human User Identification and Authentication (SR 1.1)
ISA/IEC 62443-3-3:2013 -
Software process and device identification and authentication (SR 1.2)
ISA/IEC 62443-3-3:2013 -
Wireless use control (SR 2.2)
ISA/IEC 62443-3-3:2013 -
Authenticate all remote users at the appropriate level (4.3.3.6.5)
ISA/IEC 62443-2-1:2009 -
Identify individuals (4.3.3.5.2)
ISA/IEC 62443-2-1:2009 -
Suspend or remove unneeded accounts (4.3.3.5.5)
ISA/IEC 62443-2-1:2009 -
Employ multiple authorization methods for critical IACS (4.3.3.7.4)
ISA/IEC 62443-2-1:2009 -
Employ authentication for task-to task communication (4.3.3.6.9)
ISA/IEC 62443-2-1:2009 -
Require strong authentication methods for system administration and application configuration (4.3.3.6.3)
ISA/IEC 62443-2-1:2009 -
Audit account administration (4.3.3.5.8)
ISA/IEC 62443-2-1:2009 -
Authenticate all users before system use (4.3.3.6.2)
ISA/IEC 62443-2-1:2009 -
Review account permissions (4.3.3.5.6)
ISA/IEC 62443-2-1:2009 -
Establish appropriate logical and physical permission methods to access IACS devices (4.3.3.7.2)
ISA/IEC 62443-2-1:2009
Related ISO 27001 Controls
Clauses and controls from ISO 27001 (2013) which are related to this CAF outcome, taken from mappings by Ofgem.
-
Access to networks and network services (9.1.2)
ISO 27001:2013 -
Information access restriction (9.4.1)
ISO 27001:2013 -
Secure log-on procedures (9.4.2)
ISO 27001:2013 -
Network controls (13.1.1)
ISO 27001:2013 -
Review of user access rights (9.2.5)
ISO 27001:2013 -
Physical entry controls (11.1.2)
ISO 27001:2013 -
Securing offices, rooms, and facilities (11.1.3)
ISO 27001:2013
Related SP800-53 Controls
Generated from NISTs SP800-53/CSF Crosswalk mappings.
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on the above mappings to ATT&CK mitigations by Ofgem.