NIST CSF: PR.AC-6 Subcategory
From NIST's Cyber Security Framework (version 1):
Identities are proofed and bound to credentials and asserted in interactions
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Screening (7.1.1)
ISO 27001:2013 -
User registration and de-registration (9.2.1)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Authenticator management (SR 1.5)
ISA/IEC 62443-3-3:2013 -
Employ multiple authorization methods for critical IACS (4.3.3.7.4)
ISA/IEC 62443-2-1:2009 -
Identify individuals (4.3.3.5.2)
ISA/IEC 62443-2-1:2009 -
Establish appropriate logical and physical permission methods to access IACS devices (4.3.3.7.2)
ISA/IEC 62443-2-1:2009 -
Strength of public key authentication (SR 1.9)
ISA/IEC 62443-3-3:2013 -
Authorization enforcement (SR 2.1)
ISA/IEC 62443-3-3:2013 -
Identifier management (SR 1.4)
ISA/IEC 62443-3-3:2013 -
Screen personnel initially (4.3.3.2.2)
ISA/IEC 62443-2-1:2009 -
Software process and device identification and authentication (SR 1.2)
ISA/IEC 62443-3-3:2013 -
Human User Identification and Authentication (SR 1.1)
ISA/IEC 62443-3-3:2013
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1072 | Software Deployment Tools | Execution, Lateral Movement |
| T1110.001 | Password Guessing | Credential Access |
| T1558.004 | AS-REP Roasting | Credential Access |
| T1528 | Steal Application Access Token | Credential Access |
| T1599 | Network Boundary Bridging | Defense Evasion |
| T1599.001 | Network Address Translation Traversal | Defense Evasion |
| T1563.001 | SSH Hijacking | Lateral Movement |
| T1098.003 | Additional Cloud Roles | Persistence, Privilege Escalation |
| T1098.002 | Additional Email Delegate Permissions | Persistence, Privilege Escalation |
| T1552.006 | Group Policy Preferences | Credential Access |
| T1110.002 | Password Cracking | Credential Access |
| T1552 | Unsecured Credentials | Credential Access |
| T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
| T1003.001 | LSASS Memory | Credential Access |
| T1558.001 | Golden Ticket | Credential Access |
| T1550.003 | Pass the Ticket | Defense Evasion, Lateral Movement |
| T1555.001 | Keychain | Credential Access |
| T1555.005 | Password Managers | Credential Access |
| T1003 | OS Credential Dumping | Credential Access |
| T1021 | Remote Services | Lateral Movement |
| T1530 | Data from Cloud Storage | Collection |
| T1558.003 | Kerberoasting | Credential Access |
| T1003.006 | DCSync | Credential Access |
| T1098.001 | Additional Cloud Credentials | Persistence, Privilege Escalation |
| T1552.004 | Private Keys | Credential Access |
| T1114 | Email Collection | Collection |
| T1601.002 | Downgrade System Image | Defense Evasion |
| T1003.004 | LSA Secrets | Credential Access |
| T1003.003 | NTDS | Credential Access |
| T1110.004 | Credential Stuffing | Credential Access |
| T1621 | Multi-Factor Authentication Request Generation | Credential Access |
| T1003.008 | /etc/passwd and /etc/shadow | Credential Access |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1136.001 | Local Account | Persistence |
| T1556.001 | Domain Controller Authentication | Credential Access, Defense Evasion, Persistence |
| T1552.002 | Credentials in Registry | Credential Access |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1556 | Modify Authentication Process | Credential Access, Defense Evasion, Persistence |
| T1111 | Multi-Factor Authentication Interception | Credential Access |
| T1556.004 | Network Device Authentication | Credential Access, Defense Evasion, Persistence |
| T1649 | Steal or Forge Authentication Certificates | Credential Access |
| T1555.004 | Windows Credential Manager | Credential Access |
| T1003.005 | Cached Domain Credentials | Credential Access |
| T1003.007 | Proc Filesystem | Credential Access |
| T1558.002 | Silver Ticket | Credential Access |
| T1078 | Valid Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1114.002 | Remote Email Collection | Collection |
| T1558 | Steal or Forge Kerberos Tickets | Credential Access |
| T1556.005 | Reversible Encryption | Credential Access, Defense Evasion, Persistence |
| T1552.001 | Credentials In Files | Credential Access |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| B2.d | Identity and Access Management (IdAM) | You closely manage and maintain identity and access control for users, devices and systems accessing the networks and information systems supporting the essential function. |
| B2.a | Identity Verification, Authentication and Authorisation | You robustly verify, authenticate and authorise access to the networks and information systems supporting your essential function. |
| B2.c | Privileged User Management | You closely manage privileged user access to networks and information systems supporting the essential function. |