NIST CSF: PR.AC-1 Subcategory
From NIST's Cyber Security Framework (version 1):
Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
User access provisioning (9.2.2)
ISO 27001:2013 -
User registration and de-registration (9.2.1)
ISO 27001:2013 -
Secure log-on procedures (9.4.2)
ISO 27001:2013 -
Removal or adjustment of access rights (9.2.6)
ISO 27001:2013 -
Management of privileged access rights (9.2.3)
ISO 27001:2013 -
Use of secret authentication information (9.3.1)
ISO 27001:2013 -
Password management system (9.4.3)
ISO 27001:2013 -
Management of secret authentication information of users (9.2.4)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Identifier management (SR 1.4)
ISA/IEC 62443-3-3:2013 -
Authenticator management (SR 1.5)
ISA/IEC 62443-3-3:2013 -
Strength of password-based authentication (SR 1.7)
ISA/IEC 62443-3-3:2013 -
Strength of public key authentication (SR 1.9)
ISA/IEC 62443-3-3:2013 -
Access accounts implement authorization security policy (4.3.3.5.1)
ISA/IEC 62443-2-1:2009 -
Public key infrastructure (PKI) certificates (SR 1.8)
ISA/IEC 62443-3-3:2013 -
Account management (SR 1.3)
ISA/IEC 62443-3-3:2013 -
Software process and device identification and authentication (SR 1.2)
ISA/IEC 62443-3-3:2013 -
Human User Identification and Authentication (SR 1.1)
ISA/IEC 62443-3-3:2013
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1087.004 | Cloud Account | Discovery |
| T1197 | BITS Jobs | Defense Evasion, Persistence |
| T1538 | Cloud Service Dashboard | Discovery |
| T1552.006 | Group Policy Preferences | Credential Access |
| T1556 | Modify Authentication Process | Credential Access, Defense Evasion, Persistence |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1559.001 | Component Object Model | Execution |
| T1569.002 | Service Execution | Execution |
| T1213.003 | Code Repositories | Collection |
| T1563 | Remote Service Session Hijacking | Lateral Movement |
| T1562.006 | Indicator Blocking | Defense Evasion |
| T1556.001 | Domain Controller Authentication | Credential Access, Defense Evasion, Persistence |
| T1601.001 | Patch System Image | Defense Evasion |
| T1606.001 | Web Cookies | Credential Access |
| T1562.009 | Safe Mode Boot | Defense Evasion |
| T1003.002 | Security Account Manager | Credential Access |
| T1218 | System Binary Proxy Execution | Defense Evasion |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1542 | Pre-OS Boot | Defense Evasion, Persistence |
| T1601.002 | Downgrade System Image | Defense Evasion |
| T1543.004 | Launch Daemon | Persistence, Privilege Escalation |
| T1601 | Modify System Image | Defense Evasion |
| T1003.006 | DCSync | Credential Access |
| T1025 | Data from Removable Media | Collection |
| T1021.002 | SMB/Windows Admin Shares | Lateral Movement |
| T1003.003 | NTDS | Credential Access |
| T1078.003 | Local Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1599 | Network Boundary Bridging | Defense Evasion |
| T1569 | System Services | Execution |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1222 | File and Directory Permissions Modification | Defense Evasion |
| T1021.003 | Distributed Component Object Model | Lateral Movement |
| T1070.003 | Clear Command History | Defense Evasion |
| T1098.003 | Additional Cloud Roles | Persistence, Privilege Escalation |
| T1542.005 | TFTP Boot | Defense Evasion, Persistence |
| T1005 | Data from Local System | Collection |
| T1547.012 | Print Processors | Persistence, Privilege Escalation |
| T1562.002 | Disable Windows Event Logging | Defense Evasion |
| T1505.005 | Terminal Services DLL | Persistence |
| T1606.002 | SAML Tokens | Credential Access |
| T1556.006 | Multi-Factor Authentication | Credential Access, Defense Evasion, Persistence |
| T1070.001 | Clear Windows Event Logs | Defense Evasion |
| T1612 | Build Image on Host | Defense Evasion |
| T1578 | Modify Cloud Compute Infrastructure | Defense Evasion |
| T1134.002 | Create Process with Token | Defense Evasion, Privilege Escalation |
| T1185 | Browser Session Hijacking | Collection |
| T1552.001 | Credentials In Files | Credential Access |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1552.002 | Credentials in Registry | Credential Access |
| T1562.004 | Disable or Modify System Firewall | Defense Evasion |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| B2.b | Device Management | You fully know and have trust in the devices that are used to access your networks, information systems and data that support your essential function. |
| B2.a | Identity Verification, Authentication and Authorisation | You robustly verify, authenticate and authorise access to the networks and information systems supporting your essential function. |
| B2.c | Privileged User Management | You closely manage privileged user access to networks and information systems supporting the essential function. |
| B2.d | Identity and Access Management (IdAM) | You closely manage and maintain identity and access control for users, devices and systems accessing the networks and information systems supporting the essential function. |