NIST CSF: PR.AC-7 Subcategory

From NIST's Cyber Security Framework (version 1):

Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Search:

Node
IA-4: Identifier Management
IA-1: Policy and Procedures
AC-14: Permitted Actions Without Identification or Authentication
AC-9: Previous Logon Notification
IA-10: Adaptive Authentication
AC-12: Session Termination
IA-3: Device Identification and Authentication
IA-5: Authenticator Management
AC-8: System Use Notification
IA-9: Service Identification and Authentication
IA-11: Re-authentication
AC-7: Unsuccessful Logon Attempts
IA-2: Identification and Authentication (organizational Users)
AC-11: Device Lock
IA-8: Identification and Authentication (non-organizational Users)

Showing 1 to 15 of 15 entries

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Secure log-on procedures (9.4.2)
ISO 27001:2013
Management of secret authentication information of users (9.2.4)
ISO 27001:2013
Use of secret authentication information (9.3.1)
ISO 27001:2013
Privacy and protection of personally identifiable information (18.1.4)
ISO 27001:2013
Password management system (9.4.3)
ISO 27001:2013
User registration and de-registration (9.2.1)
ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Authenticate all users before system use (4.3.3.6.2)
ISA/IEC 62443-2-1:2009
Require strong authentication methods for system administration and application configuration (4.3.3.6.3)
ISA/IEC 62443-2-1:2009
Authenticate all remote users at the appropriate level (4.3.3.6.5)
ISA/IEC 62443-2-1:2009
Develop a policy for remote login and connections (4.3.3.6.6)
ISA/IEC 62443-2-1:2009
Public key infrastructure (PKI) certificates (SR 1.8)
ISA/IEC 62443-3-3:2013
Log and review all access attempts to critical systems (4.3.3.6.4)
ISA/IEC 62443-2-1:2009
Strength of password-based authentication (SR 1.7)
ISA/IEC 62443-3-3:2013
Disable access account after failed remote login attempts (4.3.3.6.7)
ISA/IEC 62443-2-1:2009
Authenticator feedback (SR 1.10)
ISA/IEC 62443-3-3:2013
Develop an authentication strategy (4.3.3.6.1)
ISA/IEC 62443-2-1:2009
Human User Identification and Authentication (SR 1.1)
ISA/IEC 62443-3-3:2013
Require re-authentication after remote system inactivity (4.3.3.6.8)
ISA/IEC 62443-2-1:2009
Authenticator management (SR 1.5)
ISA/IEC 62443-3-3:2013
Software process and device identification and authentication (SR 1.2)
ISA/IEC 62443-3-3:2013
Employ authentication for task-to task communication (4.3.3.6.9)
ISA/IEC 62443-2-1:2009
Strength of public key authentication (SR 1.9)
ISA/IEC 62443-3-3:2013

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

Search:

ATT&CK ID	Title	Associated Tactics
T1021.001	Remote Desktop Protocol	Lateral Movement
T1552	Unsecured Credentials	Credential Access
T1213.002	Sharepoint	Collection
T1053.005	Scheduled Task	Execution, Persistence, Privilege Escalation
T1213.001	Confluence	Collection
T1552.005	Cloud Instance Metadata API	Credential Access
T1547.006	Kernel Modules and Extensions	Persistence, Privilege Escalation
T1602.002	Network Device Configuration Dump	Collection
T1110.001	Password Guessing	Credential Access
T1110	Brute Force	Credential Access
T1053	Scheduled Task/Job	Execution, Persistence, Privilege Escalation
T1053.002	At	Execution, Persistence, Privilege Escalation
T1530	Data from Cloud Storage	Collection
T1110.002	Password Cracking	Credential Access
T1021.005	VNC	Lateral Movement
T1578.001	Create Snapshot	Defense Evasion
T1528	Steal Application Access Token	Credential Access
T1563	Remote Service Session Hijacking	Lateral Movement
T1562	Impair Defenses	Defense Evasion
T1543	Create or Modify System Process	Persistence, Privilege Escalation
T1003	OS Credential Dumping	Credential Access
T1602.001	SNMP (MIB Dump)	Collection
T1578	Modify Cloud Compute Infrastructure	Defense Evasion
T1578.003	Delete Cloud Instance	Defense Evasion
T1578.002	Create Cloud Instance	Defense Evasion
T1003.005	Cached Domain Credentials	Credential Access
T1537	Transfer Data to Cloud Account	Exfiltration
T1602	Data from Configuration Repository	Collection
T1110.004	Credential Stuffing	Credential Access
T1003.006	DCSync	Credential Access
T1213	Data from Information Repositories	Collection
T1110.003	Password Spraying	Credential Access
T1550.001	Application Access Token	Defense Evasion, Lateral Movement
T1137.002	Office Test	Persistence
T1185	Browser Session Hijacking	Collection
T1072	Software Deployment Tools	Execution, Lateral Movement
T1505.005	Terminal Services DLL	Persistence
T1563.002	RDP Hijacking	Lateral Movement
T1621	Multi-Factor Authentication Request Generation	Credential Access
T1558.004	AS-REP Roasting	Credential Access
T1599	Network Boundary Bridging	Defense Evasion
T1599.001	Network Address Translation Traversal	Defense Evasion
T1563.001	SSH Hijacking	Lateral Movement
T1098.003	Additional Cloud Roles	Persistence, Privilege Escalation
T1098.002	Additional Email Delegate Permissions	Persistence, Privilege Escalation
T1552.006	Group Policy Preferences	Credential Access
T1098.004	SSH Authorized Keys	Persistence, Privilege Escalation
T1003.001	LSASS Memory	Credential Access
T1558.001	Golden Ticket	Credential Access
T1550.003	Pass the Ticket	Defense Evasion, Lateral Movement

Showing 1 to 50 of 191 entries

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Search:

Control ID	Name	Description
B2.a	Identity Verification, Authentication and Authorisation	You robustly verify, authenticate and authorise access to the networks and information systems supporting your essential function.
B2.b	Device Management	You fully know and have trust in the devices that are used to access your networks, information systems and data that support your essential function.
B4.c	Secure Management	You manage your organisation's network and information systems that support the operation of essential functions to enable and maintain security.
B2.c	Privileged User Management	You closely manage privileged user access to networks and information systems supporting the essential function.
B3.c	Stored Data	You have protected stored data important to the operation of the essential function.
B2.d	Identity and Access Management (IdAM)	You closely manage and maintain identity and access control for users, devices and systems accessing the networks and information systems supporting the essential function.

Showing 1 to 6 of 6 entries

NIST CSF: PR.AC-7 Subcategory

Cyber Threat Graph Context

CSF Mapped to SP800-53 Controls

Related ISO 27001 Controls

Secure log-on procedures (9.4.2)

Management of secret authentication information of users (9.2.4)

Use of secret authentication information (9.3.1)

Privacy and protection of personally identifiable information (18.1.4)

Password management system (9.4.3)

User registration and de-registration (9.2.1)

Related ISA/IEC 62443 Controls

Authenticate all users before system use (4.3.3.6.2)

Require strong authentication methods for system administration and application configuration (4.3.3.6.3)

Authenticate all remote users at the appropriate level (4.3.3.6.5)

Develop a policy for remote login and connections (4.3.3.6.6)

Public key infrastructure (PKI) certificates (SR 1.8)

Log and review all access attempts to critical systems (4.3.3.6.4)

Strength of password-based authentication (SR 1.7)

Disable access account after failed remote login attempts (4.3.3.6.7)

Authenticator feedback (SR 1.10)

Develop an authentication strategy (4.3.3.6.1)

Human User Identification and Authentication (SR 1.1)

Require re-authentication after remote system inactivity (4.3.3.6.8)

Authenticator management (SR 1.5)

Software process and device identification and authentication (SR 1.2)

Employ authentication for task-to task communication (4.3.3.6.9)

Strength of public key authentication (SR 1.9)

MITRE ATT&CK Techniques

CSF Mapped to the NCSC CAF