IA-11: Re-authentication
From NIST's SP800-53:
Require users to re-authenticate when [Assignment: organization-defined circumstances or situations requiring re-authentication].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| PR.AC-1 | Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes |
| PR.AC-7 | Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks) |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1110.001 | Password Guessing | Credential Access |
| T1556.006 | Multi-Factor Authentication | Credential Access, Defense Evasion, Persistence |
| T1110.003 | Password Spraying | Credential Access |
| T1110.002 | Password Cracking | Credential Access |
| T1110 | Brute Force | Credential Access |
| T1110.004 | Credential Stuffing | Credential Access |
| T1556.007 | Hybrid Identity | Credential Access, Defense Evasion, Persistence |