IA-2: Identification and Authentication (organizational Users)
From NIST's SP800-53:
Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| PR.AC-6 | Identities are proofed and bound to credentials and asserted in interactions |
| PR.AC-7 | Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks) |
| PR.AC-1 | Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1562.002 | Disable Windows Event Logging | Defense Evasion |
| T1547.006 | Kernel Modules and Extensions | Persistence, Privilege Escalation |
| T1021.006 | Windows Remote Management | Lateral Movement |
| T1072 | Software Deployment Tools | Execution, Lateral Movement |
| T1548.002 | Bypass User Account Control | Defense Evasion, Privilege Escalation |
| T1087.004 | Cloud Account | Discovery |
| T1218.007 | Msiexec | Defense Evasion |
| T1489 | Service Stop | Impact |
| T1134 | Access Token Manipulation | Defense Evasion, Privilege Escalation |
| T1098.001 | Additional Cloud Credentials | Persistence, Privilege Escalation |
| T1578.001 | Create Snapshot | Defense Evasion |
| T1574.012 | COR_PROFILER | Defense Evasion, Persistence, Privilege Escalation |
| T1136 | Create Account | Persistence |
| T1542 | Pre-OS Boot | Defense Evasion, Persistence |
| T1578.002 | Create Cloud Instance | Defense Evasion |
| T1555.005 | Password Managers | Credential Access |
| T1601.002 | Downgrade System Image | Defense Evasion |
| T1021.005 | VNC | Lateral Movement |
| T1552.002 | Credentials in Registry | Credential Access |
| T1036.007 | Double File Extension | Defense Evasion |
| T1218 | System Binary Proxy Execution | Defense Evasion |
| T1562.004 | Disable or Modify System Firewall | Defense Evasion |
| T1055 | Process Injection | Defense Evasion, Privilege Escalation |
| T1003.003 | NTDS | Credential Access |
| T1197 | BITS Jobs | Defense Evasion, Persistence |
| T1578 | Modify Cloud Compute Infrastructure | Defense Evasion |
| T1078.003 | Local Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1003.005 | Cached Domain Credentials | Credential Access |
| T1574.005 | Executable Installer File Permissions Weakness | Defense Evasion, Persistence, Privilege Escalation |
| T1110.002 | Password Cracking | Credential Access |
| T1543.003 | Windows Service | Persistence, Privilege Escalation |
| T1003.007 | Proc Filesystem | Credential Access |
| T1556.006 | Multi-Factor Authentication | Credential Access, Defense Evasion, Persistence |
| T1538 | Cloud Service Dashboard | Discovery |
| T1110.003 | Password Spraying | Credential Access |
| T1562.001 | Disable or Modify Tools | Defense Evasion |
| T1599.001 | Network Address Translation Traversal | Defense Evasion |
| T1210 | Exploitation of Remote Services | Lateral Movement |
| T1134.001 | Token Impersonation/Theft | Defense Evasion, Privilege Escalation |
| T1134.003 | Make and Impersonate Token | Defense Evasion, Privilege Escalation |
| T1185 | Browser Session Hijacking | Collection |
| T1136.003 | Cloud Account | Persistence |
| T1543.004 | Launch Daemon | Persistence, Privilege Escalation |
| T1613 | Container and Resource Discovery | Discovery |
| T1542.003 | Bootkit | Defense Evasion, Persistence |
| T1550.003 | Pass the Ticket | Defense Evasion, Lateral Movement |
| T1563 | Remote Service Session Hijacking | Lateral Movement |
| T1530 | Data from Cloud Storage | Collection |
| T1053.002 | At | Execution, Persistence, Privilege Escalation |