IA-3: Device Identification and Authentication

From NIST's SP800-53:

Uniquely identify and authenticate [Assignment: organization-defined devices and/or types of devices] before establishing a [Selection (one or more): local; remote; network] connection.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Search:

Control ID	Description
PR.AC-7	Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)
PR.AC-1	Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes

Showing 1 to 2 of 2 entries

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

Search:

ATT&CK ID	Title	Associated Tactics
T1552.005	Cloud Instance Metadata API	Credential Access
T1602.001	SNMP (MIB Dump)	Collection
T1552	Unsecured Credentials	Credential Access
T1602.002	Network Device Configuration Dump	Collection
T1621	Multi-Factor Authentication Request Generation	Credential Access
T1537	Transfer Data to Cloud Account	Exfiltration
T1602	Data from Configuration Repository	Collection
T1530	Data from Cloud Storage	Collection

Showing 1 to 8 of 8 entries