Skip to main content

💼 PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions

  • ID: /frameworks/nist-csf-v1.1/pr-ac/06

Description

Empty...

Similar

  • Sections
    • /frameworks/iso-iec-27001-2013/07/01/01
    • /frameworks/iso-iec-27001-2013/09/02/01
    • /frameworks/nist-sp-800-53-r4/ac/01
    • /frameworks/nist-sp-800-53-r4/ac/02
    • /frameworks/nist-sp-800-53-r4/ac/03
    • /frameworks/nist-sp-800-53-r4/ac/16
    • /frameworks/nist-sp-800-53-r4/ac/19
    • /frameworks/nist-sp-800-53-r4/ac/24
    • /frameworks/nist-sp-800-53-r4/ia/01
    • /frameworks/nist-sp-800-53-r4/ia/02
    • /frameworks/nist-sp-800-53-r4/ia/04
    • /frameworks/nist-sp-800-53-r4/ia/05
    • /frameworks/nist-sp-800-53-r4/ia/08
    • /frameworks/nist-sp-800-53-r4/pe/02
    • /frameworks/nist-sp-800-53-r4/ps/03
  • Internal
    • ID: dec-c-f39f2c6f

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 ISO/IEC 27001:2013 → 💼 A.7.1.1 Screeningno data
💼 ISO/IEC 27001:2013 → 💼 A.9.2.1 User registration and de-registration11no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-1 ACCESS CONTROL POLICY AND PROCEDURESno data
💼 NIST SP 800-53 Revision 4 → 💼 AC-2 ACCOUNT MANAGEMENT1336no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-3 ACCESS ENFORCEMENT102no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-16 SECURITY ATTRIBUTES10no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-19 ACCESS CONTROL FOR MOBILE DEVICES5no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-24 ACCESS CONTROL DECISIONS2no data
💼 NIST SP 800-53 Revision 4 → 💼 IA-1 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURESno data
💼 NIST SP 800-53 Revision 4 → 💼 IA-2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)1312no data
💼 NIST SP 800-53 Revision 4 → 💼 IA-4 IDENTIFIER MANAGEMENT7no data
💼 NIST SP 800-53 Revision 4 → 💼 IA-5 AUTHENTICATOR MANAGEMENT1522no data
💼 NIST SP 800-53 Revision 4 → 💼 IA-8 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)5no data
💼 NIST SP 800-53 Revision 4 → 💼 PE-2 PHYSICAL ACCESS AUTHORIZATIONS3no data
💼 NIST SP 800-53 Revision 4 → 💼 PS-3 PERSONNEL SCREENING3no data

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v2.0 → 💼 PR.AA-02: Identities are proofed and bound to credentials based on the context of interactions13no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (13)

PolicyLogic CountFlagsCompliance
🛡️ AWS Account IAM Password Policy Number of passwords to remember is not set to 24🟢1🟢 x6no data
🛡️ AWS EC2 Instance IAM role is not attached🟢1🟢 x6no data
🛡️ AWS IAM User has inline or directly attached policies🟢1🟠 x1, 🟢 x5no data
🛡️ AWS IAM User with console and programmatic access set during the initial creation🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS S3 Bucket MFA Delete is not enabled🟠🟢1🟠 x1, 🟢 x6no data
🛡️ Azure App Service Authentication is disabled and Basic Authentication is enabled🟢1🟢 x6no data
🛡️ Azure App Service Basic Authentication is enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ Consumer Google Accounts are used🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google Accounts are not configured with MFA🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google BigQuery Dataset is anonymously or publicly accessible🟢1🟢 x6no data
🛡️ Google Cloud Audit Logging is not configured properly🟢1🟢 x6no data
🛡️ Google Cloud MySQL Instance allows anyone to connect with administrative privileges🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google Storage Bucket is anonymously or publicly accessible🟢1🟢 x6no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-6c93750d1
✉️ dec-x-4157c58a1
✉️ dec-x-ca52f63a2
✉️ dec-z-79f4ab881