Skip to main content

💼 PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals' security and privacy risks and other organizational risks)

  • ID: /frameworks/nist-csf-v1.1/pr-ac/07

Description

Empty...

Similar

  • Sections
    • /frameworks/iso-iec-27001-2013/09/02/01
    • /frameworks/iso-iec-27001-2013/09/02/04
    • /frameworks/iso-iec-27001-2013/09/03/01
    • /frameworks/iso-iec-27001-2013/09/04/02
    • /frameworks/iso-iec-27001-2013/09/04/03
    • /frameworks/iso-iec-27001-2013/18/01/04
    • /frameworks/nist-sp-800-53-r4/ac/07
    • /frameworks/nist-sp-800-53-r4/ac/08
    • /frameworks/nist-sp-800-53-r4/ac/09
    • /frameworks/nist-sp-800-53-r4/ac/11
    • /frameworks/nist-sp-800-53-r4/ac/12
    • /frameworks/nist-sp-800-53-r4/ac/14
    • /frameworks/nist-sp-800-53-r4/ia/01
    • /frameworks/nist-sp-800-53-r4/ia/02
    • /frameworks/nist-sp-800-53-r4/ia/03
    • /frameworks/nist-sp-800-53-r4/ia/04
    • /frameworks/nist-sp-800-53-r4/ia/05
    • /frameworks/nist-sp-800-53-r4/ia/08
    • /frameworks/nist-sp-800-53-r4/ia/09
    • /frameworks/nist-sp-800-53-r4/ia/10
    • /frameworks/nist-sp-800-53-r4/ia/11
  • Internal
    • ID: dec-c-72060d27

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 ISO/IEC 27001:2013 → 💼 A.9.2.1 User registration and de-registration11no data
💼 ISO/IEC 27001:2013 → 💼 A.9.2.4 Management of secret authentication information of users810no data
💼 ISO/IEC 27001:2013 → 💼 A.9.3.1 Use of secret authentication information33no data
💼 ISO/IEC 27001:2013 → 💼 A.9.4.2 Secure log-on procedures1no data
💼 ISO/IEC 27001:2013 → 💼 A.9.4.3 Password management system11no data
💼 ISO/IEC 27001:2013 → 💼 A.18.1.4 Privacy and protection of personally identifiable informationno data
💼 NIST SP 800-53 Revision 4 → 💼 AC-7 UNSUCCESSFUL LOGON ATTEMPTS2no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-8 SYSTEM USE NOTIFICATIONno data
💼 NIST SP 800-53 Revision 4 → 💼 AC-9 PREVIOUS LOGON (ACCESS) NOTIFICATION4no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-11 SESSION LOCK1no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-12 SESSION TERMINATION1no data
💼 NIST SP 800-53 Revision 4 → 💼 AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION1no data
💼 NIST SP 800-53 Revision 4 → 💼 IA-1 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURESno data
💼 NIST SP 800-53 Revision 4 → 💼 IA-2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)1312no data
💼 NIST SP 800-53 Revision 4 → 💼 IA-3 DEVICE IDENTIFICATION AND AUTHENTICATION411no data
💼 NIST SP 800-53 Revision 4 → 💼 IA-4 IDENTIFIER MANAGEMENT7no data
💼 NIST SP 800-53 Revision 4 → 💼 IA-5 AUTHENTICATOR MANAGEMENT1522no data
💼 NIST SP 800-53 Revision 4 → 💼 IA-8 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS)5no data
💼 NIST SP 800-53 Revision 4 → 💼 IA-9 SERVICE IDENTIFICATION AND AUTHENTICATION2no data
💼 NIST SP 800-53 Revision 4 → 💼 IA-10 ADAPTIVE IDENTIFICATION AND AUTHENTICATIONno data
💼 NIST SP 800-53 Revision 4 → 💼 IA-11 RE-AUTHENTICATIONno data

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v2.0 → 💼 PR.AA-03: Users, services, and hardware are authenticated53no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (23)

PolicyLogic CountFlagsCompliance
🛡️ AWS Account IAM Password Policy Number of passwords to remember is not set to 24🟢1🟢 x6no data
🛡️ AWS Account Root User credentials were used is the last 30 days🟢1🟢 x6no data
🛡️ AWS EC2 Instance IAM role is not attached🟢1🟢 x6no data
🛡️ AWS IAM Policy allows full administrative privileges🟢1🟢 x6no data
🛡️ AWS IAM Server Certificate is expired🟢1🟢 x6no data
🛡️ AWS IAM User Access Keys are not rotated every 90 days or less🟢1🟢 x6no data
🛡️ AWS IAM User has inline or directly attached policies🟢1🟠 x1, 🟢 x5no data
🛡️ AWS IAM User has more than one active access key🟢1🟢 x6no data
🛡️ AWS IAM User MFA is not enabled for all users with console password🟢1🟢 x6no data
🛡️ AWS IAM User with console and programmatic access set during the initial creation🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS KMS Symmetric CMK Rotation is not enabled🟢1🟢 x6no data
🛡️ AWS S3 Bucket MFA Delete is not enabled🟠🟢1🟠 x1, 🟢 x6no data
🛡️ Azure App Service Authentication is disabled and Basic Authentication is enabled🟢1🟢 x6no data
🛡️ Azure App Service Basic Authentication is enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure App Service is not registered with Microsoft Entra ID🟢1🟢 x6no data
🛡️ Azure Key Vault Soft Delete and Purge Protection functions are not enabled🟢1🟢 x6no data
🛡️ Azure Non-RBAC Key Vault stores Keys without expiration date🟢1🟢 x6no data
🛡️ Azure Non-RBAC Key Vault stores Secrets without expiration date🟢1🟢 x6no data
🛡️ Azure RBAC Key Vault stores Keys without expiration date🟢1🟢 x6no data
🛡️ Azure RBAC Key Vault stores Secrets without expiration date🟢1🟢 x6no data
🛡️ Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP)🟢1🟢 x6no data
🛡️ Consumer Google Accounts are used🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google Accounts are not configured with MFA🟢⚪🟢 x2, ⚪ x1no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-0be4dfe51
✉️ dec-x-0feec7902
✉️ dec-x-1fc681bc1
✉️ dec-x-4d6fee7a1
✉️ dec-x-6c93750d1
✉️ dec-x-12a853391
✉️ dec-x-82ca41272
✉️ dec-x-157aa4b91
✉️ dec-x-0289e9c91
✉️ dec-x-4157c58a1
✉️ dec-x-307950161
✉️ dec-x-b10e98af1
✉️ dec-x-b92b08f41
✉️ dec-x-bcb0c78f1
✉️ dec-x-ca52f63a2
✉️ dec-x-e58fd8e01
✉️ dec-x-f7c2faac1
✉️ dec-z-79f4ab881
✉️ dec-z-bb7312921