💼 PR.AA-02: Identities are proofed and bound to credentials based on the context of interactions

• Contextual name: 💼 PR.AA-02: Identities are proofed and bound to credentials based on the context of interactions
• ID: /frameworks/nist-csf-v2.0/pr-aa/02
• Located in: 💼 Identity Management, Authentication, and Access Control (PR.AA)

Description

1. Verify a person's claimed identity at enrollment time using government-issued identity credentials (e.g., passport, visa, driver's license)
2. Issue a different credential for each person (i.e., no credential sharing)

Similar

• Sections
  • /frameworks/nist-csf-v1.1/pr-ac/06
  • /frameworks/nist-sp-800-53-r5/ia/12

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions		4	13
💼 NIST SP 800-53 Revision 5 → 💼 IA-12 Identity Proofing	6

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (13)

Policy	Logic Count	Flags
📝 AWS Account IAM Password Policy Number of passwords to remember is not set to 24 🟢	1	🟢 x6
📝 AWS EC2 Instance IAM role is not attached 🟢	1	🟢 x6
📝 AWS IAM User has inline or directly attached policies 🟢	1	🟠 x1, 🟢 x5
📝 AWS IAM User with console and programmatic access set during the initial creation 🟢		🟢 x3
📝 AWS S3 Bucket MFA Delete is not enabled 🟠🟢	1	🟠 x1, 🟢 x6
📝 Azure App Service Authentication is disabled and Basic Authentication is enabled 🟢	1	🟢 x6
📝 Azure App Service Basic Authentication is enabled 🟢		🟢 x3
📝 Consumer Google Accounts are used 🟢		🟢 x3
📝 Google Accounts are not configured with MFA 🟢		🟢 x3
📝 Google BigQuery Dataset is anonymously or publicly accessible 🟢	1	🟢 x6
📝 Google Cloud Audit Logging is not configured properly 🟢	1	🟢 x6
📝 Google Cloud MySQL Instance allows anyone to connect with administrative privileges 🟢		🟢 x3
📝 Google Storage Bucket is anonymously or publicly accessible 🟢	1	🟢 x6