Description
Uniquely identify and authenticate [Assignment: organization-defined system services and applications] before establishing communications with devices, users, or other services or applications.
Supplemental Guidance
Services that may require identification and authentication include web applications using digital certificates or services or applications that query a database. Identification and authentication methods for services and applications include information from trusted third parties or use of authentication mechanisms such as tokens and digital certificates.
Changes from Rev 4
No significant changes from Rev 4.
MITRE ATT&CK Techniques (22)
ATT&CK v16.1Techniques mitigated by this control, mapped via CTID.
Reconnaissance 3 Initial Access 3 Execution 3 Persistence 5 Privilege Escalation 3 Defense Evasion 7 Collection 1
Reconnaissance
Persistence
Privilege Escalation
Defense Evasion
Collection
Compliance Mappings
COBIT 2019
DSS05
NIST CSF 2.0
PR.AA-03
IEC 62443
3-3 SR 1.2
MAS TRM
9
BSI IT-Grundschutz
ORP.4
RBI CSF
Annex1.11
HKMA TM-E-1
TME1.9.3
SAMA CSF
3.1
NCA ECC
5-1
UAE IA
T9
Qatar NIA
AC
CBUAE
CR-4
CBE CSF
CTO-1
BoM CTRM
3.3
HIPAA Security Rule
§164.312(d)
BOT Cyber Resilience
Ch2.2
CMMC 2.0
IA
FERC CIP Orders
Order 2222
Common Criteria
CC Part 2 — FIA
FDA 21 CFR Part 11
§11.10(h)
FDA Cybersecurity Guidance
SA-1