Description
Require individuals accessing the system to employ [Assignment: organization-defined supplemental authentication techniques or mechanisms] under specific [Assignment: organization-defined circumstances or situations].
Supplemental Guidance
Adversaries may compromise individual authentication mechanisms employed by organizations and subsequently attempt to impersonate legitimate users. To address this threat, organizations may employ specific techniques or mechanisms and establish protocols to assess suspicious behavior. Adaptive authentication employs dynamic risk assessment to adjust authentication requirements.
Changes from Rev 4
New control in Rev 5.
Compliance Mappings
COBIT 2019
DSS05
MAS TRM
9
BSI IT-Grundschutz
ORP.4
RBI CSF
Annex1.9
HKMA TM-E-1
TME1.10.4TME1.8.3
SAMA CSF
3.1
UAE IA
T9
CBB TM
TM-6
Qatar NIA
AC
BoM CTRM
3.3
BOT Cyber Resilience
Ch2.2
CMMC 2.0
IA
Common Criteria
CC Part 2 — FIA
OWASP MASVS v2.1
MASVS-AUTH-3